SIEM Content Development Specialist

Aggregate function:  Technology
Business Area:  GT Global Cyber Security
Posting Country:  Portugal
Date Posted:  8 Jul 2026
Full Time / Part Time:  Full Time
Contract Type:  Permanent

At Vodafone, we’re working hard to build a better future. A more connected, inclusive and sustainable world. As a dynamic global community, it's our human spirit, together with technology, that empowers us to achieve this. 

We challenge and innovate in order to connect people, businesses, and communities across the world. Delighting our customers and earning their loyalty drive us, and we experiment, learn fast and get it done, together.

With us, you can be truly be yourself and belong, share inspiration, embrace new opportunities, thrive, and make a real difference.

Join Us

At Vodafone, we’re not just shaping the future of connectivity for our customers – we’re shaping the future for everyone who joins our team. When you work with us, you’re part of a global mission to connect people, solve complex challenges, and create a sustainable and more inclusive world. If you want to grow your career whilst finding the perfect balance between work and life, Vodafone offers the opportunities to help you belong and make a real impact.

The SIEM Content Development Specialist plays a critical role in advancing the Cyber Security Operations Center’s ability to detect and respond to cybersecurity incidents. This role focuses on designing and developing cutting-edge detection content leveraging a wide array of security technologies and telemetry to identify malicious activity and guide security analysts through effective response playbooks.

Working within a threat-led framework, the specialist collaborates across teams to translate threat intelligence into actionable detection logic and response workflows. The position demands strong technical acumen, analytical thinking, and problem-solving capabilities, along with the ability to communicate clearly with peers, leadership, and cross-functional stakeholders.

What you’ll do

  • Contribute to continuous improvement initiatives across multiple technologies and telecoms devices by developing and refining content that enhanced threat detection and response capabilities; 
  • Contribute to the development and optimisation of threat detection content, including the tuning of threat and vulnerability management technologies and the continual refinement of SIEM rules and logic to enhance detection accuracy and operational performance;
  • Lead and contribute to the optimisation and modernisation of SIEM content, supporting the adoption of next-generation SIEM technologies and cloud-native security tools;
  • Manage the lifecycle of detection content, including development, testing, release, and retirement, using version control and documentation best practices;
  • Collaborate with DevOps/SecOps teams to integrate security content into broader CI/CD workflows;
  • Collaborate with the CSOC Manager to support improvements in security operations through effective content contributions;
  • Support security event analysis by participating in and may drive security event analysis activities to address current cyber threats;
  • Assist in threat response activities, providing analytical input from a blue team perspective to help identify potential threat group behaviours;
  • Contribute to the creation of cyber security reports and advisories, ensuring timely and accurate dissemination to key stakeholders;
  • Participate in residual risk assessments, supporting post-incident analysis and the documentation of operational and technical lessons learned;
  • Collaborating with data owners and customers on understanding data sources and use cases and successfully translating requirements to actionable content;
  • Track and report on the effectiveness of deployed content, using metrics and stakeholder feedback to drive improvements.

Who you are

  • Bachelor/Master's Degree in related field; 3 years or above related experience;
  • Minimum of 2-5 years’ experience in SIEM content (rule logic and code) development role;
  • Minimum of 2 years of SOC analyst experience (Level2 or above) required;
  • In depth and extensive hands-on experience in security event analysis, create and refine SIEM/EDR rules and deliver efficiency within the SIEM and all other technologies used within the team;
  • Demonstrate deep understanding of telecoms equipment, protocols, and network architecture to develop accurate and effective SIEM content;
  • Proven experience working with telecommunications network protocols (e.g. SS7, Diameter, GTP-C);
  • Deep Knowledge of telecoms protocols and equipment (e.g., Routers, Switches, VoIP systems,IOT,NAS);
  • Deep knowledge of networking protocols and addressing schemes, i.e., TCP/IP functions, CIDR blocks, subnets, addressing, communications, etc;
  • Deep knowledge of Windows/Linux operating systems;
  • Exceptional working knowledge of security technologies such as SIEM (ArcSight, Sentinel, QRadar, LogRhythm, Splunk), EDR (Microsoft Defender, FireEye, Tanium), IDS/IPS, firewalls, proxies, web application firewalls, anti-virus, etc;
  • Understanding of cloud and IoT security in telecoms;
  • Comprehensive understanding of Window Security Event logs and Syslog;
  • Excellent familiarity with endpoint/perimeter security attack vectors and detection (blue/purple teaming);
  • Excellent familiarity with standard security frameworks such as MITRE, cyber kill chain and APT campaign strategies;
  • Outstanding knowledge of cloud platforms such as Azure, O365, Google cloud, AWS, Oracle;
  • Experience with modern SIEM platforms, including cloud-native or hybrid solutions;
  • Hands-on experience with CI/CD pipelines and automation tools for security content deployment;
  • Proficiency in version control systems (e.g., Git) for managing SIEM content;
  • Excellent working knowledge of regular expression development;
  • Scripting and programming experience is highly desirable;
  • Kusto or SQL knowledge, including rule/query optimisation;
  • Proven ability to prioritise workload, meet deadlines and utilise time effectively;
  • Good interpersonal and communication skills, works effectively as a team leader and the ability;
  • Experience in security event analytics, for example Elastic, Azure Sentinel or Splunk;
  • Excellent verbal and written communication skills; Highly disciplined and motivated, able to work independently or under direction;
  • Deep understanding of threat actor techniques and tools; 
  • Fluency in English.

Not a perfect fit?

Worried that you don’t meet all the desired criteria exactly? At Vodafone we are passionate about empowering people and creating a workplace where everyone can thrive, whatever their personal or professional background. If you’re excited about this role but your experience doesn’t align exactly with every part of the job description, we encourage you to still apply as you may be the right candidate for this role or another opportunity.

What's in it for you

  • Hybrid Work Model - Flexible hybrid work model with 8-10 in-office days per month, managed by team leaders;
  • Vodafone Products and Services - Employees get a mobile phone, free communication plan, data card, and various discounts on services and products;
  • Recognition - Recognition programs for innovative, creative, high-potential employees and exemplary behaviors;
  • Health and Well-being - Well-being Program offers nutrition and psychological consultations, webinars, workshops, and discounts on various services and products;
  • Learning - Access to Communities of Practice and a customizable digital training platform with high-quality content (namely Harvard Business Publishing, Skillsoft and Speexx);
  • Local and International Mobility - Internal recruitment with local and international rotation opportunities across departments and roles.

Who we are

We are a leading international Telco, serving millions of customers. At Vodafone, we believe that connectivity is a force for good. If we use it for the things that really matter, it can improve people's lives and the world around us. Through our technology we empower people, connecting everyone regardless of who they are or where they live and we protect the planet, whilst helping our customers do the same.

Belonging at Vodafone isn't a concept; it's lived, breathed, and cultivated through everything we do. You'll be part of a global and diverse community, with many different minds, abilities, backgrounds and cultures. ;We're committed to increase diversity, ensure equal representation, and make Vodafone a place everyone feels safe, valued and included.

If you require any reasonable adjustments or have an accessibility request as part of your recruitment journey, for example, extended time or breaks in between online assessments, please refer to https://careers.vodafone.com/application-adjustments/ for guidance.

Together we can.

Vodafone is committed to attracting, developing and retaining the very best people by offering a motivating and inclusive workplace in which talent is truly recognised and rewarded. We are committed to promoting Inclusion for All with the belief that diversity plays an important role in the success of our business. We actively encourage everyone to consider becoming a part of our journey.