OT Threat Detection SIEM Engineer

Sword is a leading provider of business technology solutions within the Energy, Public and Finance Sectors, driving transformational change within our clients.  We use proven technology, specialist teams and domain expertise to build solid technical foundations across platforms, data, and business applications.  We have a passion for using technology to solve business problems, working in partnership with our clients to help in achieving their goals. 

About the role:

As an OT Threat Detection SIEM Engineer, you will play a key role in strengthening cyber security monitoring and detection capabilities across critical operational technology (OT) environments.

Working within complex industrial and critical national infrastructure (CNI) environments, you'll be responsible for designing, implementing and optimising SIEM capabilities that enable effective threat detection, investigation and response. You'll work closely with OT cyber security specialists, engineers and client stakeholders to improve visibility across industrial systems, develop high-quality detection content and ensure security monitoring is aligned to real-world operational risks.

This is an opportunity to work at the forefront of OT cyber security, helping protect essential infrastructure while contributing to the evolution of detection engineering practices across industrial environments.

As an OT Threat Detection SIEM Engineer, you will:

• Configure, onboard and administer SIEM platforms within OT environments
• Develop and maintain log parsing, data pipelines and ingestion processes for OT data sources
• Build, manage and continuously improve OT-specific detection content and use cases
• Analyse telemetry from diverse OT environments, including firewalls, network sensors, historians, control systems and supporting infrastructure
• Identify visibility gaps, validate data quality and ensure telemetry supports detection requirements
• Map detection use cases against MITRE ATT&CK Enterprise and ICS frameworks
• Apply a threat-informed approach to detection engineering using known adversary tactics, techniques and procedures (TTPs)
• Continuously tune detection logic to reduce false positives, improve alert quality and increase operational value
• Support the triage and investigation of OT security events and incidents
• Configure enrichment and contextual data sources, including asset inventories, criticality ratings and network segmentation information
• Integrate threat intelligence feeds and external intelligence sources into detection workflows
• Build and optimise correlation pipelines that improve monitoring effectiveness and operational visibility
• Interpret industrial protocol activity and identify abnormal behaviours while minimising disruption to legitimate operations

We're looking for someone with strong experience in security monitoring, detection engineering and SIEM technologies, ideally gained within OT, ICS or industrial environments.

You'll bring:

• Hands-on experience administering and optimising SIEM platforms within OT or industrial environments
• Experience developing, tuning and maintaining threat detection use cases
• Experience working with OT logs, telemetry and industrial data sources
• Knowledge of MITRE ATT&CK Enterprise and ICS frameworks and their application within detection engineering
• Understanding of OT, ICS and SCADA environments and the challenges associated with securing them
• Experience with log parsing, data pipelines and data enrichment techniques
• Analytical and investigative capabilities with experience supporting security event triage and incident investigation
• Ability to balance security objectives with operational, safety and availability requirements in industrial environments
• Confidence communicating with engineers, security teams and client stakeholders
• A collaborative approach with the ability to work effectively across multidisciplinary teams

Experience with one or more of the following would be advantageous:

• Industrial protocols including DNP3, IEC 60870-5-104, Modbus and OPC
• OT network monitoring, traffic analysis and anomaly detection
• Security monitoring architectures within OT and ICS environments
• Threat intelligence integration and operationalisation
• Detection engineering, security operations or incident response practices
• Industrial network segmentation and asset visibility solutions
• Working within critical national infrastructure (CNI) or highly regulated environments
• Security monitoring tools, correlation engines and alert management processes
• Supporting the continuous improvement of detection content and monitoring effectiveness

At Sword, our core values and culture are based on caring about our people, investing in training and career development, and building inclusive teams where we are all encouraged to contribute to achieve success. We offer comprehensive benefits designed to support your professional development and enhance your overall quality of life. In addition to a Competitive Salary, here's what you can expect as part of our benefits package:

• Personalised Career Development: We create a development plan customised to your goals and aspirations, with a range of learning and development opportunities within a culture that encourages growth.
• Flexible working: Flexible work arrangements to support your work-life balance. We can’t promise to always be able to meet every request, however, are keen to discuss your individual preferences to make it work where we can.
• A Fantastic Benefits Package: This includes generous annual leave allowance, enhanced family friendly benefits, pension scheme, access to private health, well-being, and insurance schemes.

At Sword we are dedicated to fostering a diverse and inclusive workplace and are proud to be an equal opportunities employer, ensuring that all applicants receive fair and equal consideration for employment, regardless of whether they meet every requirement. If you don’t tick all the boxes but feel you have some of the relevant skills and experience we’re looking for, please do consider applying and highlight your transferable skills and experience. We embrace diversity in all its forms, valuing individuals regardless of age, disability, gender identity or reassignment, marital or civil partner status, pregnancy or maternity status, race, colour, nationality, ethnic or national origin, religion or belief, sex, or sexual orientation. Your perspective and potential are important to us.

#LI-PD1