Locations: Reading or London
The cyber security landscape has changed dramatically over the past few years. High end and bespoke attacks that were once limited to nation-states are now in the public domain with businesses and individuals now subject to threats that conventional security technologies cannot defend against. Whether the risk is from an external threat actor (organised crime gangs, hacktivists, foreign intelligence agencies) or from within (disgruntled employees, contractors, unintended disclosures), the only way for businesses to secure themselves is to be vigilant in monitoring their estates and evolving their detection to keep pace.
That’s where you come in.
Our clients Cyber Intelligence Centre (CIC) uses a combination of SIEM (Security Information and Event Monitoring), Threat Hunting, and Big Data Analytics to detect these evolving cyber threats. Assisting organisations to protect and secure their networks, systems, applications, and information.
Working as part of a close-knit team, the Threat Monitoring Content Developer works across technologies, leveraging the client’s capabilities in Threat Intelligence and its experience in Cyber Risk Advisory to continuously develop new rules, analytics, capabilities and approaches to enable our customers to stay one step ahead of those who would do them harm.
Our client offers Global integrated professional services that include Audit and Risk Advisory, Tax, Consulting and Financial Advisory. Their approach combines intellectual leadership, industrial expertise, insight, consulting & problem solving capabilities, technology revolutions and innovation from multiple disciplines to help their clients excel anywhere in the world.
Our client fosters a collaborative culture where talented individuals can produce their best work. They value innovative thinking, diverse insights and a genuinely distinctive level of customer service. They value difference, with respect at the heart of their inclusive culture, and they support agile working arrangements.
The Threat Monitoring Content Developer works as part of a team developing new ways to detect the presence of malicious parties on the clients customer’s networks, leveraging conventional SIEM and Big-Data Technologies (i.e. Apache Spark and Apache Hive).
Typical tasks include:
- Consuming Threat Intelligence and building an understanding of how attacks progress (use cases).
- Developing hypotheses about how these use cases would manifest in customer datasets and developing tests to prove this.
- Developing rules or analytics to enable these attacks to be detected as early in the life cycle as possible.
- Defining new data sources to improve the quality of our service, and supporting the on-boarding of new data sources through the development of parsers if necessary.
- Refining existing rules and analytics to improve detection and reduce false positives.
- Working alongside analysts and support teams to support them in their investigations, train them when releasing new content, and identify ways to improve the service.
- Additionally, you would be expected to get involved in parallel work-streams including reporting, data visualisation, and automation.
This is predominantly an internally facing role however the successful candidate would also be expected to engage with the wider business and our customers as necessary.
- Experience in Content Developer in SIEM Technologies (ArcSight or Splunk preferred)
- Experience in a Threat Hunting or Security Analysis role.
- Experience in using mathematical approaches to identify patterns in data sets.
- Naturally inquisitive, with a strong interest in Cyber Security.
- Excellent verbal and written communication skills.
- Proactive approach to problem solving and identifying improvements.
- Willingness to obtain security clearance
Experience with the following technologies would be advantageous:
- At least a 2:1 in a numerical subject (or equivalent)
- Experience with one or more of the following: Python, SQL, R, Java, Scala.
- Experience in working alongside customers
- Experience in a Managed Service Environment