Our client, a leading international bank, is looking to hire a Security Engineer to join its Proactive Security team.
This role focuses on security engineering, SIEM development, detection engineering, and security automation. The successful candidate will help enhance the bank's threat detection and response capabilities across on-premise and cloud environments.
Key Responsibilities
* Develop and maintain threat detection use cases, threat hunting content, and security monitoring controls.
* Design, implement, and optimise SIEM capabilities, including log onboarding, analytics rules, dashboards, playbooks, and data connectors.
* Build and maintain SOAR workflows and security automation capabilities.
* Support threat modelling, security control reviews, and risk assessments for new technology initiatives.
* Integrate security tooling and develop automated remediation and configuration monitoring solutions.
* Improve detection coverage across Active Directory, Windows, Linux, network infrastructure, cloud platforms, and security technologies.
* Collaborate with SOC and infrastructure teams to enhance monitoring, incident response, and threat intelligence-driven detections.
* Provide technical guidance on security controls, tooling evaluations, and security best practices.
Requirements
* 5+ years' experience in Security Engineering, Detection Engineering, Security Automation, or a related cybersecurity function.
* Strong hands-on experience with SIEM platforms, including implementation, administration, and custom detection rule development.
* Experience building SOAR workflows and security automation using scripting and orchestration tools.
* Strong knowledge of EDR, Active Directory security, Windows event logging, and identity-based threat detection.
* Proficiency in PowerShell and/or Python.
* Good understanding of networking, firewalls, VPNs, proxies, and enterprise infrastructure.
* Experience working across Azure, AWS, or GCP environments.
* Familiarity with security frameworks such as NIST, MITRE ATT&CK, and Cyber Kill Chain.
* Relevant security certifications (SC-200, AZ-500, Security+, or equivalent) preferred.