Job Description
Role: Senior Threat Detection Engineer
Duration: 6 Months
Location: Swindon Or London (3 days a week onsite)
Senior Threat Detection Engineer with extensive experience of Cyber Security
The role player should be ambitious, energetic, and experienced highly skilled and experienced Senior Threat Detection Engineerwith a proven track record of working with Incident detection, monitoring handling and response and enhancing the threat detection capabilities, analysing emerging threats, and developing proactive security measures to protect our organization from cyber threats.
Key responsibilities:
Identify opportunities to enhance the protective and detective capabilities of our existing security services and lead the business justification, change management and deployment of the capabilities.
Turn Intelligence into actionable tasks such as use-case creation or enhancements, recreation of attack TTPs, threat hunting etc.
Deploy ruleset and policy changes on security control, following a change management process.
Lead Purple Team engagements and Tabletop exercises.
Work in conjunction with projects to assist in the creation of robust detections.
Form repeatable processes for prioritizing and responding to alerts and developing playbooks.
Act as a 2nd / 3rd line security support, including incident response.
Support Junior Engineers.
Help provide security metrics and KPIs to the Security leadership team on a regular basis.
Capture and share knowledge and ensure use of good documentation within engineering teams.
Key skills/knowledge/experience:
Have experience of working within in a Cyber Security team (e.g. SOC, Cyber Incident Response, Pen Testing).
Hands on, practical experience of security control engineering, threat hunting or incident response.
In depth knowledge of the MITRE ATT&CK framework.
Be able to confidently translate threat intelligence into actionable insights, including the development of new detection rules, recommendation of prevention capabilities or suggestions of enhancements to processes and procedures
A strong ability to develop queries and enable robust detection of threats utilising query language such as KQL (Microsoft) and/or SPL (Splunk).
Have a creative mindset to propose ideas for integrating existing security controls to improve our visibility and security posture.
Working knowledge of Windows and Linux operating systems fundamentals.
Experience in writing or using security incident response playbooks.
Build good working relationships with both technical and business stakeholders, gaining their respect and trust based on your knowledge and professionalism.
Have the ability and desire to quickly learn new technologies.
Have a problem-solving mindset to propose solutions to continuously improve our service offering.
Aptitude to pick up new technologies and provide training to other members of the wider engineering team.
Able to rapidly prioritize work based on business needs and assessing risks
JBRP1_UKTJ