ROLE SUMMARY
The SOC Detection Engineer is responsible for the development of technical aspects and ongoing development of the detection platforms for the Verisure SOC. This includes the Microsoft Sentinel platform and various log sources, tools and technologies feeding into the platform.
The role is part of Verisure Global Security Operations Centre and plays a vital role in keeping our teams sharp against real world threats, and in focussing our security strategy.
PRIMARY ROLE & RESPONSIBILITIES
Primary responsibilities include:
Support the development of SOC automations to improve overall SOC efficiency, analytics and response time to security incidents.
Development and tuning of SOC use cases / analytics rules to improve threat detection capabilities.
Onboarding, tuning and filtering data sources / feed and creation of detection use cases associated with the data sources.
Configure SIEM tools to collect, correlate, and analyse security event data from various sources.
Conduct regular reviews and updates of use cases to ensure their effectiveness.
Create and manage relevant dashboards, workspaces and reports including overall Sentinel costs.
Partner with our threat intelligence, hunting and incident detection and response teams.
Serve as the SME for the SOC and Microsoft Sentinel.
Perform regular tuning of the Sentinel system to minimize false positives and enhance accuracy.
Act as the Subject Matter Expert (SME) for Microsoft Defender for Endpoint and enhancing detection capabilities.
Maintenance and support of Microsoft Sentinel.
Health and Performance monitoring of Microsoft Sentinel and supporting infrastructure.
Manage log storage, retention policies, and data integrity.
Evaluate data sources value and usage within the SOC
Provide mentoring to the team to support the continual technical development of team members.
Maintain detailed documentation of Sentinel configurations, rules, and use cases.
Utilise and maintain a deep knowledge of the business as well as working relationships with each region.
SECONDARY ROLE
Secondary responsibilities include:
Support the evolution of the detection mechanisms used within the SOC e.g. Introduce Jupyter Notebooks for Advanced Threat Hunting and Machine Learning
Acting as the secondary point for incident escalation during major incidents if .
Support and future Red Team / Purple Team activities
Create the vision and plans to continue to mature Microsoft Sentinel.
Manage and support AWS infrastructure and Services that support the SOC operation.
ESSENTIAL SKILLS & EXPERIENCE
Essential skills & experience includes:
Extensive experience in Cyber Operations include monitoring, incident response & handling, threat detection and threat intelligence
SIEM and general security tooling experience Including Microsoft Sentinel, Microsoft Defender, KQL, AWS, Splunk, Next Generation Firewalls.
Extensive knowledge of hacking and threat detection or monitoring techniques
Strong written and verbal communication skills with an ability to communicate technical details in a clear and understandable manner in Business English
Self-starter, self-motivated, and able to work independently while following the team’s mission and vision in a fast-paced operationally focused environment
Process and procedure lifecycle ownership
Knowledge of relevant legal obligations & applicable legislation such as GDPR
International working experience (global team) - Must be flexible to work with global teams and working on different time zones
Mentoring and coaching
DESIRABLE SKILLS & EXPERIENCE
Desirable skills & experience includes:
Azure AZ-500 (Azure Security Engineering Associate) / SC-100 (Microsoft Cybersecurity Architect)
Microsoft Sentinel / SC-200 (Security Operations Analyst Associate)
AWS / AWS Guard Duty
Linux/Unix Administration Experience, preferably CentOS/RHEL
ITIL certification
Industry certification (CISA / CISSP certification/ CREST / SANS/ CISM)
Scripting Python/PowerShell/Bash
Non-English language skills e.g. Spanish, Swedish