Lead Security Engineer (Splunk)
Competitive Salary + 25 Days Holiday + Birthday Day Off + Pension + Benefits
As a CSOC Security Engineer within our client’s team, you’ll be working alongside their CSOC Architect to build the security architecture and systems within the groups SOC. You’ll work to maintain and improve their security monitoring and analysis tools to ensure that they are always one step ahead. As SIEM subject matter expert, you’ll be responsible for maintaining tools, recommending new tools, and updating our systems. As someone who has a keen eye for detail, you’ll document requirements, procedures, and protocols to ensure that other users have the right resources. In the spirit of continuous improvement, you’ll actively contribute to the CSIP (Continued Service Improvement Program) supporting the Head of CSOC / CSOC Architect to improve the CSOC's overall capability and security posture.
You’ll be responsible for the management and coordination of equipment and system staging (cloud-based and/or physical). As someone who enjoys working with technical data, you’ll support the reviewing of security and policy documents, making recommendations to the Head of CSOC (where possible).
You’ll be responsible for the day-to-day management of CSOC owned security solutions and products monitoring the configuration, overall management, performance, and capacity threshold monitoring of the service(s) along with the tuning of the product(s). You’ll also work to ensure that version control and software level management (patching/updating) is kept up to date on all infrastructure in-line with change control processes.
As someone who enjoys being One Team, you’ll collaborate with stakeholders and external IT support functions to carry out root cause analysis and resolve issues quickly with minimal business impact. As a team we’re always looking to raise the bar, learn new things and incorporate new technologies and you will too! You’ll share your knowledge with the team and the wider group community, contributing to Group blogs and undertaking research related to technology enhancements.
- Manage the day-to-day management of the CSOC infrastructure
- Provide technical design, implementation and maintenance of our technical security infrastructure and policies.
- Develop technical solutions and new security tool-sets to mitigate security vulnerabilities and automate repeatable tasks.
- Build, implement and tune SIEM event correlation rules, logic, and content to filter out security events associated with known network behaviour, known false positives and/or known errors.
- Work with the Security Monitoring team to appropriately and practically defend the enterprise in accordance with established policies, procedures, guidelines and practices.
- Prepare and document standard operating procedures and protocols.
- Work with the Threat Intelligence and Cyber Assurance teams to monitor and research industry information sources for zero-day threats and vulnerabilities that impact our clients.
- Establish and maintain strong, collaborative working relationships with our technology infrastructure, application, and architecture teams.
- Support the development of Use Cases
- Rules creation and tuning
- Fine tuning of alerts
- Supporting the CSOC Architect on current and future projects
To be epic at the role you will have experience with:
- Understanding of the organisation's technology and IT systems.
- Planning, researching, and designing security architectures.
- Developing, reviewing, and approving the installation requirements for VPNs, routers, firewalls, and related network devices.
- Researching and designing public key infrastructures, certification authorities, and digital signatures, and ensuring all personnel have IT access limited to their need and role in the organisation.
- Developing project timelines for system upgrades and preparing cost estimates to present to the Head of CSOC.
- Testing the final security system and updating and upgrading it as needed.
- Establishing disaster recovery procedures and conducting security breach drills.
- Responding quickly and effectively to all security incidents and providing post-event analyses.
- Monitoring and guiding the security team, cultivating a sense of security awareness, and arranging for continuous education.
- Remaining up to date with the latest security systems, standards, authentication protocols, and products.
- Knowledge of
- IT architecture and operations (computing, network, storage & cloud)
- Computer networking concepts and protocols, and network security methodologies
- The MITRE ATT&CK Framework.
- Delivering under pressure, prioritising and multi-tasking effectively.
- Communicating clearly with the ability to lead and work as part of a team
- Working within a team-orientated collaborative environment
- Working out of normal operational hours in the event of an incident response emergency
SIEM, Network IDS/IDP, Endpoint EDR
- Splunk ES, Linux, configuration automation tools
- Understanding of how Virtualisation, Operating Systems, Middle Ware, Software Development Engineering and Network protocols function.
- Knowledge of security policy and technical standard development, secure infrastructure design reviews, multi-tiered trust zone structures, and complex networking through multiple level network security structures
- Proven analytic and problem-solving abilities
- Familiarity of reverse engineering techniques, understanding of behaviour, capabilities of malware, rootkits.
Education & Preferred Qualifications
- Experience working in a CSOC or Systems Administrator role OR BSc in Cyber Security, Information Systems, Information Technology, or Computer Science (preferred)
- Security certifications a plus: Any Security Certification
- Scripting experience: Bash, Python, PowerShell, etc.