Configure, manage rsyslog and establish centralised logging for network appliances, firewalls, and infrastructure components to ensure comprehensive data visibility and collection.
Linux Proficiency: Administer and troubleshoot Linux-based systems with command-line fluency and scripting skills (e.g., Bash, Python) to support SIEM operations, log parsing, and agent deployment.
Detection Engineering & Threat Rules: Develop and tune custom detection rules using ESQL, EQL, and Lucene syntax to identify malicious activities. Utilize MITRE ATT&CK-aligned techniques and contribute to the detection roadmap design. Create and maintain investigation guides for SOC analysts to facilitate triage and escalation.
SOC Maturity & Policy Development: Contribute to SOC process and policy development, including detection logic lifecycle, alert tuning procedures, and SIEM governance. Play a key role in maturing SIEM tooling and automation within the SOC environment.
Defence Writing & JSP Familiarity: Prepare formal documentation adhering to Defence Writing principles, with understanding of JSPs related to cybersecurity governance, incident response, and monitoring operations.
Incident & Case Management: Support incident response through alert review, case triage, evidence handling, escalation, and forensic data support. Ensure comprehensive and SOP-aligned case documentation.
Client Engagement & Communication: Clearly communicate technical information to stakeholders and clients. Collaborate with multidisciplinary teams, report findings effectively, and represent security operations during client interactions.
Elastic Stack Expertise: Demonstrable expertise in Elastic Stack, especially Kibana for visualisations, dashboards, queries, and alerts. Hold a valid Elastic Certified Analyst certification with skills in anomaly detection, dashboard tuning, and timeline analysis.
Data Ingestion & Log Pipeline Engineering: Build, manage, and optimise Logstash pipelines, handling diverse log formats and transforming data to ensure reliable ingestion into Elasticsearch.
Experience & Knowledge: Prior experience in Defence, Government, or Critical National Infrastructure environments. Familiarity with security frameworks (MITRE ATT&CK, NIST CSF, ISO 27001), SOAR or SIEM enrichment tools, log forwarding tools, and threat intelligence platforms like OpenCTI.
Qualifications: Expertise in Azure & Sentinel, proven Cyber Analyst experience focusing on Security Operations, and strong Elastic Stack skills. Additional certifications such as CISSP, CEH, or Elastic Certified Engineer are advantageous. Active SC and/or DV clearance is required or eligibility for DV if not held.
Methods is a £100M+ IT Services Consultancy partnering with UK government departments, focusing on transformation, delivery, and collaboration. Established over 30 years ago, UK-based, and part of the Alten Group since 2022. We value people, technology, and data, aiming to create sustainable value for clients, staff, and communities.
#J-18808-Ljbffr