Detection Engineer

Job Location:

Manchester - UK

Monthly Salary: Not Disclosed

Posted on: 8 days ago

Vacancies: 1 Vacancy

Job Summary

NCC Group is looking for a Detection Engineer to join the Detection Engineering team. The role will focus on developing maintaining and improving Splunk-based security detections across cloud infrastructure and custom log sources.

The successful candidate will help turn security risks threat models assurance requirements and log sources into practical detections that can be deployed tuned and documented.

Key Responsibilities

Develop and maintain detections using Splunk SPL.
Analyse logs from cloud infrastructure application gateway Linux SSH CDN vulnerability management and audit sources.
Create detections for areas such as:
- cloud security monitoring and cloud control-plane activity
- infrastructure platform and access-related security events
- bespoke assurance use cases based on customer-specific log sources
- suspicious or anomalous activity identified through threat models security testing.
Review existing detection coverage and identify gaps.
Assess new log sources and define detection use cases.
Map detections to MITRE ATT&CK risk scenarios and assurance requirements where relevant.
Tune detections to reduce false positives and improve analyst usability.
Document detection purpose logic alerting criteria data source MITRE mapping false positives and investigation guidance.
Support SOC analysts with alert context and investigation advice.

Skills Knowledge & Expertise

Candidates do not need to meet every requirement but should have experience in some of the following:

Splunk SPL or similar query language.
Security detection engineering SIEM engineering threat hunting or security monitoring.
Cloud audit logs especially AWS; GCP or OCI experience is also useful.
MITRE ATT&CK and common attacker behaviours.
Kubernetes or container security monitoring.
Cloud security concepts such as IAM KMS security groups route tables ACLs object storage and service accounts.
Use of allowlists thresholds baselines aggregation and anomaly-style detection logic.
Regex and basic scripting e.g. Python Bash or PowerShell.
Documentation using Jira JSM Confluence or similar tools.

Desirable Experience:

Experience with Splunk Enterprise Security and Splunk Security Essentials.
Experience writing or tuning scheduled alerts..
Experience reviewing threat models security testing outputs or assurance requirements.
Experience using a detection as code deployment pipeline.

Job Benefits

Flexible Working: Balance your work and personal life with our flexible working options.
Generous Holiday Allowance: Enjoy 25 days of holiday plus bank holidays with the option to buy up to 5 additional days of annual leave.
Medicash & Critical Illness Scheme
Financial & Investment Benefits: Enjoy peace of mind with our Pension Life Assurance and Share Save Scheme.
Community & Volunteering Programmes: Make a difference in your community with our volunteering opportunities.
Green Car Scheme: Drive green and save money with our eco-friendly car scheme.
Cycle Scheme: Stay fit and healthy with our cycle-to-work scheme.
Special Time Off: Take time off for those big moments in life like getting married/entering into a civil partnership becoming a grandparent and welcoming home a new pet.
Family Planning: Benefit from our generous maternity and paternity leave as well as time off and support for those undergoing fertility treatments.

Required Experience:

NCC Group is looking for a Detection Engineer to join the Detection Engineering team. The role will focus on developing maintaining and improving Splunk-based security detections across cloud infrastructure and custom log sources.The successful candidate will help turn security risks threat models a...

Key Responsibilities

Develop and maintain detections using Splunk SPL.
Analyse logs from cloud infrastructure application gateway Linux SSH CDN vulnerability management and audit sources.
Create detections for areas such as:
- cloud security monitoring and cloud control-plane activity
- infrastructure platform and access-related security events
- bespoke assurance use cases based on customer-specific log sources
- suspicious or anomalous activity identified through threat models security testing.
Review existing detection coverage and identify gaps.
Assess new log sources and define detection use cases.
Map detections to MITRE ATT&CK risk scenarios and assurance requirements where relevant.
Tune detections to reduce false positives and improve analyst usability.
Document detection purpose logic alerting criteria data source MITRE mapping false positives and investigation guidance.
Support SOC analysts with alert context and investigation advice.

Skills Knowledge & Expertise

Candidates do not need to meet every requirement but should have experience in some of the following:

Splunk SPL or similar query language.
Security detection engineering SIEM engineering threat hunting or security monitoring.
Cloud audit logs especially AWS; GCP or OCI experience is also useful.
MITRE ATT&CK and common attacker behaviours.
Kubernetes or container security monitoring.
Cloud security concepts such as IAM KMS security groups route tables ACLs object storage and service accounts.
Use of allowlists thresholds baselines aggregation and anomaly-style detection logic.
Regex and basic scripting e.g. Python Bash or PowerShell.
Documentation using Jira JSM Confluence or similar tools.

Desirable Experience:

Experience with Splunk Enterprise Security and Splunk Security Essentials.
Experience writing or tuning scheduled alerts..
Experience reviewing threat models security testing outputs or assurance requirements.
Experience using a detection as code deployment pipeline.

Job Benefits

Flexible Working: Balance your work and personal life with our flexible working options.
Generous Holiday Allowance: Enjoy 25 days of holiday plus bank holidays with the option to buy up to 5 additional days of annual leave.
Medicash & Critical Illness Scheme
Financial & Investment Benefits: Enjoy peace of mind with our Pension Life Assurance and Share Save Scheme.
Community & Volunteering Programmes: Make a difference in your community with our volunteering opportunities.
Green Car Scheme: Drive green and save money with our eco-friendly car scheme.
Cycle Scheme: Stay fit and healthy with our cycle-to-work scheme.
Special Time Off: Take time off for those big moments in life like getting married/entering into a civil partnership becoming a grandparent and welcoming home a new pet.
Family Planning: Benefit from our generous maternity and paternity leave as well as time off and support for those undergoing fertility treatments.