Cyber Defence Engineer

The Cyber Defence Engineer will join a
growing security team responsible for the testing, implementation, deployment,
maintenance, configuration and troubleshooting of the SOC’s technology stack
(hardware and software). The engineer will also assist with the continued
development and maintenance of data pipelines and signature updates and the
professional development of the system engineering team. 

Tasks:  

• Perform system
  administration on specific cyber defence applications and systems to include
  installation, configuration, maintenance, troubleshooting, backup, and
  restoration.
  
• Manage system/server
  resources including performance, capacity, availability, serviceability, and
  recoverability.
  
• Diagnose and resolve
  customer reported system incidents, problems, and events to ensure continuing
  operability.
  
• Coordinate
  with Cyber Defence and CTI Analysts in the management and administration the
  updating of ingested data flows, cyber use cases and signatures for specialised
  cyber defence applications in response to new or observed threats.
  
• Manage the compilation,
  cataloguing, distribution, and retrieval of data from a range of enterprise
  networks and data sources.
  
• Implement and develop data
  management standards, policies, requirements, and specifications.
  
• Analyse data sources to
  provide actionable recommendations and facilitate data -gathering methods.
  
• Provide updates to the SOC Leads (Line Management,
  Team Leaders) on current SOC investigations and findings.
  
• Share knowledge, skills,
  and experience, by documenting SOC processes to aid to aid SOC maturity and training
  of new members of the data engineering team.
  

Requirements

Knowledge: 

• A demonstrable
  networking background – experience in system administration.
  
• Knowledge of big data
  technologies and ecosystems (e.g. Apache NiFi).
  
• Knowledge of current
  market and emerging tools in data analytical and SIEM platforms.
  
• Knowledge
  of network security implementations (e.g., IDS, IPS, EDR), including their
  function and placement in an enterprise network.
  
• Knowledge
  of intrusion detection systems and signature development.
  
• Knowledge of front -end
  collection systems, including network traffic collection, filtering, and
  selection.
  
• Knowledge of cyber security threats,
  vulnerabilities, and privacy principles.
  
• Working knowledge in
  configurating collection sensors for enterprise networks.
  
• Knowledge
  of system administration concepts for operating systems such as but not limited
  to Linux, Android, and Windows operating systems.
  
• Knowledge of cyber
  defence and information security policies, procedures, and regulations.
  
• Knowledge of network
  security architecture concepts including topology, protocols, components, and
  principles.
  
• Knowledge
  of cyber incident response frameworks and handling methodologies.
  
• Knowledge of data backup and
  recovery.
  

Skills/Experience: 

• Must -have – circa
  5 years + relevant experience.
  
• Must -have experience with
  Enterprise ICS/network architectures and technologies.
  
• Must -have experience with
  frameworks and technologies that support data -intensive distributed
  applications.
  
• Must -have experience with
  maintaining and administrating data analytical and SIEM platforms such as
  Elastic.
  
• Must -have experience with problem
  solving and analytical skills and able to collect information, analyse, report,
  and advise on evidence -based changes.
  
• Skill
  to apply cybersecurity
  and privacy principles to organizational requirements (relevant to
  confidentiality, integrity, availability, authentication, non -repudiation).
  
• Stakeholder management – Expert ability to
  communicate to all levels of the organisation on technical, and non -technical
  level.
  
• Experience using host
  and network -based IDS/IPS
  
• Experience using packet
  capture solutions.
  
• Skill in
  developing and deploying signatures.
  
• Ability
  to provide technical and service leadership to junior SOC Engineers
  (mentor/coach). 
  

Desirable
Qualifications/Certifications 

• Red Hat System
  Administration I & II (RH124/RH134). 
  
• Knowledge of virtualisation technologies
  such as VMWare and HyperV.
  
• Proven
  track record and experience in developing cyber security policies and
  procedures, as well as successfully producing deliverables to meet
  organisational objectives.
  
• Ability
  to work calmly and effectively under pressure and have a can -do attitude.
  
• Broad
  cyber certifications or equivalent such as Cyber Foundation Pathway, CompTIA
  (N+, S+, CySA+), SANS (GSEC, GCIH, GMON, GCDA), Systems Administrations (Active
  Directory), CISCO (CCNA, CCNP) and risk management.