Job Description
Cyber Threat Detection
Our client is a pure-play cyber security consulting firm, due to a recent M&A and continued growth they are looking for a technical and driven Threat Detection Engineer to join the growing team.
You will collaborate closely with the SOC analysts, ensuring clients’ security posture is enhanced. As a Threat Intelligence Analyst, you will play a pivotal role within the SOC Team.
As this is a new role, our client will be providing you with the training required to be successful in this role, as a baseline we are looking for candidates who have experience within MS Sentinel, specifically working with LogicApps and automation playbooks and experience developing rules in MS Sentinel. It is also important to have a good understanding of KQL.
You'll lead the charge in planning and managing the development, testing, and implementation of cutting-edge rules and analytics for SIEM and SOAR platforms.
Your day-to-day will be dynamic and collaborative, working closely with SOC Operations Teams to fine-tune existing security use cases and create innovative detection content. You'll be orchestrating each release, overseeing all aspects of design, development, testing, and implementation.
As a Threat Detection Engineer, you'll become a master at crafting cutting-edge detection and response solutions, leveraging advanced technologies like Lucene, YARA, Sigma and more!
Additionally with the right training, you'll be the key driver and main point of contact for the revolutionary zero-trust protection product. This role includes full ownership and management, ensuring its optimal performance, implementing enhancements, handling customer requests, and serving as the primary escalation contact. Naturally our client will provide you with all training whilst on the job!
No two days are the same in the SOC, responsibilities include but not limited to:
* Lead the development, testing, and deployment of innovative and updated content across the monitored estate in collaboration with Operations teams.
* Transform playbooks from the Ops teams into effective, deployable solutions.
* Ensure existing detection content remains cutting-edge and relevant.
* Evaluate the impact of new and updated rules and analytics to inform future development.
* Oversee the implementation and maintenance of AppGuard policies.
* Review and approve essential documentation for releases or changes, including design, deployment, configuration, and administration guides.
* Expertise in SIEM/SOAR tools (Microsoft Sentinel and ELK) and other technologies, such as SOAR, Threat Intelligence, and traffic analysis tools, to detect intrusions and recommend enhancements to SOC operations.
* Analyse security data to uncover patterns and trends.
* Research emerging threats and vulnerabilities to stay ahead of the curve.
* Develop and produce Use Case Rules, turning CTI information into actionable Use Cases.
* Maintain an organized and up-to-date Use Case Library.
* Keep comprehensive documentation to support all activities.
Required skills/experience of Threat Detection Engineer:
* Must be eligible to obtain UK Government Security Clearance
* Commercial experience working with MS Sentinel – automation playbooks - developing rules and experience with LogicApps
* Experience with Microsoft Sentinel and KQL mandatory
* Experience with LogRhythm, ELK stack (Elastic Search, Logstash, Kibana) would be desirable
* Knowledge of Network Security
* Excellent communication and stakeholder management skills
* Ability to manage sensitive and confidential information
Client Key Facts:
* Exceptionally flexible regarding remote and hybrid work arrangements which means more freedom for your personal life.
* Paid on-call if and when required
* Access to industry events, fostering a stimulating technical and social environment.
* Fantastic career progression opportunities.
#J-18808-Ljbffr