Threat Detection Engineer

at  FluidOne

COMPANY OVERVIEW

Cyber Security Associates Limited (CSA), established in 2013, provides cyber consultancy and cyber managed services which help to detect, protect and educate against the ever-changing cyber threat. CSA has built its team from a foundation of UK Government (ex-Military) and commercially experienced specialists all holding current and relevant cyber certifications. Today CSAs core services are based around a 24/7 Security Operations Centre (SOC) based in Gloucester and our penetration testing and red team capabilities.
CSA is backed by FluidOne, a market leading connected cloud solutions provider, who provide support and funding firepower for our ambitious growth plans. Our vision is to be the best quality UK cyber security managed service provider.
Our mission is to grow to over £35m revenue over the next 5 years adding to our reputation as the go to experts in our field and providing a full range of cyber services to our clients enabling them to focus on running their businesses.

ESSENTIAL SKILLS:

• Experience in a similar role.
• Experience of working with SIEMs (ideally Microsoft Sentinel).
• Knowledge of cyber security frameworks with an active interest in software systems/engineering and/or secure communications and Information systems and malware analysis.
• Knowledge of network security.
• Excellent communication skills, both written and verbal.
• Able to manage sensitive and sometimes confidential information.
• Self-motivation and able to take responsibility.
• Able to manage and prioritise and tasks and time efficiently.
• Personal interest and passion for cyber or information security.

DESIRABLE SKILLS:

• Experience developing SIEM/SOAR content.
• Experience with Microsoft Sentinel, LogRhythm, ELK stack (Elastic Search, Logstash, Kibana).
• Strong understanding of security architecture, in particular networking.
• Strong Knowledge of cybersecurity principles and practices.
• Strong analytical and problem-solving skills.
• Experience working alongside or within a SOC environment.
• Strong understanding of security technologies and frameworks such as MITRE ATT&CK.
• Experience building custom connectors/parsers etc. to point devices or IT assets that are not supported out of the box.

ROLE OVERVIEW

As a Detection Engineer, you will play a pivotal role in our Security Operations Centre (SOC) team, collaborating closely with the SOC analysts to enhance our clients security posture.
You will specialise in the creation of detection and response capabilities, using technology such as Kusto Query Language (KQL), Lucence, YARA, Sigma, Azure Logic Apps and more.
You will be responsible for planning and managing development, testing and implementation activities delivering new / updated rules and analytics for the SIEM and SOAR platforms. The day-to-day focus of the Detection Engineer is working with SOC Operations Teams to scope and define the requirements for tuning existing security use cases and creating new detection content. This includes planning each release and overseeing all design, development, testing and implementation activities.
The role also includes being the primary point of contact for CSAs AppGuard Service, a zero trust protection product. Key elements of this involves general management and ownership of AppGuard, ongoing maintenance, implementing improvements and managing the implementation of customer requests, and being the primary escalation point of contact with AppGuard.
The strategic focus of the Engineer is to ensure that the detection and monitoring technology remains optimised, current and tailored to the changing threat landscape and technology in use.
You will contribute to the overall development of the Security Operations Center (SOC), that will shape the future of CSAs Success.
This is a unique and exciting opportunity for a highly motivated and experienced security professional to make a significant impact in the field of Detection Engineering / Security Operations. If you’re ready for a challenge and eager to make a difference, we’d love to hear from you.
This role requires SC clearance.

RESPONSIBILITIES:

• Develop, test and deploy updated and new content across the monitored estate in liaison with the Operations teams.
• Take playbooks from the Ops teams, develop and deploy.
• Maintain existing detection content to ensure it remains current and relevant.
• Assess the effectiveness of new / updated rules and analytics to feed into future development activities.
• Management of the implementation and maintenance of AppGuard policies
• Review and approve all required documentation as part of a release or change including design, deployment, configuration and administration guides.
• Knowledge of SIEM/SOAR tools (Microsoft Sentinel and ELK) and other appropriate tooling e.g. SOAR, Threat Intelligence, traffic analysis tools etc. to identify signs of an intrusion and advise where new/improved tooling could enhance the SOC operation.
• Analysing security data to identify patterns and trends.
• Conducting research on emerging threats and vulnerabilities.
• Produce Use Case Rules.
• Turn CTI information into actionable Use Cases.
• Maintain Use Case Library.
• Maintain documentation.
• Openness to learning and managing new technologies as business requirements change.