A leading, multinational business are looking to bring on an experienced Security Engineer to join their team, specialising in Cyber Security Detection.
You will be responsible for
Responsible for developing and driving the cyber security detection capability both day-to-day and strategically for the Group. You are expected to seek out effective and comprehensive detection logic and capability, ensuring detections are robust and not brittle, thoroughly tested, and that alerts and supporting information is available to and understood by operational cyber security teams.
Experience Required
Threat Led:
Ability to assess and validate information from various sources on cyber and informational security threats to business
Ability to analyse and identify significance of processed intelligence to identify trends, threat actor TTPs and potential capabilities.
Ability to break down and translate information into tangible actionable data.
Secure & Test-Driven Engineering
Understanding of cyber security threat frameworks such as MITRE ATT&CK, Lockheed Martin Killchain etc.
Ability to specify/implement processes to maintain required level of security for a component/product/system during its lifecycle.
Proficient at detection development lifecycle covering all reasonable positive and negative test cases.
Ability to conducts code reviews of existing content and processes to identify and enhance or mitigate security issues.
Contribute to security evaluation of or testing of threat/vulnerabilities faced by systems.
Applies recognised evaluation/testing methodologies, tools and techniques to signature development / reviews, suggesting new ones where appropriate.
Research:
Ability to quantify and define research goals to generate worthwhile relevant detection ideas for further testing and exploration.
Ability to summarise findings or technical information to be disseminated with wider teams, factoring in business knowledge and summaries.
Experience relevant for this role:
An ability to develop queries and enable robust detection of threats.
Working knowledge of Windows, macOS or Linux operating systems
Understanding of modern attacker TTPs
Translate threat intelligence into actionable detection logic.
Solid grasp of detection technologies
Query languages such as KQL or SPL
Experience developing and maintaining basic automation scripts (e.g., Bash, Python, Batch, PowerShell etc.)
Desirable Skills and Experience:
Knowledge of cloud infrastructure, cloud security and cloud APIs a plus
Knowledge of attacker tools and evasion techniques within offensive engineering
Working knowledge of at least one major programming language, including scripting languages like Python and PowerShell
Experience of developing detections as code