This role sits within the Department for Business and Trade’s SOC (Security Operations Centre), reporting to the Principal Cyber Engineer. The SOC is responsible for the identification and mitigation of threats, both internal and external to the security of DBT. This role supports these actions by creating new capabilities, supporting existing capabilities, and providing expertise to analysts when required. Focusing on the delivery of the monitoring and development aspects of DBT’s TOM (Target Operating Model), this role involves the development of security tools and providing cyber security advice to the development community in DBT to ensure best practices are being followed. This role will be suitable for an individual with a DevSecOps (Development and Security Operations) background or someone who has skills in both software development and Cyber Security.
Main Responsibilities
1. Supporting the Principal Cyber Security Engineer and SOC Manager in the implementation of the monitoring and improvement roadmap.
2. Identifying areas of improvement within the SOC and building a plan to implement the improvement.
3. Testing and implementing changes within multiple Cloud Environments.
4. Producing software documentation to accurately represent the system that has been implemented and its current state for other engineers to use and rely on.
5. Updating and maintaining existing tools and infrastructure.
6. Facilitating the ingestion and enrichment of new logging services into the SIEM (Security Incident and Event Management) Tool for the analysts.
7. Maintaining the pipelines and infrastructure that facilitate the ingestion of logs and processing logs.
8. Assisting with active investigations and providing expert knowledge to assist analysts.
9. Creating playbooks for new capabilities and documentation for maintaining new capabilities.
#J-18808-Ljbffr