Role Objectives
* Select and implement optimal data flows to efficiently ingest security data into systems.
* Filter and route data to appropriate systems (e.g., SIEM for rule detection, Data Lake for investigations and incident response).
* Identify, resolve, and document operational issues while tracking response and resolution times.
* Develop and implement a detection strategy ensuring compliance with Cyber Security Controls and Emerging Threats. This includes integrating sources like compliance requirements, pen test results, incident lessons learned, threat hunts, threat intelligence, and MITRE ATTACK coverage.
* Design and fine-tune alerts and detections within a SIEM and other systems to adapt to evolving threats.
* Manage detection pipelines with built-in change controls and a complete audit trail.
* Buil...
Key Responsibilities
* Build automated verification suites to ensure detection rules operate as intended.
* Conduct advanced simulations to evaluate detection effectiveness.
* Incorporate red teaming outputs into security strategies to strengthen the organisation's defence's.
* Add new security tools to SOC monitoring, including configuration testing and validation.
* Develop and implement tools to enhance detection, prevention, and threat analysis, reducing manual effort through automation.
* Analyse security weaknesses and propose strategies to address them.
* Manage tasks within an agile framework, prioritising a backlog of initiatives.
* Work with various teams and vendors to improve security detection capabilities.
* Evaluate the effectiveness of cybersecurity measures across systems.
* Employ processes to manage system configurations.
* Develop and update system security measures to ensure confidentiality, integrity, availability, authentication, and non-repudiation.
* Create strategies to mitigate risks related to cost, schedule, performance, and security.
* Trace system requirements to design components and perform gap analyses.
* Measure and track detection engineering metrics to monitor progress and identify coverage gaps.
* Maintain detailed documentation for detection and response processes and support audit requirements.
* Provide mentoring, coaching, and professional development to team members.
Qualifications and Skills
* 5+ years of relevant experience.
* Proficiency in analysing logs from multiple sources.
* Familiarity with cloud SIEM, UEBA, NSM, EDR, and other detection tools.
* Strong understanding of Windows, Linux, Active Directory, and cloud technologies.
* Ability to identify and improve manual or inefficient processes using logic and reasoning.
* Experience building detection-as-code pipelines.
* Proficiency in mapping detections to the MITRE framework.
* Expertise in using query languages for analysis.
* Strong troubleshooting skills.
* Ability to balance operational tasks with project responsibilities.
* Skill in translating threat intelligence into actionable detection logic.
* Competency in scripting for automation and other tasks.
* Knowledge of other cybersecurity domains is a plus.
* Demonstrated ability to work effectively in a global team environment.
* Strong sense of responsibility and attention to detail.