Lead SIEM Engineer, Glasgow
Cyber Response Platforms is looking for an experienced (10-13 years) cyber-security professional to join their team as a SIEM lead. Our ideal candidate has hands-on experience in computer network defence working either in a Security Operations Center or Cyber Incident Response Team. You will lead a team of technologists and cyber-security professionals that are dedicated to improving the coverage, quality and automation of cyber-security detection and response.

Primary Responsibilities:

Supervise and govern the development of analytics in Splunk (SPL) or Elastic Search (EQL) to detect actionable security alerts
Develop and fine-tune advanced detection rules, alerting mechanisms, and use cases to identify and respond to sophisticated security threats
Create comprehensive security metrics, reports, dashboards, providing detailed insights into the organization's security posture
Ensure that the SIEM solution complies with global regulatory standards and industry best practices
Mentor and guide SIEM engineers, fostering a culture of continuous learning and development within the team
Participate in the development of the organization's security strategy and contribute to its execution
Monitor and support SIEM platforms to ensure security and stability of SOC infrastructure

Additional Leadership Responsibilities:

Provide day-to-day leadership and oversight for the SIEM engineering team, ensuring alignment with strategic goals and operational priorities
Facilitate regular team standups, retrospectives, and planning sessions to promote transparency and accountability
Coach team members on technical and professional growth, offering constructive feedback and career development support
Champion a collaborative and inclusive team culture that encourages innovation, ownership, and continuous improvement
Identify and address skill gaps through targeted training, mentoring, and knowledge-sharing initiatives
Act as a point of escalation for technical challenges and team dynamics, resolving issues with empathy and decisiveness
Collaborate with cross-functional teams to ensure seamless integration of SIEM capabilities into broader cyber response workflows
Skills required (essential):
Minimum of 10 years of experience in cyber detection engineering or incident response
Strong understanding of network security, endpoint detection and computer forensics
Experience in the creation and management of detection logic in SIEMs (e.g Elastic Search, Splunk, Arc Sight, Microsoft Sentinel)
Experience with SIEM rule tuning, correlation logic, alert de-duplication and false-positive reduction techniques
Strong knowledge of exploitation techniques (e.g. MITRE ATT&CK) and use-case development
Thorough TCP/IP and protocol experience (OSI L2-L7, DNS, HTTP, REST, SOAP)
Highly experienced with Unix/Linux command-line tools and shell scripting
Strong communication, task management and organizational skills
Skills desired:
Experience developing automations in SOAR (e.g. Palo Alto XSOAR, Sumo Logic, Swimlane)
Experience within the application of Indicators of Compromise (e.g. YARA rules, STIX and TAXII)
Strong hands-on experience with a query language (e.g Splunk, SPL or Elastic, EQL, SQL)
Experience with streaming data frameworks (e.g. Kafka, Ni Fi, Spark)
Experience with CI/CD technology (e.g Jenkins, GitLab CI, GitHub Actions)
Experience in the administration of systems (e.g. servers, desktops) or security controls (AV, Endpoint, IDS)
Intermediate experience developing scripts in Python Skills required (essential):
Minimum of 10 years of experience in cyber detection engineering or incident response
Strong understanding of network security, endpoint detection and computer forensics
Experience in the creation and management of detection logic in SIEMs (e.g Elastic Search, Splunk, Arc Sight, Microsoft Sentinel)
Experience with SIEM rule tuning, correlation logic, alert de-duplication and false-positive reduction techniques
Strong knowledge of exploitation techniques (e.g. MITRE ATT&CK) and use-case development
Thorough TCP/IP and protocol experience (OSI L2-L7, DNS, HTTP, REST, SOAP)
Highly experienced with Unix/Linux command-line tools and shell scripting
Strong communication, task management and organizational skills
Skills desired:
Experience developing automations in SOAR (e.g. Palo Alto XSOAR, Sumo Logic, Swimlane)
Experience within the application of Indicators of Compromise (e.g. YARA rules, STIX and TAXII)
Strong hands-on experience with a query language (e.g Splunk's SPL or Elastic's EQL, SQL)
Experience with streaming data frameworks (e.g. Kafka, Ni Fi, Spark)
Experience with CI/CD technology (e.g Jenkins, GitLab CI, GitHub Actions)
Experience in the administration of systems (e.g. servers, desktops) or security controls (AV, Endpoint, IDS)
Intermediate experience developing scripts in Python

WHAT YOU CAN EXPECT FROM MORGAN STANLEY:

At Morgan Stanley, we raise, manage and allocate capital for our clients - helping them reach their goals. We do it in a way that's differentiated - and we've done that for 90 years. Our values - putting clients first, doing the right thing, leading with exceptional ideas, committing to diversity and inclusion, and giving back - aren't just beliefs, they guide the decisions we make every day to do what's best for our clients, communities and more than 80,000 employees in 1,200 offices across 42 countries. At Morgan Stanley, you'll find an opportunity to work alongside the best and the brightest, in an environment where you are supported and empowered. Our teams are relentless collaborators and creative thinkers, fueled by their diverse backgrounds and experiences. We are proud to support our employees and their families at every point along their work-life journey, offering some of the most attractive and comprehensive employee benefits and perks in the industry. There's also ample opportunity to move about the business for those who show passion and grit in their work.
To learn more about our offices across the globe, please copy and paste https://www.morganstanley.com/about-us/global-offices into your browser.

Certified Persons Regulatory Requirements:

If t his role is deemed a Certified role and may require the role holder to hold mandatory regulatory qualifications or the minimum qualifications to meet internal company benchmarks.

Flexible work statement

Interested in flexible working opportunities? Morgan Stanley empowers employees to have greater freedom of choice through flexible working arrangements. Speak to our recruitment team to find out more.
Morgan Stanley is an equal opportunities employer. We work to provide a supportive and inclusive environment where all individuals can maximize their full potential. Our skilled and creative workforce is comprised of individuals drawn from a broad cross section of the global communities in which we operate and who reflect a variety of backgrounds, talents, perspectives, and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing, and advancing individuals based on their skills and talents.