TUI Group is the world’s number one integrated tourism business. Information Security is a global team within TUI technology responsible for maintaining and continuously improving security across TUI. We are a multi-disciplinary team of experts across Governance, Risk and Compliance (GRC), Architecture, Engineering and Delivery providing services across the UK, Ireland, Sweden, Norway, Denmark, Finland, Spain, Germany, Belgium and The Netherlands.We are seeking a skilled SIEM Engineer to join our global Cyber Security team. In this unique role, you will be responsible for implementing and maintaining our Security Information and Event Management (SIEM) systems while also managing the knowledge assets related to our security operations.ABOUT THE JOBSystem Deployment & Maintenance:Install, configure, and maintain SIEM platforms (e.g., Splunk) to support security monitoring and incident response activities.Ensure the SIEM infrastructure is optimized for performance, scalability, and reliability.Data Onboarding & Integration:Onboard new log sources by configuring data inputs, parsing rules, and field extractions.Ensure seamless integration of various data sources, including servers, applications, and network devices.Content Development:Develop and maintain dashboards, alerts, and correlation searches to enhance threat detection capabilities.Customize SIEM content to address specific security use cases and compliance requirements.Troubleshooting & Support:Monitor SIEM system health and performance, resolving issues promptly to minimize downtime.Provide technical support to the Security Operations Centre (SOC) and other stakeholders.Documentation & Repository Management:Develop and maintain comprehensive documentation, including playbooks, standard operating procedures (SOPs), and configuration guides.Organize and manage the knowledge repository to ensure information is easily accessible and up-to-date.Training & Development:Conduct training sessions and workshops to educate team members on SIEM functionalities and security best practices.Foster a culture of continuous learning and knowledge sharing within the security team.Content Curation:Regularly update knowledge assets to reflect changes in the threat landscape, technology updates, and process improvements.Assist in monitoring security events to identify potential threats and vulnerabilities.Support the SOC during security incidents by providing timely access to relevant SIEM data and insights.Update knowledge assets post-incident to capture lessons learned and improve future response efforts.Regulatory Compliance:Ensure SIEM operations and documentation comply with relevant regulations and industry standards such as GDPR, PCI DSS, and ISO 27001.Audit Preparation:Provide necessary documentation and evidence to support internal and external audits.Implement audit recommendations to enhance security controls and processes.ABOUT YOUEducation & Experience:Bachelor's degree in Computer Science or equivalent experience, Information Security, or a related field.Proven experience in SIEM engineering and/or security operations.Technical Expertise:Proficiency with SIEM platforms, particularly Splunk Enterprise and Splunk Enterprise Security.Strong understanding of log management, data parsing, and event correlation.Basic scripting skills (e.g., Python, PowerShell) for automation and data manipulation.Knowledge Management Skills:Experience in creating and managing technical documentation and knowledge repositories.Ability to translate complex technical concepts into clear, concise documentation.Stakeholder Management Skills:Excellent interpersonal skills to engage effectively with technical and non-technical stakeholders.Strong organizational skills to manage multiple projects and priorities.Analytical & Problem-Solving Skills:Ability to analyse security logs and data to identify patterns and anomalies.Strong troubleshooting skills to resolve system issues and optimize performance.Good verbal and written communication skills.Certifications:Relevant certifications such as Splunk Certified Power User, Splunk Certified Admin, or ITIL Foundation are desirable.Security certifications like CompTIA Security+, SSCP, or equivalent are a plus.We are committed to supporting candidates with disabilities and impairments so if you require any support, please do let us know.
#J-18808-Ljbffr