Principal Cyber Operations Engineer - ESO
The National Grid Electricity System Operator (ESO) keeps the lights on for Great Britain. We move electricity around the grid to ensure supply meets demand every second of every day. But that’s not all we do. As the UK moves towards its 2050 net zero target, the ESO has a vital part to play. We want to operate a zero-carbon electricity system some of the time by 2025 and run on clean green electricity all of the time by 2035. It’s an ambitious goal and it’s not too far away…
The ESO’s Digital, Data & Technology (DD&T) team is on a journey to transform to a ‘digital first’ mindset, ensuring that we are innovative, digital and data-driven through everything we do. The scale of the change we need to deliver will demand a step-change in our business – further embedding digital, data and technology capability, becoming the net zero employer of choice, driving rigour in our delivery approach, and maintaining the agility and flexibility to adapt as the energy system continues to change at pace.
We are seeking a highly skilled and experienced Principal Cyber Operations Engineer to join our team. The ideal candidate will possess strong SIEM engineering skills and will also be comfortable in a mentorship role, providing advice and guidance to other members of the Engineering team. The Principal Cyber Operations Engineer will be responsible for working with other Cyber Operations Engineers to onboard data sources into a central SIEM, ensuring data quality, and addressing any data quality issues that may arise. The Principal Cyber Operations Engineer will also be responsible for maintaining and validating the configuration of various security tooling that serves the needs of the SOC and Cyber Operations team, such as EDR and other detection tooling.
This role requires a proactive and detail-oriented individual with a broad understanding of the data requirements and needs of a Security Operations function, and a proven track record of working in a previous Cyber Operations Engineering environment, or in a Security Operations role. We also value curious individuals with a passion for security, who are interested in working in an environment with bespoke systems and processes.
This role can be based from Wokingham or Warwick, and we continue to offer hybrid working from office and home.
Key Accountabilities
* Provide mentorship and guidance to other members of the Engineering team.
* Weigh in on tough technical decisions where competing interests or solutions require consideration.
* Identify and highlight potential avenues for increasing efficiency of delivery and process within the Engineering team.
* Provide technical guidance and support to other team members as needed.
* Suggest and recommend updates to operational procedures and flows to optimise the onboarding of data sources and ensure the widest security visibility across NESO.
* Collaborate with stakeholders to onboard data sources into the SIEM platform.
* Configure and optimize data collection and parsing mechanisms to ensure accurate and efficient data ingestion.
* Investigate and resolve data quality issues, working closely with stakeholders to implement necessary corrective actions.
* Develop and maintain documentation related to data source onboarding processes and procedures.
* Help maintain and validate the configuration of various security tools to serve the needs of the SOC and Threat Detection teams, such as EDR and other detection tooling.
About You
* A proven ability to lead on technical implementation and decision making within an Engineering or Security context.
* Passionate about security, and building secure infrastructure and secure foundations.
* Proven experience working with SIEM platforms and related tooling.
* Strong understanding of SIEM (Security Information and Event Management) concepts and best practices.
* Familiarity with SIEM data onboarding processes and techniques.
* Awareness of treating cyber operations engineering using a Software Development Lifecycle mindset.
* Knowledge of various data source formats and protocols (e.g., syslog, JSON, REST API).
* Experience in troubleshooting and resolving data quality issues.
* Experience working with security tooling such as EDR, Deception Tech, Malware Sandboxes, Vulnerability Management Tooling, etc.
* Excellent problem-solving and analytical skills.
* Strong communication and collaboration abilities.
* Relevant certifications (e.g. GIAC) are a plus.
* Curiosity – a willingness and enthusiasm to take on the challenge of making sense of bespoke data sources.
* Experience integrating applications, platforms, and tooling into security monitoring infrastructure.
* In-depth knowledge and experience in security engineering, operations, analysis, and response.
* Experience in scripting or programming (Python, Bash, PowerShell, etc).
* Strong analytical and problem-solving skills.
* Awareness of current and emerging cyber threats, trends, and best practices.
What You'll Get
A competitive salary between £64,000 – 69,000 – dependent on experience and capability. As well as your base salary, there is a bonus scheme, 28 days annual leave as standard, and a competitive contributory pension scheme where we will double match your contribution to a maximum company contribution of 12%.
You will also have access to a comprehensive benefits package tailored to support your well-being and professional success. From a competitive salary to flexible work arrangements, we promote your work-life balance.
More Information
This role closes on 02/10/2024 at 23:59. We encourage candidates to submit their application as early as possible.
We're committed to building a workforce that represents the communities we serve, and a working environment in which each individual feels valued, respected, and able to reach their full potential.
#J-18808-Ljbffr