Role DescriptionYou will be a key member of a high-performing team responsible for security detection and monitoring capabilities and strategy.
The team has a mixture of offensive and defensive cyber security expertise.
The team works to proactively analyse, prevent, detect, and respond to threats before they impact SMBC.
This position includes mastery of a wide range of security detection and monitoring technologies (both cloud and on-premise) with a focus on ensuring optimal performance, new detection and coverage capabilities, and maintaining continuous monitoring and tuning.
The successful candidate will execute and drive detection engineering with minimal guidance.
Role Objectives
Data ingestion:
selection and implementation of optimum data flows to ingest security data to our systems.
Data optimization:
identify and filter data to relevant systems, such as SIEM for rule detection and Data Lake for investigations and incident response.
* Identify, resolve and document operational issues and report time to respond and time to resolve.
* Deliver a detection strategy to ensure SMBC is both fully compliant for various Cyber Security Controls and Emerging Threats by implementing high fidelity actionable security detections.
This implemented strategy must cover sources such as compliance, pen test results, incidents lessons learned, threat hunts, threat intelligence and Mitre Attack coverage.
* Creation and tuning of alerts and detections from a SIEM and other devices in response to changing threats.
* Work with detection as code pipeline with built in change control with a full audit trail.
* Build automated verification suites of our rule set to ensure rules are behaving as expected.
* Conduct advanced adversary simulations to assess the effectiveness of our detections.
* Integrate outputs from red teaming into security strategies, enhancing our security posture.
* Onboard new security tools to SOC monitoring including testing and verification of how the system is configured.
* Develop and implement enhancements to assist in detection, prevention, and analysis of security threats.
* Automate robust enterprise solutions reducing manual effort.
* Conduct proactive research to analyze security weaknesses and recommend appropriate strategies.
* Manage tasks in an agile manner – working to a prioritized backlog.
* Collaborate across functions and vendors to drive implementation and enhancements of security detection capabilities.
* Assess the effectiveness of cybersecurity measures utilized by systems.
* Employ configuration management processes.
* Design, develop, integrate, and update system security measures that provide confidentiality, integrity, availability, authentication, and non-repudiation.
* Develop mitigation strategies to address cost, schedule, performance, and security risks.
* Trace system requirements to design components and perform gap analysis.
* Measure and track metrics for the detection engineering process to illustrate progress towards goals and track gaps in detection coverage.
* Maintain and create documentation in support of detection and response capabilities and processes and readily fulfil any audit requests.
* Provide mentoring, coaching, and professional development opportunities to team members.
Qualifications and Skills
* 5+ years of relevant experience
* Experience with log analysis from multiple sources
* Experience with cloud SIEM, UEBA, NSM, EDR and/or other detection technologies
* Strong knowledge of Windows and Linux systems, Active Directory, Cloud technologies
* Ability to use logic and reasoning to identify solutions and improvements to manual/inefficient processes and tasks
* Experience of building detection as code pipelines
* Experience mapping detections to the MITRE framework
* Expertise in query languages
* Strong troubleshooting ability
* Ability to balance operational tasks with project work
* Ability to translate threat intelligence into actionable detection logic
* Scripting ability
* Experience in other areas of Cyber Security an advantage
* Work effectively and collaboratively in a global team environment
* Strong sense of self-ownership and attention to detail