Job description
Detection/Incident
Detection Engineer
Key Skills: Splunk/and or Sentinel, Detection
*You must be eligible or hold SC Clearance and be willing to undergo DV**
As a Detection Engineer, you will be at the forefront of planning, management, and execution of developing, testing, and implementing new rules and analytics in SIEM and SOAR platforms. You will be involved in close collaboration with Threat Intelligence and Operations Teams to organize tasks and manage activities for different projects and releases.
Main responsibilities:
• Supervise deployment and implementation, making sure tasks follow criteria and are completed, and initiate rollback plans if needed.
• Develop, test, and deploy updated and new content across the monitored estate in collaboration with Operations teams.
• Maintain existing detection content to ensure ongoing relevance to the monitored estate.
• Assess the effectiveness of new/updated rules and analytics, providing insights for future development activities.
• Review and approve all required documentation related to releases or changes, including design, deployment, configuration, and administration guides.
• Maintain the Threat Modelling and Asset and Configuration Management services.
Skills:
• Strong knowledge of Azure and AWS security functions, demonstrating the ability to produce playbooks on Sentinel and Splunk.
• Familiarity in SIEM/SOAR tools, including at least Splunk and Sentinel
• Deep knowledge and extensive experience in operational ICT service delivery
• Proficiency in working with various security tools and technologies.
• Detailed knowledge of threat intelligence
• Experience with Splunk (with ES) and/or Sentinel.
• Experience in developing SIEM/SOAR content is desirable.
Detection Engineer
Key Skills: Splunk/and or Sentinel, Detection
*You must be eligible or hold SC Clearance and be willing to undergo DV**
As a Detection Engineer, you will be at the forefront of planning, management, and execution of developing, testing, and implementing new rules and analytics in SIEM and SOAR platforms. You will be involved in close collaboration with Threat Intelligence and Operations Teams to organize tasks and manage activities for different projects and releases.
Main responsibilities:
• Supervise deployment and implementation, making sure tasks follow criteria and are completed, and initiate rollback plans if needed.
• Develop, test, and deploy updated and new content across the monitored estate in collaboration with Operations teams.
• Maintain existing detection content to ensure ongoing relevance to the monitored estate.
• Assess the effectiveness of new/updated rules and analytics, providing insights for future development activities.
• Review and approve all required documentation related to releases or changes, including design, deployment, configuration, and administration guides.
• Maintain the Threat Modelling and Asset and Configuration Management services.
Skills:
• Strong knowledge of Azure and AWS security functions, demonstrating the ability to produce playbooks on Sentinel and Splunk.
• Familiarity in SIEM/SOAR tools, including at least Splunk and Sentinel
• Deep knowledge and extensive experience in operational ICT service delivery
• Proficiency in working with various security tools and technologies.
• Detailed knowledge of threat intelligence
• Experience with Splunk (with ES) and/or Sentinel.
• Experience in developing SIEM/SOAR content is desirable.