Overview
We are seeking highly skilled SMEs to support a critical logging and detection-engineering initiative. The engagement requires deep technical expertise across database logging, Linux logging (Application, Authentication & Audit), SaaS logging (Authentication & Audit), and the development of analytics rules to operationalise onboarded log data into existing or newly created detection logic.
Three senior resources will contribute to this engagement:
Two (2) Senior Log Onboarding & Data Validation Engineers
One (1) Senior Detection Engineering Analyst
1. Senior Log Onboarding & Data Validation Engineer (x2)
Role Summary
These engineers will be responsible for onboarding logs from multiple platforms, validating data quality, ensuring completeness and correctness, and handing over fully validated data sources to the Detection Engineering team.
Key Responsibilities
Lead log onboarding activities across operating systems, databases, SaaS platforms, appliances, and containerised environments.
Validate incoming log data for accuracy, completeness, consistency, and usability.
Develop and maintain ingestion pipelines, parsers, and normalization logic.
Collaborate with Detection Engineering to ensure logs are optimised for detection use cases.
Troubleshoot ingestion failures, schema issues, timestamp anomalies, and source-side configuration errors.
Produce technical documentation, runbooks, and handover materials.
Ensure alignment with compliance, logging standards, and data governance requirements.
Required Expertise & Skills
Deep SME-level knowledge in:
Database logging: Oracle, MSSQL
Linux logging: RHEL (Red Hat), AIX (Application, Auth & Audit logs)
SaaS logging: Authentication, Audit, API-level logging
Strong experience with log forwarding technologies (e.g., syslog, agents, collectors).
Familiarity with K8s logging models, Windows Server 2016 event logging, and infrastructure logs (VMware ESXi, RestorePoint, AS-400).
Ability to build and tune data connectors, parsing logic, and ingestion schemas.
Experience working with SIEM platforms (Microsoft Sentinel preferred).
Strong analytical, troubleshooting, and documentation skills.
2. Senior Detection Engineering Analyst (x1)
Role Summary
This role focuses on operationalising onboarded logs by building, optimising, and maintaining detection logic. The analyst will work closely with the Log Onboarding Engineers to maximise the security value of newly ingested log sources.
Key Responsibilities
Develop, refine, and maintain detection logic across the full detection lifecycle.
Leverage newly onboarded logs to create actionable detection use cases.
Build and update workbooks, analytic rules, alerting logic, and hunting queries.
Conduct threat modelling to identify gaps and opportunities for new detections.
Partner with SOC, Red Team, and Purple Team functions to validate detection effectiveness.
Perform tuning to reduce false positives and optimise alert fidelity.
Maintain documentation for detection logic design, deployment, and updates.
Required Expertise & Skills
Previous experience in a SOC, Red Team, or Purple Team environment.
Strong understanding of detection engineering methodologies and threat-detection frameworks.
Expertise working with SIEM platforms and KQL-based analytics (Microsoft Sentinel advantageous).
Experience using cross-platform logs (Linux, Windows, SaaS, databases, appliances) for detection logic.
Ability to create dashboards, workbooks, and visualisation artefacts to support monitoring.
Strong knowledge of attacker techniques (MITRE ATT&CK), logging schemas, and telemetry sources.
Relevant Technologies Across Roles
Expertise in the following technologies is essential:
Operating Systems
Red Hat Enterprise Linux (RHEL)
IBM AIX
Windows Server 2016
Databases
Oracle
Microsoft SQL Server (MSSQL)
Platforms
SaaS platforms (various)
Kubernetes (K8s)
Appliances & Systems
VMware ESXi
AS-400
RestorePoint
