Skip to content
MVPeople Group Logo
MVPeopleGroup
SOC & Blue Team

Senior SOC Engineer – IDS/SIEM Implementation

Utrecht, UTFreelance / ZZP (MVPeople)HybridSenioroverheid

About the assignment

A leading organisation managing a data-intensive platform for the public sector requires a Senior SOC Engineer to design and implement enterprise-grade IDS and SIEM capabilities. The environment is zero-downtime critical, serving hundreds of partner organisations daily.

You own the technical implementation of intrusion detection and security event monitoring across production, acceptance and test environments in AWS. This is a delivery role, not operations—you build the foundation, then hand over to the internal SOC team.

Your responsibilities

  • Design and deploy an Intrusion Detection System (IDS) across multi-environment AWS infrastructure
  • Configure and tune SIEM solution combining native AWS services (GuardDuty, Security Hub) with third-party integrations
  • Analyse data streams, identify anomalous patterns and indicators of compromise using MITRE ATT&CK framework
  • Perform baseline analysis and continuously refine detection rules based on monitoring output
  • Establish vulnerability management processes within the cloud environment
  • Deliver progress reports and technical documentation directly to the local CISO
  • Collaborate with internal SOC team on operational handover and future maintenance model

Tech Stack & Tools

Platforms & Tooling

AWS GuardDutyAWS Security HubAWS CloudTrailSplunkAzure Sentinel

Frameworks & Standards

MITRE ATT&CKNIST Cybersecurity FrameworkCIS Benchmarks

Cloud & Infrastructure

AWS (primary)Multi-environment deployment (prod, acceptance, test)

Methodologies

Baseline analysisThreat detection and responseVulnerability management

Certifications (preferred)

AWS Security SpecialtyGCIA (GIAC Certified Intrusion Analyst)CySA+ (CompTIA Cybersecurity Analyst)

Must-haves

  • Proven experience designing and implementing IDS/SIEM solutions in complex environments
  • Strong AWS security expertise (GuardDuty, Security Hub, CloudTrail or equivalent)
  • Hands-on experience configuring and tuning SIEM platforms (Splunk, Sentinel, QRadar)
  • Ability to work independently and communicate technical progress to non-technical stakeholders
  • Availability 2-3 days per week on-site in Veenendaal during initial setup phase

Nice-to-haves

  • Background in vulnerability management tooling and processes
  • Experience in managed service or multi-tenant environments
  • Track record in high-availability sectors (government, utilities, logistics)
  • AWS Security Specialty or equivalent certification

What we offer

  • 6-month interim contract (fulltime, 40 hours/week) with extension potential based on delivery
  • Location: Veenendaal (Gelderland); remote work available after ramp-up phase
  • Work with zero-downtime critical infrastructure serving hundreds of organisations daily
  • Direct collaboration with local CISO and internal SOC team on strategic initiatives
  • Clear ownership of technical delivery with measurable impact
  • Personal guidance from a dedicated MVPeople consultant who knows your niche

The process

1

Introduction

Phone call with your MVPeople consultant (within 24 hours)

2

Match & Brief

We discuss the assignment in detail and prepare you

3

Client meeting

Introduction to the client

4

Start

Contracting and onboarding

Details

Type

Freelance / ZZP (MVPeople)

Location

Utrecht, UT

Work model

Hybrid

Level

Senior

Industry

overheid

Posted

29 June 2026

Job ID

55912



Contact

Apply nowMore information
Apply now