Mid-Senior SIEM Engineer - On-Site in Lisbon

About the Role

We are seeking a Mid-Senior SIEM Engineer to join our team in Lisbon, Portugal. This is an on-site role, where you will design, implement, and maintain the organization’s SIEM platform to ensure continuous, reliable, and scalable security monitoring. As a SIEM Engineer, you will play a crucial role in enhancing our security posture and ensuring the integrity of our systems.

What You'll Do

• Design, implement, and maintain the organization’s SIEM platform for effective security monitoring.
• Develop and manage log source integrations across on-premise, cloud, and hybrid environments.
• Build, fine-tune, and maintain correlation rules, detection logic, and alerting workflows.
• Create and maintain dashboards, reports, and visualizations to support SOC operations.
• Continuously optimize SIEM performance and data ingestion efficiency.
• Collaborate with Security Operations, Incident Response, and Threat Intelligence teams.
• Conduct periodic use case reviews to align with the evolving threat landscape.
• Ensure proper data retention and access control configurations within the SIEM.
• Automate repetitive processes and data enrichment using scripting or integrations.
• Document correlation rules, workflows, and integration procedures.
• Support audits and compliance reporting by ensuring log completeness.
• Participate in on-call rotations for critical security incidents.
• Evaluate and recommend improvements to SIEM architecture and detection capabilities.
• Contribute to the roadmap and maturity development of security monitoring functions.

Requirements

• 3+ years of experience working with SIEM platforms (e.g., Splunk, ELK, QRadar).
• 9+ months of experience with ELK SIEM (Elasticsearch, Logstash, Kibana, and Beats).
• Strong understanding of log management, event correlation, and alerting principles.
• Hands-on experience with log ingestion, parsing, and normalization.
• Proficiency in developing and tuning detection rules, dashboards, and reports.
• Good knowledge of security operations and incident response processes.
• Familiarity with common network, endpoint, and cloud security data sources.
• Experience with scripting (Python, PowerShell) for automation.
• Understanding of MITRE ATT&CK framework in detection engineering.
• Strong analytical and troubleshooting skills.
• Effective communication and documentation skills.
• Fluency in English (written and spoken).

Nice to Have

• Experience with SOAR platforms.
• Experience with EDR.
• Experience with cloud environments (AWS, Azure, GCP).
• Familiarity with vulnerability management processes.
• Knowledge of regulatory and compliance requirements (GDPR, ISO 27001).
• Previous experience in a global Security Operations environment.

What We Offer

• Excellent benefits including global coverage health insurance.
• Learning and development opportunities.
• 20 working days of annual vacation and additional paid sick days.
• Competitive remuneration level with annual review.
• Team-building activities.

Bold moves start here. Make yours. Apply today!