Lead Security Engineer (Splunk)

---

Job description

Lead Security Engineer - Senior Security Engineer - Security Engineer - Cyber Security Engineer - SOC - CSOC - Splunk - Python - PowerShell - Mitre Att&ck - Permanent - £70k - £80k

The Role:

As a CSOC Security Engineer, you'll be working alongside our clients CSOC Architect to build the security architecture and systems within the Internal SOC. You'll work to maintain and improve their security monitoring and analysis tools to ensure that we are always one step ahead. As SIEM subject matter expert, you'll be responsible for maintaining tools, recommending new tools, and updating our systems. As someone who has a keen eye for detail, you'll document requirements, procedures, and protocols to ensure that other users have the right resources. In the spirit of continuous improvement, you'll actively contribute to the CSIP (Continued Service Improvement Program) supporting the Head of CSOC/CSOC Architect to improve the CSOC's overall capability and security posture.

You'll be responsible for the day-to-day management of CSOC owned security solutions and products monitoring the configuration, overall management, performance and capacity threshold monitoring of the service(s) along with the tuning of the product(s). You'll also work to ensure that version control and software level management (patching/updating) is kept up to date on all infrastructure in-line with change control processes.

Responsibilities/Must have:

• Manage the day-to-day management of the CSOC infrastructure
• Provide technical design, implementation and maintenance of our technical security infrastructure and policies.
• Develop technical solutions and new security tool-sets to mitigate security vulnerabilities and automate repeatable tasks.
• Build, implement and tune SIEM event correlation rules, logic, and content to filter out security events associated with known network behaviour, known false positives and/or known errors.
• Work with the Threat Intelligence and Cyber Assurance teams to monitor and research industry information sources for zero-day threats and vulnerabilities that impact our clients.
• Establish and maintain strong, collaborative working relationships with our technology infrastructure, application, and architecture teams.
• Developing, reviewing, and approving the installation requirements for VPNs, Routers, Firewalls, and related network devices.
• Developing project timelines for system upgrades and preparing cost estimates to present to the Head of CSOC.
• Testing the final security system and updating and upgrading it as needed.
• Establishing disaster recovery procedures and conducting security breach drills.
• The MITRE ATT&CK Framework.
• Understanding of:
  • Splunk ES, Linux, configuration automation tools
• Understanding of how Virtualisation, Operating Systems, Middle Ware, Software Development Engineering and Network protocols function.
• Knowledge of security policy and technical standard development, secure infrastructure design reviews, multi-tiered trust zone structures, and complex networking through multiple level network security structures

Desirable Certificates/Skills:

• Experience working in a CSOC or Systems Administrator role OR BSc in Cyber Security, Information Systems, Information Technology, or Computer Science (preferred)
• Security certifications a plus: Any Security Certification
• Scripting experience: Bash, Python, PowerShell, etc.