Remote (UK-based) Contract - Outside IR35
Telecommunications

We’re currently supporting a client in hiring a SIEM Content Developer to strengthen their cyber security detection capabilities. This is a fully remote contract role, operating outside IR35.

The Role

You’ll be responsible for developing and enhancing detection capabilities within the Elastic Stack, helping to improve visibility of security threats and optimise incident response.

Key responsibilities include:

• Designing, building, and tuning SIEM detection rules and correlation logic
• Developing and maintaining dashboards and reporting in Elastic
• Creating automation scripts and workflows to support faster response
• Translating threat intelligence using frameworks such as MITRE ATT&CK into actionable detections
• Working closely with SOC teams to reduce false positives and improve detection quality
• Supporting log ingestion, parsing, and overall SIEM performance

Requirements

• 2-5+ years’ experience in SIEM content development, detection engineering, or SOC (Level 2/3)
• Strong experience with SIEM tools, ideally Elastic Stack (or Splunk, Sentinel, QRadar, ArcSight)
• Solid understanding of Windows/Linux systems and TCP/IP networking
• Experience working with cloud platforms (Azure, AWS, O365)
• Scripting skills in Python, PowerShell, or Bash
• Familiarity with MITRE ATT&CK and modern threat detection techniques

What’s on Offer

• Fully remote working
• Outside IR35 contract
• Opportunity to work with a large-scale telecoms environment

ECS Recruitment Group Ltd is acting as an Employment Business in relation to this vacancy.