Please check your email .
Get ready to be a part of something important.
The world of cybercrime and cyber security is constantly evolving. Staying ahead of criminals is a significant part of your job. You can feel good about your work knowing that you're helping protect peoples' livelihoods and privacy.
As our next Cyber Security Engineer, you will work alongside other Cyber Security Engineers, including Senior Cyber Security Engineers responsible for managing and improving our SIEM and security platforms to meet the requirements of the business you like to think beyond a conventional SIEM approach and seek to enhance the security suite to a comprehensive automation and orchestration capability.
If you enjoy a hands-on technical role and have a high level of technical ability across a variety of security systems, particularly within Microsoft then this one is for you. You will proactively work with the CSOC team, Content + Cloud technical teams, vendors, and customers to ensure that all security and monitoring requirements are determined and implemented within Content + Cloud and customer environments.
Your day-to-day function would include:
* Work with the technical lead / SME for the CSOC and SIEM service offering by managing and improving the platforms to meet the requirements of the business and/or client.
* Assist in establishing and maintaining processes, tooling and metrics that help provide a high level of productivity, supportability, and operational readiness
* Actively participate in project planning activities, service enhancements and change management controls.
* Actively support the onboarding of new clients throughout the transition to service delivery lifecycle.
* Deliver a variety of projects including planning and execution of changes, and documentation, including training, skills and knowledge transfer to the team and clients.
* Configure and develop SIEM tooling, and associated tool sets, to deliver effective and efficient SOC services through automation and orchestration, and to increase MTTD whilst reducing false positives and negatives.
* Ensure all security platforms are optimised to detect and prevent security threats across all on-prem and cloud environments to meet business objectives and regulatory requirements
* Provide technical oversight and support for the identification, triage and response to events or incidents of a suspicious or malicious nature, and apparent security breaches.
* Act as a technical escalation point and technical mentor for SOC Analysts and Senior SOC Analysts in delivery of our CSOC services.
* Work collaboratively with architects, infrastructure teams and key stakeholders inside and out of the business ensuring security and monitoring requirements are determined and implemented through onboarding or continuous improvement activities
* Maintain a continuous understanding of the threat landscape with in-depth knowledge around threat actors, TTPs and vulnerabilities
* Intrusion Analysis: Intrusion analysis is required to triage alerts from numerous types of IT security controls. You will investigate alerts relating to actual or suspected security incidents, escalating via the appropriate incident management process when required. You will also be responsible for improving Intrusion Detection capabilities by being aware of the latest cyber-attack techniques, reducing false positive alerts, and writing correlation rules and attack signatures.
* Cyber Security Incident Response: You will be required to respond to suspected or actual computer security incidents. Your objective will be to identify if an incident has occurred, assess the impact and escalate within virtual teams to ensure all available resources are used to limit the impact of the incident and disruption to customer’s business is minimised.
* Threat Assessment: You will compile information on the capabilities and motivation of adversaries and other threat actors and presenting this in a variety of forms to illustrate technical threat and assist customers in understanding the threats relevant to them.
* Excellent soft skills in the form of team working, problem solving and communication
* You are a self-starter, keen to develop new services and can collaborate effectively
* Technical experience in a Security Operations Centre, Incident Response Team or similar environment
* Experience with a variety of SIEM platforms, ideally Azure Sentinel, and monitoring tools, configuration management tools, host virtualisation, containerisation, vulnerability scanners, proxies, WAFs
* An in-depth knowledge of log formats, log transports and log analysis as well as automating log ingestion and normalisation in a SOC environment
* The ability to perform analysis of log files from a variety of sources (e.g. individual host logs, network traffic logs, firewall logs, and intrusion detection system [IDS] logs) to identify possible threats to network security
* Experience, either within a ‘lab’ or business context of using SIEM tools, tuning tools to reduce false positives
* Strong technical skills with experience in intrusion analysis and investigation using a variety of security tools (SIEM, EDR, DLP, AV, Snort, Wireshark, TCPdump etc.)
* A thorough understanding of internet communications protocols and in-depth packet analysis, including knowledge of how these protocols are commonly secured
* Awareness of cyber-attack techniques and how protective monitoring systems can be used for detection, mitigation, remediation and protection
* An understanding of Cyber Incident Response and how to identify if an incident has occurred and how to assess and limit the impact it may have
* One or more of the following industry certifications: CEH, GCIA, GCIH, GSEC, Security+, GCTI
This is a remote-first hybrid role. In office just one day a week.
Hit the apply button to easily share your details with us and we promise to respond quickly