Detection Team Engineer

Summary

Join our dynamic team and make a difference in the world! We are seeking an energetic Cyber Security Engineer to join our InfoSec Detection Team based in the UK. This hybrid or remote role involves collaborating with various teams to identify, assess, and investigate security risks. You will monitor security events, support incident response, and contribute to the development and maintenance of our PAM platform. This position requires extensive hands-on experience with various technologies and a strong understanding of the threat landscape. The successful candidate will have opportunities for career advancement within our growing security team.

Requirements

• Extensive hands-on experience with a variety of technologies and appliances, particularly SIEM, WAFs, PAM, Windows, Linux, and hypervisor platforms
• Public cloud awareness and ideally practical knowledge of maintaining a secure public cloud
• Knowledge of UK government cyber security guidance is desirable
• Proficiency in securing, auditing, and maintaining public and cloud implementations
• Experience managing enterprise security products, including Anti-Virus, Data Loss Prevention tools, Endpoint Protection, and Identity Management
• Strong understanding of the attack chain, advanced persistent threats and the evolving threat landscape
• Minimum of five years' experience in systems infrastructure, security operations, or senior IT support roles
• A strong commitment to continuous learning, developing new skills, and sharing knowledge, including dedicating study time outside of working hours for career advancement
• Excellent team working skills with clear and professional communication, coupled with a customer service-oriented approach
• Self-motivated with the ability to work independently and deliver high-quality results
• Must possess or be eligible to obtain security clearance to MOD SC and Non-Police Personnel Vetting Level 3 (NPPV)
• Demonstrable Expereince in an IT role, with a strong understanding of security concepts / fundamentals
• Excellent understanding of core systems, including all versions of Windows Client / Server and Hypervisor technologies (ESXI, Hyper-V etc)
• Operation of SIEM / XDR solutions
• Managing enterprise Anti-Virus and Malware platforms
• Basic networking fundamentals (i.e. DNS, DHCP, routing and firewall rules)
• Basic Red Hat Linux (RHEL) / Oracle Linux knowledge
• Someone who enjoys taking on new challenges and has the desire to learn new skills and technologies
• Great communication skills
• Analytical / Strong problem-solving skills
• Works well within a team, with the ability to work independently when required

Responsibilities

• Collaborate with Detection Team, Response Team and Architects to identify, assess, and conduct in-depth investigations on areas of interest highlighted through our various reporting mechanisms such as XDR, SIEM, Proxy solutions, Email Threat platform, Application Delivery Controllers (ADCs), Vulnerability Scanning Solutions and Security Bulletins
• Monitor and investigate security events and alerts, prioritising risk and taking necessary actions to promptly remediate operational security risks
• Support investigations and incident response scenarios as directed by the Team Lead
• Learn and contribute to the maintenance and development of our Privileged Access Management (PAM) platform: requires some knowledge of XML, Python and RegEx
• Work closely with Security Architects to deliver new security capabilities and ensure ongoing security enforcement and compliance
• Familiarise yourself with ITIL processes, including change, problem, and incident management
• Maintain the NCSC's Cyber Security Essentials Plus accreditation

Preferred Qualifications

• Ability to perform controlled malware analysis and scripting on Windows and Linux platforms is advantageous
• Previous experience in a Security Operations Centre (SOC) or as part of a Security Team is desirable
• Basic Static / Dynamic Malware Analysis skills (using tools such as: Sysinternals, PEStudio, CyberChef, API Monitor, NodeJS, Powershell IDE, UPX, Wireshark and BurpSuite)
• LogRhythm / Splunk (SIEM platforms in general)
• Trend Micro suite of applications
• Nessus / Vulnerability scanning software
• Managing a PAM solution
• Pulse Secure Traffic Manager (Brocade)
• Web Application Firewall technologies
• Understanding of ITIL framework
• Understanding of CE+
• The ability to learn new skills quickly
• Evidence end-to-end findings from an investigation timeline and trace back to “patient zero”

Benefits

• Private Medical Cover funded by NEC for Employees (with the option to add family members at an additional cost)
• 25 days paid holiday with the option to buy/sell
• 4 x basic salary life assurance cover funded by NEC (with the option to increase cover at an additional cost)
• A Group Pension Plan with fantastic employer contributions up to a maximum of 8.5%
• A selection of flexible benefits to suit your individual needs