Cyber Security Engineer - Assistant Vice President

Seeking security engineer to join our Proactive Security team, this role will focus on the development of security technology stack to ensure threat mitigation is in place through offensive and preventive measures.

Duties and Responsibilities

• Develop and maintain threat models for Mizuho information assets and services.
• Assess and recommend security controls during design and implementation of new projects.
• Build and maintain tools for proactive detection, configuration drift monitoring and automated remediation.
• Security tooling integration and orchestration.
• Develop and implement SOAR capabilities that align with existing technology stack.
• Experience with KMS systems and methodologies.
• Identity based threat detection and prevention.
• Privileged Access and Session Management.
• SIEM Management.
• Design, implement, and maintain workspaces, including data connectors, Logic App, Function App, analytics rules, workbooks, and playbooks.
• Develop and refine custom queries for advanced threat hunting, incident investigation, and reporting.
• Optimize SIEM performance, cost, and data retention policies.
• Identify new log sources and work closely with infrastructure teams.
• Identify, onboard, and configure critical security log sources with a focus on critical infrastructure services such as Active Directory (Domain Controllers, ADFS), network devices, firewalls, servers (Windows/Linux), and cloud infrastructure logs.
• Manage Event Collector and Event Forwarding infrastructure.
• Implement data filtering to ensure high-quality and relevant data ingestion.
• Parse and analyse custom log formats to extract relevant information for SIEM.
• Develop, test, and deploy advanced threat detection use cases, and common infrastructure attack patterns.
• Translate threat intelligence and vulnerability insights into actionable detection rules.
• Continuously review and refine existing detection rules to minimize false positives and improve efficacy.

Security Monitoring

• Analyse, develop and refine security monitoring controls, practices and use-cases to detect anomalies and incidents across the applications and infrastructure estate.
• Collaborate with SOC team to enrich detection logic based on known vulnerabilities and misconfigurations.

Incident Response & Security Operations

• Formulate proactive threat hunting rules based on emerging threats and intelligence.
• Contribute to the development and improvement of security playbooks and operational procedures.

Security Best Practices & Advisory

• Provide expert guidance on securing application and critical infrastructure components.
• Help set up POC and evaluation on new security tools and explore the gap in controls.

Other

• Providing subject matter expertise in Cyber Security team as needed.
• Contribute to the design and delivery of security monitoring and control effectiveness measures.
• Availability to cover anywhere from 7am to 7pm on all business days.

Qualifications, Skills, and Experience

• Relevant experience on security tool implementation projects (SIEM, Proxy, EDR, DLP and SEG).
• Experience working with Cyber Security and Incident Response frameworks such as NIST, Kill Chain, Attack life Cycle, & MITRE.
• Excellent communication skills, both written and verbal, with good documentation.
• Minimum of 5+ years of experience in Security Engineering, Security Automation/or Orchestration, or similar cybersecurity role.
• Demonstrable hands-on experience with SIEM (implementation, configuration, custom rule creation).
• Strong practical experience with EDR and SIEM technology stack.
• In-depth understanding of Active Directory security principles, common attack vectors, and logging mechanisms.
• Experience with Windows event collection.
• Proficiency in scripting (e.g., PowerShell, Python) for automation, data manipulation, and custom log parsing.
• Solid understanding of networking concepts (TCP/IP, firewalls, proxies, VPNs) and security protocols.
• Familiarity with cloud security principles, Azure, GCP, AWS.
• Working knowledge over a range of operating systems and platforms including: Windows Server, Windows XP, UNIX (Solaris, Linux).
• Working knowledge of networks: LAN, WAN, Palo Alto, FortiGate, switches, Firewalls, remote access solutions, and VPNs.
• In-depth experience with SIEM tools with a strategic oversight on appropriate use case methodologies.
• Implementation of robust security monitoring use cases and Threat hunting capabilities.
• Relevant industry certifications (e.g., AZ-500, SC-200, SC-900, CompTIA Security+) or similar Cert with Security Orchestration, Automation, and Response (SOAR) playbooks within Sentinel or other platforms.
• Scripting skills (PowerShell, Python) for automation and data manipulation.

What Mizuho Can Offer You

• Competitive starting salary, plus discretionary bonus.
• Non-contributory pension.
• 27 days’ annual leave.
• Core working hours.
• Hybrid working - office and home based.
• Virtual GP.
• Wellbeing benefits, including Mental Health Allies and First Aiders.

We are committed to supporting equality and diversity, and seek to create a workplace that is fully inclusive. We welcome applications from all sections of the community that we operate in and from all ethnic backgrounds, sexual orientation, beliefs, gender identities and disabilities.