TUI Group is the world’s number one integrated tourism business. Information Security is a global team within TUI technology responsible for maintaining and continuously improving security across TUI. We are a multi-disciplinary team of experts across Governance, Risk and Compliance (GRC), Architecture, Engineering and Delivery providing services across the UK, Ireland, Sweden, Norway, Denspan, Finland, Spain, Germany, Belgium and The Netherlands.  

We never stop looking ahead, seeking new ways to delight our customers and grow our business. We recognise the power of digital and the massive contribution this brings to creating a truly unique and differentiated customer experience. 

We are seeking an experienced SIEM Architect to join our global Cyber Security team that provides services to the whole of TUI Group. In this pivotal role, you will design, implement, and manage our Security Information and Event Management (SIEM) systems to protect TUIs digital assets. You will collaborate with cross-functional teams to enhance our security posture and ensure compliance with industry standards. 

•  Now taking applications until 20-01-2025

ABOUT OUR OFFER
 

• Personal benefits: Attractive remuneration, bonus opportunity, exclusive travel perks & discounts, extensive health & wellbeing support, and more.
• Flexible working: Work is something you do, not somewhere you go. We encourage a healthy work-life balance and offer hybrid or remote working models.
• A career to shape: Opportunities to upskill, reskill and grow your career. Access the TUI Tech Learning Hub to level-up and reach your ambitions.
• Expand your horizons: Participate in our tech communities and collaborate on global projects and teams.
• Community: Get involved with incredible local charity and sustainability initiatives like the TUI Care Foundation and the Sustainable Tech Community. 

ABOUT THE JOB  

Stakeholder Engagement & Roadmap Development: 

• Engage with key stakeholders to understand business needs, security requirements, and priorities. 
• Develop and maintain a SIEM roadmap aligned with organizational goals and emerging threats. 
• Prioritize and manage a backlog of SIEM enhancements, features, and fixes based on stakeholder input. 
• Communicate updates, progress, and changes to stakeholders and senior leadership. 
• Facilitate regular meetings with stakeholders to gather feedback and adjust plans accordingly. 

SIEM Architecture & Design: 

• Develop and maintain the overall SIEM architecture to meet business and security requirements. 
• Design scalable solutions for data collection, processing, and storage within the SIEM platform. 
• Establish standards and best practices for SIEM deployment and configuration. 
• Document architectural plans, roadmaps, configurations, and procedures. 

SIEM Engineering & Implementation: 

• Install, configure, and maintain SIEM platforms (e.g., Splunk) and associated components. 
• Integrate various log sources, including servers, applications, and network devices, into the SIEM. 
• Develop custom scripts and automation tools to streamline SIEM operations. 
• Optimize SIEM performance through tuning and scaling. 

Content Development & Management: 

• Create and manage correlation searches, alerts, and dashboards to detect security threats. 
• Develop use cases and implement monitoring strategies for threat detection and compliance. 
• Regularly update SIEM content to adapt to emerging threats and business changes. 

Monitoring & Incident Response Support: 

• Collaborate with the Security Operations Centre (SOC) to analyse security events. 
• Assist in incident response activities by providing relevant SIEM data and insights. 
• Fine-tune detection rules to reduce false positives and enhance threat visibility. 

Maintenance & Troubleshooting: 

• Perform regular system health checks and ensure high availability of SIEM services. 
• Troubleshoot and resolve issues related to data ingestion, parsing, and correlation. 
• Apply patches and updates to maintain system security and compliance. 

Collaboration & Training: 

• Work closely with IT, DevOps, and other security teams to align on security objectives. 
• Provide training and mentorship to team members on SIEM functionalities and best practices. 
• Participate in cross-functional projects to enhance overall security posture. 

Compliance & Reporting: 

• Ensure SIEM operations comply with regulatory requirements and internal policies. 
• Generate compliance reports for standards such as GDPR, PCI DSS, and ISO 27001. 
• Support audit activities by providing necessary documentation and evidence. 

ABOUT YOU 

Education & Experience: 

• Bachelor’s degree in Computer Science or equivalent experience, Information Security, or a related field. 
• Proven experience in SIEM architecture and engineering roles. 

Technical Expertise: 

• Proficiency with SIEM platforms, especially Splunk Enterprise and Splunk Enterprise Security. 
• Strong knowledge of log management, event correlation, and security analytics. 
• Experience with data onboarding, including parsing, normalizing, and mapping data sources. 
• Familiarity with network protocols, operating systems, and security technologies. 
• Proficiency in scripting languages such as Python, PowerShell, or Bash. 

Security Knowledge: 

• Understanding of cybersecurity principles, threat landscapes, and attack vectors. 
• Knowledge of security frameworks and compliance standards (e.g., NIST, ISO 27001, GDPR). 
• Experience in developing and implementing security use cases and playbooks. 

Analytical & Problem-Solving Skills: 

• Ability to analyse complex datasets to identify patterns, anomalies, and security incidents. 
• Strong troubleshooting skills to resolve technical issues promptly. 

Communication & Collaboration: 

• Excellent verbal and written communication skills. 
• Ability to convey complex technical concepts to non-technical stakeholders. 
• Experience working in cross-functional teams and global environments. 

Certifications: 

• Relevant certifications such as Splunk Certified Architect, Splunk Certified Engineer, CISSP, or CISM are highly desirable. 

From a workplace to a place to belong.  At TUI we embrace diversity, equity, and inclusion, encouraging everyone to come as you are, because together, our potential is limitless.

We are committed to supporting candidates with disabilities and impairments so if you require any support, please do let us know.