West Midlands, United Kingdom | Posted on 21/03/2025
The Cyber Defence Engineer will join agrowing security team responsible for the testing, implementation, deployment,maintenance, configuration and troubleshooting of the SOC’s technology stack(hardware and software). The engineer will also assist with the continueddevelopment and maintenance of data pipelines and signature updates and theprofessional development of the system engineering team.
Tasks:
* Perform systemadministration on specific cyber defence applications and systems to includeinstallation, configuration, maintenance, troubleshooting, backup, andrestoration.
* Manage system/serverresources including performance, capacity, availability, serviceability, andrecoverability.
* Diagnose and resolvecustomer reported system incidents, problems, and events to ensure continuingoperability.
* Coordinatewith Cyber Defence and CTI Analysts in the management and administration theupdating of ingested data flows, cyber use cases and signatures for specialisedcyber defence applications in response to new or observed threats.
* Manage the compilation,cataloguing, distribution, and retrieval of data from a range of enterprisenetworks and data sources.
* Implement and develop datamanagement standards, policies, requirements, and specifications.
* Analyse data sources toprovide actionable recommendations and facilitate data-gathering methods.
* Provide updates to the SOC Leads (Line Management,Team Leaders) on current SOC investigations and findings.
* Share knowledge, skills,and experience, by documenting SOC processes to aid to aid SOC maturity and trainingof new members of the data engineering team.
Requirements
Knowledge:
* A demonstrablenetworking background – experience in system administration.
* Knowledge of big datatechnologies and ecosystems (e.g. Apache NiFi).
* Knowledge of currentmarket and emerging tools in data analytical and SIEM platforms.
* Knowledgeof network security implementations (e.g., IDS, IPS, EDR), including theirfunction and placement in an enterprise network.
* Knowledgeof intrusion detection systems and signature development.
* Knowledge of front-endcollection systems, including network traffic collection, filtering, andselection.
* Knowledge of cyber security threats,vulnerabilities, and privacy principles.
* Working knowledge inconfigurating collection sensors for enterprise networks.
* Knowledgeof system administration concepts for operating systems such as but not limitedto Linux, Android, and Windows operating systems.
* Knowledge of cyberdefence and information security policies, procedures, and regulations.
* Knowledge of networksecurity architecture concepts including topology, protocols, components, andprinciples.
* Knowledgeof cyber incident response frameworks and handling methodologies.
* Knowledge of data backup andrecovery.
Skills/Experience:
* Must-have – circa5 years + relevant experience.
* Must-have experience withEnterprise ICS/network architectures and technologies.
* Must-have experience withframeworks and technologies that support data-intensive distributedapplications.
* Must-have experience withmaintaining and administrating data analytical and SIEM platforms such asElastic.
* Must-have experience with problemsolving and analytical skills and able to collect information, analyse, report,and advise on evidence-based changes.
* Skillto apply cybersecurityand privacy principles to organizational requirements (relevant toconfidentiality, integrity, availability, authentication, non-repudiation).
* Stakeholder management – Expert ability tocommunicate to all levels of the organisation on technical, and non-technicallevel.
* Experience using hostand network-based IDS/IPS
* Experience using packetcapture solutions.
* Skill indeveloping and deploying signatures.
* Abilityto provide technical and service leadership to junior SOC Engineers(mentor/coach).
DesirableQualifications/Certifications
* Red Hat SystemAdministration I & II (RH124/RH134).
* Knowledge of virtualisation technologiessuch as VMWare and HyperV.
* Proventrack record and experience in developing cyber security policies andprocedures, as well as successfully producing deliverables to meetorganisational objectives.
* Abilityto work calmly and effectively under pressure and have a can-do attitude.
* Broadcyber certifications or equivalent such as Cyber Foundation Pathway, CompTIA(N+, S+, CySA+), SANS (GSEC, GCIH, GMON, GCDA), Systems Administrations (ActiveDirectory), CISCO (CCNA, CCNP) and risk management.
Working knowledge of Defence Joint Service Publications (440, 441,604).
#J-18808-Ljbffr