Senior Security Engineer SIEM (Hybrid set up)

About the Role 

Join Swiss Re’s Cyber Defence organisation and help us fulfil our mission of making the world more resilient. As a Senior SIEM Engineer, you will play a key role in shaping and operating Swiss Re’s log ingestion and security telemetry platform. You will work at scale, designing and engineering reliable, high performance log pipelines that power detection, investigation, and response across our global environment. 

This role combines deep security engineering expertise with hands‑on software development, focusing on log ingestion, parsing, enrichment, and optimisation of Elastic‑based SIEM capabilities. You will work in a modern, cloud centric environment, collaborating closely with detection engineers, incident responders, and platform teams. 

About the Team 

Cyber Defence is the focal point for all security monitoring, detection, and response activities across Swiss Re. We are responsible for protecting the company by delivering high quality, reliable, and actionable security telemetry and detections. 

You will be part of a highly skilled, international engineering team within the Cyber Defence Product & Engineering unit, working closely with detection engineering, threat intelligence, and platform teams to continuously evolve our security monitoring capabilities.  

In this role, you will... 

• Design, build, and operate scalable and resilient log ingestion pipelines for security and operational telemetry. 

• Engineer efficient ingestion patterns into Elastic, optimising performance, cost, reliability, and data quality. 

• Develop and maintain integrations using Kafka, Azure Event Hubs, and related streaming technologies. 

• Implement log parsing, normalization, and enrichment to ensure high‑fidelity, detection‑ready data aligned with security use cases. 

• Develop and maintain ingestion, transformation, and enrichment components using Python and Go, following modern software engineering best practices. 

• Design, deploy, and operate log forwarders, including Elastic Agent, and manage agent policies and lifecycle using Elastic Fleet to ensure consistent, secure, and scalable telemetry collection across environments. 

• Partner with detection engineers to ensure telemetry supports advanced detection logic, threat hunting, and incident response. 

• Troubleshoot ingestion, latency, and data quality issues across distributed systems. 

• Define and promote standards for logging, schemas, enrichment, and ingestion patterns across the organisation. 

• Contribute to the continuous improvement of SIEM architecture, tooling, and operational processes. 

• Act as a senior technical contributor, providing guidance, reviews, and mentoring to other engineers. 

About You 

You are a hands‑on security engineer who enjoys building robust platforms and solving complex data engineering challenges in security environments. You combine strong technical depth with a collaborative mindset and a passion for operational excellence. 

We are looking for candidates who meet many of the following criteria: 

• Several years of experience in SIEM, security engineering, or large scale log management. 

• Strong understanding of security logging, telemetry, and common detection and response use cases. 

• Hands‑on experience with Elastic (Elasticsearch, data streams, ingest pipelines, performance tuning). 

• Practical experience with Kafka and/or Azure Event Hubs in production environments. 

• Solid software engineering skills with Python and Go, including testing, version control, and CI/CD. 

• Design and operate log ingestion components running in containerised and Kubernetes environments, using infrastructure-as‑code and automation tools (e.g. Terraform) to ensure repeatable, secure, and scalable deployments. 

• Experience designing and operating high throughput, distributed ingestion systems. 

• Good understanding of cloud environments (Azure preferred) and modern infrastructure concepts. 

• Ability to communicate complex technical topics clearly to both technical and non‑technical stakeholders. 

• Self‑driven, structured, and comfortable working in a global, agile setup. 

Nice to Have 

• Experience with SIEM content development or close collaboration with detection engineering teams. 

• Familiarity with security frameworks such as MITRE ATT&CK®. 

• Experience integrating and using AI‑powered tools to support log ingestion, enrichment, detection engineering, and incident response, improving signal quality and operational efficiency. 

• Experience with log enrichment using asset, identity, or threat intelligence data. 

• Exposure to SRE or platform engineering practices. 

• Prior experience in regulated or large enterprise environments. 

What We Offer 

• The opportunity to shape security monitoring at global scale in a leading re/insurance company. 

• A flexible hybrid working model balancing office collaboration and remote work. 

• A diverse, inclusive, and international work environment. 

• Strong focus on learning, technical excellence, and career development. 

• Competitive compensation and benefits aligned with Swiss Re standards. 

For Spain the base salary range for this position is between EUR 60,000 and EUR 100,000 (for a full-time role). The specific salary offered considers:

• the requirements, scope, complexity and responsibilities of the role,
• the applicant’s own profile including education/qualifications, expertise, specialisation, skills and experience.

In the situation where you do not meet all the requirements or you significantly exceed these, the offered salary may be below or above the advertised range.

In addition to your base salary, you may be eligible for additional rewards and benefits including an attractive performance-based bonus.