£40000 - £45000 Threat Detection Engineer
Security Operation Centre (SOC) team - Threat Detection Engineer
Location: CSA SOC, Gloucester and home working
Hours 37.5 per week – 09:00 – 17:30, Monday – Friday. On-call outside of these hours when required.
Job Description:
As a Detection Engineer, you will play a pivotal role in our Security Operations Centre (SOC) team, collaborating closely with the SOC analysts to enhance our clients’ security posture.
You will specialise in the creation of detection and response capabilities, using technology such as Kusto Query Language (KQL), Lucence, YARA, Sigma, Azure Logic Apps and more.
You will be responsible for planning and managing development, testing and implementation activities delivering new / updated rules and analytics for the SIEM and SOAR platforms. The day-to-day focus of the Detection Engineer is working with SOC Operations Teams to scope and define the requirements for tuning existing security use cases and creating new detection content. This includes planning each release and overseeing all design, development, testing and implementation activities.
The role also includes being the primary point of contact for CSA’s AppGuard Service, a zero trust protection product. Key elements of this involves general management and ownership of AppGuard, ongoing maintenance, implementing improvements and managing the implementation of customer requests, and being the primary escalation point of contact with AppGuard.
The strategic focus of the Engineer is to ensure that the detection and monitoring technology remains optimised, current and tailored to the changing threat landscape and technology in use.
You will contribute to the overall development of the Security Operations Center (SOC), that will shape the future of CSA’s Success.
This is a unique and exciting opportunity for a highly motivated and experienced security professional to make a significant impact in the field of Detection Engineering / Security Operations. If you're ready for a challenge and eager to make a difference, we'd love to hear from you.
This role requires SC clearance.
Primary Responsibilities:
• Develop, test and deploy updated and new content across the monitored estate in liaison with the Operations teams.
• Take playbooks from the Ops teams, develop and deploy.
• Maintain existing detection content to ensure it remains
current and relevant.
• Assess the effectiveness of new / updated rules and analytics
to feed into future development activities.
• Management of the implementation and maintenance of
AppGuard policies
• Review and approve all required documentation as part of a
release or change including design, deployment,
configuration and administration guides.
• Knowledge of SIEM/SOAR tools (Microsoft Sentinel and ELK)
and other appropriate tooling e.g. SOAR, Threat Intelligence, traffic analysis tools etc. to identify signs of an intrusion and advise where new/improved tooling could enhance the SOC operation.
• Analysing security data to identify patterns and trends.
• Conducting research on emerging threats and vulnerabilities.
• Produce Use Case Rules.
• Turn CTI information into actionable Use Cases.
• Maintain Use Case Library.
• Maintain documentation.
• Openness to learning and managing new technologies as business requirements change.
This job specification does not list all duties and is not limited to the above list of responsibilities.
Essential:
• Experience in a similar role.
• Experience of working with SIEM’s (ideally Microsoft Sentinel).
• Knowledge of cyber security frameworks with an active interest in software systems/engineering and/or secure communications and Information systems and malware analysis.
• Knowledge of network security.
• Excellent communication skills, both written and verbal.
• Able to manage sensitive and sometimes confidential
information
• Self-motivation and able to take responsibility.
• Able to manage and prioritise and tasks and time efficiently.
• Personal interest and passion for cyber or information security.
Desirable:
• Experience developing SIEM/SOAR content.
• Experience with Microsoft Sentinel, LogRhythm, ELK stack
(Elastic Search, Logstash, Kibana).
• Strong understanding of security architecture, in particular networking.
• Strong Knowledge of cybersecurity principles and practices.
• Strong analytical and problem-solving skills.
• Experience working alongside or within a SOC environment.
• Strong understanding of security technologies and frameworks such as MITRE ATT&CK.
• Experience building custom connectors/parsers etc. to point devices or IT assets that are not supported out of the box.
• Experience using Regular expression (Regex)
Other Details:
• Hybrid ways of working, with mixture of office and home-based working.
• Paid on call, when required
• Competitive annual training grant for professional development.
• Workplace Health and Benefits Package.
Applications due by: 10/12/2024