Inside IR35 SIEM Contract Jobs
Siemens Teamcenter PLM Engineer (DV Cleared)
Posted 4 days ago by Sanderson Government & Defence
The Siemens Teamcenter PLM Engineer role involves supporting a secure government environment as a Subject Matter Expert...
- Rate £500 per day
- Category Inside
- Work type Onsite
- Location Reading, Berkshire, UK
Stay Updated on Contract Jobs
Never miss another opportunity with our email alerts.
Save your searches to be notified as soon as new jobs are added.
Sort By
Saved Searches
No saved searches yet
Filters
IR35 Status
Working Arrangements
Industry
Sector
Posted By
Country
Seniority Level
Date Posted
Contract Rate
About Our Inside IR35 SIEM Contract Roles
What does a siem contractor do?
As a contract SIEM, you are hired to implement, configure, optimise, and operate SIEM platforms that collect, correlate, and analyse security log and event data from across an organisation's technology estate to detect threats, investigate incidents, and support compliance reporting. SIEM is a foundational component of a security operations centre, providing the visibility and detection capability that enables security analysts to identify potential security incidents from the enormous volume of security events generated by modern enterprise environments. Contractors are brought in to implement a new SIEM platform, to migrate from one SIEM to another, to build and tune detection rules that improve the signal-to-noise ratio of SIEM alerts, to develop SIEM content for specific threat use cases, or to provide specialist SIEM expertise within a security operations team.
SIEM contractors are expected to have deep, hands-on experience with the specific SIEM platform relevant to the engagement. Microsoft Sentinel is the most commonly specified SIEM platform in UK enterprise environments, and experience creating Sentinel analytics rules using KQL (Kusto Query Language), building SOAR playbooks in Logic Apps, managing Sentinel workspaces and data connectors, and optimising ingestion costs is a common requirement. Splunk contractors need proficiency in SPL (Splunk Processing Language) for search and analytics alongside knowledge of Splunk Enterprise Security for SIEM use cases and SOAR for automation. IBM QRadar, Elastic SIEM, and LogRhythm are among the other platforms that generate regular UK contract demand. The ability to develop detection rules that accurately identify threat behaviours while minimising false positives, to perform log source onboarding and normalisation, and to conduct SIEM health checks that ensure coverage quality is consistently expected at senior SIEM contractor level.
What is the market like for siem contractors?
The SIEM contract market is a steadily active specialist within the cybersecurity contractor market, driven by the structural need for threat detection and monitoring capability across financial services, critical national infrastructure, healthcare, and large corporate organisations. Microsoft Sentinel has grown rapidly to become the dominant SIEM platform for new implementations in the UK, creating a large and growing Sentinel contractor market with strong demand for KQL-proficient security engineers. The migration of organisations from legacy SIEM platforms to Sentinel or Splunk continues to generate significant project-based SIEM contractor demand. Rates reflect the specialist platform knowledge and security domain expertise required, sitting at the premium end of the security operations contracting market.
What does Inside IR35 mean?
IR35 is UK tax legislation that determines whether a contractor is genuinely self-employed or working in a manner that resembles employment. When a contract is classified as inside IR35, income tax and National Insurance are deducted at source, typically via an umbrella company or agency PAYE. Headline day rates on inside IR35 engagements are generally higher than equivalent outside IR35 roles to account for the tax and employment cost structure.
Inside IR35 determinations are made where the working arrangements are considered to resemble employment, based on factors including the level of client control, the absence of a genuine right of substitution, and the presence of mutuality of obligation. Since April 2021, the end client is responsible for making this determination for medium and large private sector organisations. Many employers in financial services, government, and professional services assess the majority of their contractor engagements as inside IR35.
On QualityContracts.co.uk, approximately 49% of roles with a stated IR35 status are classified as inside IR35, making it the most common arrangement across the contract market. The proportion varies by sector and role type. Each listing on this page displays its IR35 status where provided by the hiring organisation.
What siem roles are usually Inside IR35?
The inside IR35 portion of the SIEM market involves ongoing platform operation: managing and tuning detection rules, investigating alerts, maintaining integrations with log sources, and supporting the SOC team. Financial services firms, government departments, and large enterprises with 24/7 security monitoring operations embed SIEM engineers in their security operations teams. The work follows the client's incident response procedures and requires sustained familiarity with their environment.
How much do siem contractors usually earn when working Inside IR35?
Contract rates for siem roles typically range from £500 to £900 per day, depending on the scope of the role, required expertise, and the delivery expectations of the engagement. Inside IR35 rates are typically 15% to 30% higher than equivalent outside IR35 roles to account for tax and national insurance deducted at source by the fee-payer.
How many Inside IR35 siem vacancies are there on Quality Contracts?
Over the past twelve months, we have tracked over 100 siem contract roles across the site. Around one third of the roles currently listed on the site fall Inside IR35. Data reviewed up to June 2026.