Your role:
- lead the development and maintenance of robust detection content, working with service teams across the department to understand and implement requirements
- identify and deliver opportunities for continual improvement of the threat detection capability
- work closely alongside other Cyber Defence functions, supporting the continual improvement of wider capabilities
- develop and update internal documentation, including knowledge base articles, standards, and policies
- act as an escalation point for, and provide coaching and mentoring to, security analysts and detection engineers
- be responsible for leadership and line management of security analysts and detection engineers
- Cyber incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join.
Your experience:
- working with SIEM tools
- experience building, maintaining and tuning detection content using languages such as SPL
- broader experience using common enterprise security tools such as EDR
- an in-depth understanding of the tools, techniques and procedures used by threat actors
- experience coaching and mentoring junior staff
- excellent analytical and problem solving skills
- excellent verbal and written communication skills
- It’s desirable, but not essential, that you have:
- experience with Splunk
- experience working in an Agile environment
- experience with cloud environments such as AWS