Senior SOC Engineer – IDS/SIEM Implementation
About the assignment
A leading organisation managing a data-intensive platform for the public sector requires a Senior SOC Engineer to design and implement enterprise-grade IDS and SIEM capabilities. The environment is zero-downtime critical, serving hundreds of partner organisations daily.
You own the technical implementation of intrusion detection and security event monitoring across production, acceptance and test environments in AWS. This is a delivery role, not operations—you build the foundation, then hand over to the internal SOC team.
Your responsibilities
- Design and deploy an Intrusion Detection System (IDS) across multi-environment AWS infrastructure
- Configure and tune SIEM solution combining native AWS services (GuardDuty, Security Hub) with third-party integrations
- Analyse data streams, identify anomalous patterns and indicators of compromise using MITRE ATT&CK framework
- Perform baseline analysis and continuously refine detection rules based on monitoring output
- Establish vulnerability management processes within the cloud environment
- Deliver progress reports and technical documentation directly to the local CISO
- Collaborate with internal SOC team on operational handover and future maintenance model
Tech Stack & Tools
Platforms & Tooling
Frameworks & Standards
Cloud & Infrastructure
Methodologies
Certifications (preferred)
Must-haves
- Proven experience designing and implementing IDS/SIEM solutions in complex environments
- Strong AWS security expertise (GuardDuty, Security Hub, CloudTrail or equivalent)
- Hands-on experience configuring and tuning SIEM platforms (Splunk, Sentinel, QRadar)
- Ability to work independently and communicate technical progress to non-technical stakeholders
- Availability 2-3 days per week on-site in Veenendaal during initial setup phase
Nice-to-haves
- Background in vulnerability management tooling and processes
- Experience in managed service or multi-tenant environments
- Track record in high-availability sectors (government, utilities, logistics)
- AWS Security Specialty or equivalent certification
What we offer
- 6-month interim contract (fulltime, 40 hours/week) with extension potential based on delivery
- Location: Veenendaal (Gelderland); remote work available after ramp-up phase
- Work with zero-downtime critical infrastructure serving hundreds of organisations daily
- Direct collaboration with local CISO and internal SOC team on strategic initiatives
- Clear ownership of technical delivery with measurable impact
- Personal guidance from a dedicated MVPeople consultant who knows your niche
The process
Introduction
Phone call with your MVPeople consultant (within 24 hours)
Match & Brief
We discuss the assignment in detail and prepare you
Client meeting
Introduction to the client
Start
Contracting and onboarding
Details
Type
Freelance / ZZP (MVPeople)
Location
Utrecht, UT
Work model
Hybrid
Level
Senior
Industry
overheid
Posted
29 June 2026
Job ID
55912
Contact
MVPeople Group
jobs@mvpeoplegroup.com