Cyber Defence Engineer

The Cyber Defence Engineer will join a growing security team responsible for the testing, implementation, deployment, maintenance, configuration and troubleshooting of the SOC’s technology stack (hardware and software). The engineer will also assist with the continued development and maintenance of data pipelines and signature updates and the professional development of the system engineering team.

Tasks:

• Perform system administration on specific cyber defence applications and systems to include installation, configuration, maintenance, troubleshooting, backup, and restoration.
• Manage system/server resources including performance, capacity, availability, serviceability, and recoverability.
• Diagnose and resolve customer reported system incidents, problems, and events to ensure continuing operability.
• Coordinate with Cyber Defence and CTI Analysts in the management and administration the updating of ingested data flows, cyber use cases and signatures for specialised cyber defence applications in response to new or observed threats.
• Manage the compilation, cataloguing, distribution, and retrieval of data from a range of enterprise networks and data sources.
• Implement and develop data management standards, policies, requirements, and specifications.
• Analyse data sources to provide actionable recommendations and facilitate data-gathering methods.
• Provide updates to the SOC Leads (Line Management, Team Leaders) on current SOC investigations and findings.
• Share knowledge, skills, and experience, by documenting SOC processes to aid SOC maturity and training of new members of the data engineering team.

Requirements

Knowledge:

• A demonstrable networking background – experience in system administration.
• Knowledge of big data technologies and ecosystems (e.g. Apache NiFi).
• Knowledge of current market and emerging tools in data analytical and SIEM platforms.
• Knowledge of network security implementations (e.g., IDS, IPS, EDR), including their function and placement in an enterprise network.
• Knowledge of intrusion detection systems and signature development.
• Knowledge of front-end collection systems, including network traffic collection, filtering, and selection.
• Knowledge of cyber security threats, vulnerabilities, and privacy principles.
• Working knowledge in configuring collection sensors for enterprise networks.
• Knowledge of system administration concepts for operating systems such as but not limited to Linux, Android, and Windows operating systems.
• Knowledge of cyber defence and information security policies, procedures, and regulations.
• Knowledge of network security architecture concepts including topology, protocols, components, and principles.
• Knowledge of cyber incident response frameworks and handling methodologies.
• Knowledge of data backup and recovery.

Skills/Experience:

• Must-have – circa 5 years + relevant experience.
• Must-have experience with Enterprise ICS/network architectures and technologies.
• Must-have experience with frameworks and technologies that support data-intensive distributed applications.
• Must-have experience with maintaining and administrating data analytical and SIEM platforms such as Elastic.
• Must-have experience with problem solving and analytical skills and able to collect information, analyse, report, and advise on evidence-based changes.
• Skill to apply cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation).
• Stakeholder management – Expert ability to communicate to all levels of the organisation on technical, and non-technical level.
• Experience using host and network-based IDS/IPS.
• Experience using packet capture solutions.
• Skill in developing and deploying signatures.
• Ability to provide technical and service leadership to junior SOC Engineers (mentor/coach).

Desirable Qualifications/Certifications:

• Red Hat System Administration I & II (RH124/RH134).
• Knowledge of virtualisation technologies such as VMWare and HyperV.
• Proven track record and experience in developing cyber security policies and procedures, as well as successfully producing deliverables to meet organisational objectives.
• Ability to work calmly and effectively under pressure and have a can-do attitude.
• Broad cyber certifications or equivalent such as Cyber Foundation Pathway, CompTIA (N+, S+, CySA+), SANS (GSEC, GCIH, GMON, GCDA), Systems Administrations (Active Directory), CISCO (CCNA, CCNP) and risk management.
• Working knowledge of Defence Joint Service Publications (440, 441, 604).