The Hanover Insurance Group

Senior IT Security Engineer

Remote IT Security Engineering role with clear candidate location fit.

PostedJun 19, 2026

Eligible countries6 accepted countries

Seniority signalSenior

Work settingRemote

Accepted candidate locations

CanadaGermanyIndiaNetherlandsUnited KingdomUSA

Role overview

Readable role content extracted into sections for faster review.

Manage, maintain, and optimize the on premise SIEM platform, including log ingestion, parsing, correlation rules, dashboards, and alerting.
Ensure SIEM availability, performance, and scalability to support enterprise security monitoring needs.
Develop and tune detection rules, correlation logic, and use cases aligned with threat intelligence and organizational risk.
Oversee log source onboarding, configuration, and validation across servers, applications, network devices, and security tools.
Conduct regular SIEM health checks, capacity planning, and lifecycle management.

Administer and maintain on premise IDS/IPS platforms, ensuring accurate detection and prevention of malicious activity.
Tune signatures, policies, and rulesets to reduce false positives while maintaining strong detection coverage.
Monitor IDS/IPS performance, availability, and event trends to identify anomalies or operational issues.
Coordinate with network and security teams to implement policy updates, rule changes, and architectural improvements.

Ensure both SIEM and IDS/IPS solutions are aligned with security governance frameworks, compliance requirements, and organizational policies.
Maintain documentation for system configurations, processes, runbooks, and governance controls.
Support audit activities by providing evidence, reports, and system configuration details.
Participate in incident response activities by providing SIEM/IDS/IPS insights, event analysis, and technical expertise.

Evaluate emerging threats and recommend enhancements to detection logic and monitoring capabilities.
Collaborate with architecture and leadership teams to align SIEM and IDS/IPS strategies with long term security objectives.
Identify opportunities to automate processes, improve detection fidelity, and enhance operational efficiency.

Minimum 5 years of hands on experience administering, managing, and maintaining:

Demonstrated experience ensuring high availability, governance alignment, and operational effectiveness of security monitoring technologies.
Strong understanding of SIEM architecture, log ingestion pipelines, correlation logic, and event normalization.
Expertise with IDS/IPS technologies, signature tuning, network traffic analysis, and threat detection methodologies.
Proficiency with security log formats (syslog, JSON, CEF, LEEF, etc.).
Familiarity with network protocols, firewall rules, and enterprise network architecture.
Experience with Linux/Windows server administration as it relates to security tooling.
Ability to analyze security events, identify patterns, and support incident response.
Strong analytical and problem solving abilities.
Excellent communication skills for cross team collaboration.
Ability to work independently in a remote environment while managing multiple priorities.
Detail oriented mindset with a commitment to governance, documentation, and operational discipline.
Preferred Qualifications (Optional Enhancements)