Senior Software Engineer - SIEM

Job Req ID: 32810

Posting Date: 1 May 2024

Function: Software Engineering

Unit: Networks

Location:

Snowhill, Birmingham, United Kingdom

Salary: Competitive

Why this job matters

Your role as a Software Engineering Professional in the SIEM Platform team, within Secure Development is to support the development, implementation, operation and support of BTs Strategic SIEM development.

We are seeking a skilled SIEM Development Engineer with expertise in Elasticsearch to join our dynamic team. As a SIEM engineer, you will play a critical role in designing, developing, and maintaining our security information and event management (SIEM) system. Your focus will be on leveraging Elasticsearch and related technologies to enhance threat detection, incident response, and overall security posture.

What you’ll be doing

•   Data Ingestion and Enrichment:
o   Configure Elasticsearch pipelines for data ingestion from various sources, primarily from Kafka
o   Enhance data enrichment by integrating threat intelligence feeds and contextual information.
•   SIEM Solution Development:
o   Collaborate with security analysts and architects to design and implement SIEM solutions using Elasticsearch.
o   Optimize SIEM rules, alerts, and dashboards for efficient threat detection.
•   Query Optimization and Performance Tuning:
o   Write efficient Elasticsearch queries to retrieve relevant security events.
o   Monitor and manage the performance of the SIEM infrastructure.
•   Security Engineering:
o   Contribute to security engineering projects, transitions, and transformations.
o   Work closely with security operations and associated security incident response systems
o   Stay informed about emerging threats and security best practices.
•   Keep abreast of relevant technologies in the area. This may entail the following: reading, attending briefings and talks.
•   Contribute to the running of your team. This entails participating (1) in knowledge-sharing, (2) in team discussions, (3) in defining and improving working procedures and (4) in organisation of team events.
•   Help colleagues in the team to grow by mentoring when required.
•   Keep abreast of relevant news and updates at BT. This may entail the following: attending briefings and talks.
•   Agree personal goals with the Team Lead for the year and work towards achieving these.

You'll have the following experience

•   ETL Processes with Logstash
Design, develop, and maintain data pipelines using Logstash, part of the Elastic Stack.
Automate data ingestion, transformation, and loading tasks.
•   Beats for Data Collection
Configure and manage Beats (Filebeat, Metricbeat, etc.) for collecting data from various sources (logs, metrics, etc.).
Ensure seamless data flow from endpoints to the Elastic Stack.
Data Cleaning and Enrichment with Elasticsearch
Utilize Elasticsearch for efficient data storage and retrieval.
Implement data validation, enrichment, and indexing.
Collaborate with data analysts to create meaningful search experiences.
•   Database Architecture and Scaling with Elasticsearch
Optimize data storage and retrieval mechanisms within Elasticsearch clusters.
Implement sharding, replication, and index management strategies.
•   Security and Compliance with Elastic Security
Set up access controls, authentication, and encryption using Elastic Security features.
Ensure compliance with data protection regulations.
•   Performance Tuning with Elasticsearch and Logstash
Fine-tune query performance using Elasticsearch indices and mappings.
Monitor Logstash pipelines and optimize resource utilization.
•   Kibana Visualization and Monitoring
Leverage Kibana for data visualization, dashboards, and real-time monitoring.
Create custom visualizations to track data quality metrics and system performance.
•   Kafka integration (optional)

Our leadership standards

Looking in:
Leading inclusively and Safely
I inspire and build trust through self-awareness, honesty and integrity.
Owning outcomes
I take the right decisions that benefit the broader organisation.

Looking out:
Delivering for the customer
I execute brilliantly on clear priorities that add value to our customers and the wider business.
Commercially savvy
I demonstrate strong commercial focus, bringing an external perspective to decision-making.

Looking to the future:
Growth mindset
I experiment and identify opportunities for growth for both myself and the organisation.
Building for the future
I build diverse future-ready teams where all individuals can be at their best.

Provider	Description	Enabled
Vimeo	Vimeo is a video hosting, sharing and services platform focused on the delivery of video. Opting out of Vimeo cookies will disable your ability to watch or interact with Vimeo videos. Cookie Policy Privacy Policy Terms and Conditions
YouTube	YouTube is a video-sharing service where users can create their own profile, upload videos, watch, like and comment on videos. Opting out of YouTube cookies will disable your ability to watch or interact with YouTube videos. Cookie Policy Privacy Policy Terms and Conditions

Provider	Description	Enabled
Google Tag Manager	Google Tag Manager is a tag management system for conversion tracking, site analytics, remarketing and more. Privacy Policy Terms and Conditions
LinkedIn	LinkedIn is an employment-oriented social networking service. We use the Apply with LinkedIn feature to allow you to apply for jobs using your LinkedIn profile. Opting out of LinkedIn cookies will disable your ability to use Apply with LinkedIn. Cookie Policy Cookie Table Privacy Policy Terms and Conditions