N Consulting Global
Senior SIEM Technical SME
⭐ - Featured Role | Apply direct with Data Freelance Hub
This role is for a Senior SIEM Technical SME, hybrid position in Guildford. Contract length is open, with a pay rate TBD. Key skills include strong Microsoft Sentinel experience, SIEM onboarding ownership, and expertise in ingestion methods. Financial services experience is a plus.
🌎 - Country
United Kingdom
💱 - Currency
£ GBP
-
💰 - Day rate
Unknown
-
🗓️ - Date
April 11, 2026
🕒 - Duration
Unknown
-
🏝️ - Location
Hybrid
-
📄 - Contract
Unknown
-
🔒 - Security
Unknown
-
📍 - Location detailed
Surrey, England, United Kingdom
-
🧠 - Skills detailed
#Splunk #Automation #Data Quality #AI (Artificial Intelligence) #Cloud #Logging #Security #Scala #Monitoring #Scripting #Leadership
Role description
Role: Senior SIEM Technical SME
Location: Guildford Business Park Guildford Surrey GU2 8XG
Is it Permanent / Contract: Open for both
Is it Onsite/Remote/Hybrid: Hybrid
Job Description
Senior SIEM Technical SME
We are hiring a Senior SIEM Technical SME to own and drive onboarding, reliability, and effectiveness of our centralised security monitoring platforms. This is a hands‑on engineering and ownership role, not a SOC analyst position. The candidate must be strong in Microsoft Sentinel, able to lead end‑to‑end log onboarding (cloud and on‑prem), and confidently steer application, platform, and security teams through ingestion design, data quality, and operational readiness. Experience with modern ingestion methods (AMA, DCRs, syslog/CEF, Event Hub) and integrating SIEM outputs into SOC and ServiceNow/ITIL workflows is critical. Google SecOps (Chronicle) experience is a plus. We are looking for someone who has owned SIEM platforms, not just used them, and who can balance detection engineering with platform health, scalability, and stakeholder influence.
Recruiter‑Filter:
Mandatory requirement/questions
1. Do you personally led end‑to‑end log onboarding into Microsoft Sentinel (not just used existing logs)?
1. Have you configured or worked hands‑on with at least one of the following: AMA, DCRs, syslog/CEF, or Event Hub ingestion?
1. Hands‑on experience required.
1. Have you acted as the technical authority for a SIEM platform (e.g. making decisions on what logs to onboard, how data is structured, and how incidents flow to ServiceNow or ticketing systems)?
1. We are looking for an SME not an Engineer.
1. Do you have candidate have strong experience with Microsoft Sentinel? This is a must have
Strong Preference:
1. Have you worked with more than one SIEM platform (e.g. Sentinel and Google SecOps, Splunk, QRadar)?
1. Have you worked closely with application teams to design logging for security monitoring?
Mandatory Requirements
• Strong, hands‑on Microsoft Sentinel experience
• Ownership of SIEM onboarding (not just alert consumption)
• Real experience with modern ingestion methods (AMA/DCR/syslog/CEF/Event Hub)
• Ability to steer and challenge application + security teams
• Understanding of platform reliability and data quality, not just detection logic
Concedable Requirements:
• Google SecOps (Chronicle) if has:
• Strong multi‑SIEM mindset
• Experience migrating or operating more than one SIEM
• Ability to learn new platforms quickly
• Copilot / AI Tooling if has:
• Used automation and scripting today
• Shows good judgement, not hype dependency
• Open to AI‑assisted workflows
• Industry Background if has:
• Some Financial services experience is helpful, not essential)
Conditional Requirements:
• Detection Engineering Depth
• Should show: Strong ingestion, platform ownership, and stakeholder leadership
• ServiceNow Depth
• Have integrated SIEM outputs into some ITSM platform
• Understand workflow design even if tooling differs
Role: Senior SIEM Technical SME
Location: Guildford Business Park Guildford Surrey GU2 8XG
Is it Permanent / Contract: Open for both
Is it Onsite/Remote/Hybrid: Hybrid
Job Description
Senior SIEM Technical SME
We are hiring a Senior SIEM Technical SME to own and drive onboarding, reliability, and effectiveness of our centralised security monitoring platforms. This is a hands‑on engineering and ownership role, not a SOC analyst position. The candidate must be strong in Microsoft Sentinel, able to lead end‑to‑end log onboarding (cloud and on‑prem), and confidently steer application, platform, and security teams through ingestion design, data quality, and operational readiness. Experience with modern ingestion methods (AMA, DCRs, syslog/CEF, Event Hub) and integrating SIEM outputs into SOC and ServiceNow/ITIL workflows is critical. Google SecOps (Chronicle) experience is a plus. We are looking for someone who has owned SIEM platforms, not just used them, and who can balance detection engineering with platform health, scalability, and stakeholder influence.
Recruiter‑Filter:
Mandatory requirement/questions
1. Do you personally led end‑to‑end log onboarding into Microsoft Sentinel (not just used existing logs)?
1. Have you configured or worked hands‑on with at least one of the following: AMA, DCRs, syslog/CEF, or Event Hub ingestion?
1. Hands‑on experience required.
1. Have you acted as the technical authority for a SIEM platform (e.g. making decisions on what logs to onboard, how data is structured, and how incidents flow to ServiceNow or ticketing systems)?
1. We are looking for an SME not an Engineer.
1. Do you have candidate have strong experience with Microsoft Sentinel? This is a must have
Strong Preference:
1. Have you worked with more than one SIEM platform (e.g. Sentinel and Google SecOps, Splunk, QRadar)?
1. Have you worked closely with application teams to design logging for security monitoring?
Mandatory Requirements
• Strong, hands‑on Microsoft Sentinel experience
• Ownership of SIEM onboarding (not just alert consumption)
• Real experience with modern ingestion methods (AMA/DCR/syslog/CEF/Event Hub)
• Ability to steer and challenge application + security teams
• Understanding of platform reliability and data quality, not just detection logic
Concedable Requirements:
• Google SecOps (Chronicle) if has:
• Strong multi‑SIEM mindset
• Experience migrating or operating more than one SIEM
• Ability to learn new platforms quickly
• Copilot / AI Tooling if has:
• Used automation and scripting today
• Shows good judgement, not hype dependency
• Open to AI‑assisted workflows
• Industry Background if has:
• Some Financial services experience is helpful, not essential)
Conditional Requirements:
• Detection Engineering Depth
• Should show: Strong ingestion, platform ownership, and stakeholder leadership
• ServiceNow Depth
• Have integrated SIEM outputs into some ITSM platform
• Understand workflow design even if tooling differs
