Nmc Cyber Security Detection Engineer in Rishton

Join Police Digital Service as NMC Cyber Security Detection Engineer x 2. Full time Permanent. Salary starting at £50,000.

About Police Digital Service

To protect people from harm in our rapidly changing world, police services must not only keep up with technology and business changes but develop capabilities and ways of working that will enable them to adapt to and deal with the complexity of modern criminality. Police Digital Service strives to be the go-to partner for technology developments and programmes across UK policing. Our team provides technical advice and delivers services to help policing and law enforcement organisations across the UK prioritise and focus on technology efforts. Our vision is to support UK policing to keep people safe, get more from technology investments and make better use of public money, and we’re always on the lookout for great talent to help us achieve this.

The National Management Centre (NMC) is part of Police Digital Service and provides visibility and control of information risks for policing. It supports the 24x7x365 nature of police operations, providing a threat detection and response capability for digital services before, during and after cyber-attacks, enabling stakeholders to understand and proactively manage risk across the technology estate at both the national and force level.

Key Responsibilities

• Development, maintenance, and deployment of SIEM detection rules for complex technical environments.
• Working alongside wider NMC functions, maintain knowledge of the threat landscape and TTPs employed by threat actors.
• Work across wider NMC functions to ensure detections are relevant and effective.
• Creation of custom solutions using both low-code and traditional development approaches.
• Optimization of log collection to align with detection requirements.
• Maintain documentation for detection rules to be used by analysts.
• Scoping, testing and implementing new SIEM data connectors.
• Working with wider NMC teams, contributing to Continual Service Improvement and innovations.
• Support with the creation of automation and analyst playbooks.

What you need to succeed in the role

Essential:

• Experience with log analysis and correlation of large datasets from multiple data sources to identify and investigate attack patterns.
• Experience of supporting and developing SIEM platforms in the context of a Security Operations Centre.
• Experience of log source configuration and parsing, as part of a SIEM implementation, including experience of data normalisation using RegEx.
• Practical experience in the creation, testing, implementation, and support of custom tooling to support Security Operations.
• Experience working with APIs.
• Practical experience in software development and scripting, preferably PowerShell and Python.
• Initiative and the ability to produce quality work without close supervision.
• Good written and verbal communication skills, particularly in relation to technical subjects.
• Attention to detail and genuine passion for maintaining high quality software configuration.
• Broad cyber security awareness and practical experience.
• Experience working with code repositories and CI/CD.
• Ability to acquire SC and NPPV3 level clearances.

Desirable:

• Certifications that demonstrate a combination of offensive and defensive knowledge - PNPT / OSCP / BTL2 / GCFAP.
• Practical experience in software development and scripting, preferably PowerShell and Python.
• Previous public sector experience.
• Previous SOC or security engineering experience.
• Previous experience monitoring the security of cloud technologies.
• Experience with Microsoft Power Apps / Power Automate and Azure Logic Apps.

Why Join us?

Balance is important and we want you to take time off to recharge - we offer 28 days' annual leave plus.