Job Description
Role Title: Cyber Security Engineer
Role Type: Permanent
Location: Edinburgh (with blended home working)
Responsibilities
* Design, deploy and manage the next-generation detection and log management platforms including SIEM, log ingestion pipelines and cloud security monitoring tools.
* Develop advanced detection rules, correlation searches and playbooks to improve threat detection and response.
* Onboard and normalize log sources, perform data parsing and maintain SIEM alerting to support SOC operations.
* Engineer and maintain log pipelines using Cribl for optimal ingestion, filtering, routing and replay.
* Architect scalable solutions for log archival, rehydration and compliance-driven retention.
* Implement security monitoring, alerting and automation across Azure workloads using Microsoft Defender XDR, Defender for Cloud, Azure Monitor, Azure AD, Azure EventHubs, Log Analytics and Kusto Query Language.
* Build security automation playbooks and integrations for SOAR tools.
* Govern SOC architecture, develop interface definitions, security guidelines and collaborate with the Cyber Security Operation Centre and other security functions.
* Participate in incident response, contributing to the Cyber Security Incident Response Team for cyber incidents.
Qualifications & Experience
* Demonstrable experience in cyber security engineering, SIEM engineering, or related roles.
* Deep understanding of SIEM, log ingestion, SOAR, AV, CSPM, EDR/XDR, and cloud security technologies.
* Experience developing and maintaining SIEM alerts, detection rules, log pipeline architecture, and log pipelines.
* Strong knowledge of Azure-native security services and Azure monitoring stack (Defender, Monitor, AD, EventHubs, Log Analytics, KQL).
* Proficiency in writing queries in Kusto Query Language (KQL) or Splunk Processing Language (SPL).
Preferred (Not Required)
* Understanding of microservices architecture, Azure Logic Apps and DevSecOps practices.
* Experience with security architecture reviews and risk assessments.
* Experience with ITSM tools such as Jira or ServiceNow.
* Experience with CI/CD for security content deployment and configuration management.
* Knowledge of scripting languages for automation and API integration.
* Industry recognised certifications (SC-200, SC-100, AZ-500, Splunk, PCSAE, CISSP, CEH).
* Experience working with globally dispersed teams.
Benefits
* 40 days annual leave.
* 16% employer pension contribution.
* Discretionary performance‑based bonus where applicable.
* Private healthcare.
* Flexible benefits including gym discounts, season ticket loans and employee discount portal access.
Equal Opportunities
Aberdeen is a Disability Confident Committed employer. All applicants, including those with a disability, are encouraged to apply. The employer is committed to providing an inclusive workplace free from unfair or unlawful treatment and values diversity across all backgrounds and identities.
#J-18808-Ljbffr