Threat Detection Engineer in Gloucester

Threat Detection Engineer in Gloucester

Gloucester Full-Time 50000 - 65000 £ / year (est.) Home office (partial)
FluidOne

At a Glance

  • Tasks: Develop and enhance detection capabilities in a dynamic Security Operations Centre.
  • Company: Join Cyber Security Associates, a leading UK cyber consultancy with a strong team.
  • Benefits: Enjoy competitive salary, hybrid working, training grants, and 26 days holiday plus your birthday off.
  • Other info: Be part of a fantastic company culture with regular team events and growth opportunities.
  • Why this job: Make a real impact in cyber security while working with cutting-edge technologies.
  • Qualifications: Experience in SIEM tools and a passion for cyber security is essential.

The predicted salary is between 50000 - 65000 £ per year.

Cyber Security Associates Limited (CSA), established in 2013, provides cyber consultancy and cyber managed services which help to detect, protect and educate against the ever-changing cyber threat.

CSA has built its team from a foundation of UK Government (ex-Military) and commercially experienced specialists all holding current and relevant cyber certifications.

Today CSA’s core services are based around a 24/7 Security Operations Centre (SOC) based in Gloucester and our penetration testing and red team capabilities.

CSA is backed by Fluid One, a market leading connected cloud solutions provider, who provide support and funding firepower for our ambitious growth plans.

Our vision is to be the best quality UK cyber security managed service provider.

Our mission is to grow to over £35m revenue over the next 5 years adding to our reputation as the go to experts in our field and providing a full range of cyber services to our clients enabling them to focus on running their businesses.

Role Overview

As a Detection Engineer, you will play a pivotal role in our Security Operations Centre (SOC) team, collaborating closely with the SOC analysts to enhance our clients’ security posture.

You will specialise in the creation of detection and response capabilities, using technology such as Kusto Query Language (KQL), Lucence, YARA, Sigma, Azure Logic Apps and more.

You will be responsible for planning and managing development, testing and implementation activities delivering new / updated rules and analytics for the SIEM and SOAR platforms.

The day-to-day focus of the Detection Engineer is working with SOC Operations Teams to scope and define the requirements for tuning existing security use cases and creating new detection content.

This includes planning each release and overseeing all design, development, testing and implementation activities.

The role also includes being the primary point of contact for CSA’s App Guard Service, a zero trust protection product.

Key elements of this involves general management and ownership of App Guard, ongoing maintenance, implementing improvements and managing the implementation of customer requests, and being the primary escalation point of contact with App Guard.

The strategic focus of the Engineer is to ensure that the detection and monitoring technology remains optimised, current and tailored to the changing threat landscape and technology in use.

You will contribute to the overall development of the Security Operations Center (SOC), that will shape the future of CSA’s Success.

This is a unique and exciting opportunity for a highly motivated and experienced security professional to make a significant impact in the field of Detection Engineering / Security Operations.

If you're ready for a challenge and eager to make a difference, we'd love to hear from you.

This role requires SC clearance.

Responsibilities

  • Develop, test and deploy updated and new content across the monitored estate in liaison with the Operations teams.
  • Take playbooks from the Ops teams, develop and deploy.
  • Maintain existing detection content to ensure it remains current and relevant.
  • Assess the effectiveness of new / updated rules and analytics to feed into future development activities.
  • Management of the implementation and maintenance of App Guard policies
  • Review and approve all required documentation as part of a release or change including design, deployment, configuration and administration guides.
  • Knowledge of SIEM/SOAR tools (Microsoft Sentinel and ELK) and other appropriate tooling e. g.

SOAR, Threat Intelligence, traffic analysis tools etc. to identify signs of an intrusion and advise where new/improved tooling could enhance the SOC operation.

  • Analysing security data to identify patterns and trends.
  • Conducting research on emerging threats and vulnerabilities.
  • Produce Use Case Rules.
  • Maintain Use Case Library.
  • Openness to learning and managing new technologies as business requirements change.
  • Experience in a similar role.
  • Experience of working with SIEM’s (ideally Microsoft Sentinel).
  • Knowledge of cyber security frameworks with an active interest in software systems/engineering and/or secure communications and Information systems and malware analysis.
  • Knowledge of network security.
  • Excellent communication skills, both written and verbal.
  • Able to manage sensitive and sometimes confidential information.
  • Self-motivation and able to take responsibility.
  • Able to manage and prioritise and tasks and time efficiently.
  • Personal interest and passion for cyber or information security.
  • Experience with Microsoft Sentinel, Log Rhythm, ELK stack (Elastic Search, Logstash, Kibana).
  • Strong understanding of security architecture, in particular networking.
  • Strong Knowledge of cybersecurity principles and practices.
  • Strong analytical and problem-solving skills.
  • Experience working alongside or within a SOC environment.
  • Strong understanding of security technologies and frameworks such as MITRE ATT&CK.
  • Experience building custom connectors/parsers etc. to point devices or IT assets that are not supported out of the box.
  • Hybrid ways of working, with mixture of office and home-based working.
  • Paid on call, when required
  • Competitive annual training grant for professional development.
  • Workplace Health and Benefits Package.
  • Access to online cyber training courses and packages.
  • Workplace Pension Scheme (if applicable and payable from start date).
  • 26 days paid holiday in addition to all bank holiday and public holiday per year.
  • Additional paid holiday day per year for Birthday.
  • Fantastic company culture including regular team building and social events.
  • #J-18808-Ljbffr

Threat Detection Engineer in Gloucester employer: FluidOne

FluidOne is an excellent employer that prioritises employee well-being and professional growth, offering a supportive work culture where innovation thrives. Located in a dynamic environment, the company provides comprehensive benefits such as life assurance and pension contributions, ensuring that employees feel valued and secure in their roles. With opportunities for skill development and career advancement, FluidOne is committed to fostering a rewarding workplace for its IT Support Specialists.

FluidOne

Contact Details:

FluidOne Recruitment Team

StudySmarter Expert Advice🤫

We think this is how you could land Threat Detection Engineer in Gloucester

Get Involved in the Cybersecurity Community

Diving into the cybersecurity community is key for landing that full-time gig. Join forums like Reddit's r/cybersecurity or attend local meetups to connect with industry veterans and other job seekers. Networking is everything in this field—don’t just be a passive lurker!

Show Off Your Skills with Capture the Flag Competitions

Participate in Capture the Flag (CTF) competitions; these are not just a fun way to boost your skills but also a chance to showcase your talent to potential employers. Many companies, including FluidOne, love seeing candidates who actively engage in these challenges.

Tailor Your Online Presence

Make sure your LinkedIn and any professional profiles reflect your cybersecurity expertise. Share your projects, whether they’re personal or from a previous role, to catch the eye of hiring managers. This is how they’ll find your passion and commitment to the field!

Apply Directly Through FluidOne

Don’t forget to head straight to our website and check out any openings for cybersecurity roles at FluidOne. Applying directly can sometimes give you an edge, especially if you can mention that you've been following our work or engaging in the community.

We think you need these skills to ace Threat Detection Engineer in Gloucester

Kusto Query Language (KQL)
Lucene
YARA
Sigma
Azure Logic Apps
SIEM/SOAR tools
Microsoft Sentinel

Some tips for your application 🫡

Show off your technical skills:In cybersecurity, it's crucial to highlight your technical prowess. Make sure your CV showcases specific skills like network security, penetration testing, or threat analysis. If you have relevant certifications (like CEH or CISSP), pop those on the front page to grab attention!

Tailor your portfolio for the role:Even for a full-time role, a portfolio can set you apart. If you've worked on any cybersecurity projects—be it CTF challenges, security assessments, or research papers—include these in your application. This demonstrates not just your skills, but also your hands-on experience!

Use real-world examples:When writing your cover letter, don’t just stick to your qualifications. Share real-world examples of how you’ve tackled security issues or vulnerabilities. This gives the hiring team at FluidOne insight into your practical problem-solving abilities and makes your application memorable.

Demonstrate your passion for cybersecurity:Cybersecurity is an ever-evolving field, so show us that you’re always learning! Mention any recent courses, webinars, or industry events you’ve attended. This not only exhibits your enthusiasm but also signals to FluidOne that you’re committed to staying ahead in the game.

How to prepare for a job interview at FluidOne

Sharpen Your Technical Skills

For a role in cybersecurity, it’s essential to be up-to-date with the latest tools and techniques. Brush up on your knowledge of firewalls, intrusion detection systems, and vulnerability assessment tools. Be ready to discuss specific scenarios where you’ve applied these skills, as hands-on experience can really set us apart in interviews.

Prepare for Scenario-Based Questions

Expect the interviewers at FluidOne to throw in some hypothetical situations to see how you’d handle them. Think about common security breaches or incidents and be prepared to explain how you would respond. This not only shows your problem-solving skills but also your understanding of real-world cybersecurity challenges.

Highlight Your Certifications

Certifications like CompTIA Security+, CISSP, or CEH can give you a significant edge in a full-time role in cybersecurity. Make sure to mention these during your interview and be prepared to discuss what you learned through those certifications and how they relate to the position at FluidOne.

Show Your Passion for Cybersecurity

Since you’re going for a full-time gig, showing genuine enthusiasm for the field can make all the difference. Share any personal projects, blogs, or communities you’re part of that relate to cybersecurity. This not only showcases your passion but also your commitment to staying engaged in this ever-evolving field.