About the role

Detection Engineer developing threat detection capabilities and collaborating with threat team for innovative security solutions. Working in hybrid environment at Our Future Health.

Responsibilities

Developing new threat-led detections in collaboration with our threat team based on both threat intelligence and the results of threat hunts.
Creating novel analytic methods and techniques for incident detection.
Working with our MSP provided SOC to maintain our detection catalogue and tune existing rules.
Developing and tuning Data Loss Prevention, Insider Risk Management and other types of security rules within Microsoft Purview and other key security monitoring tools.
Alongside our Head of Cyber Defence, supervising the MSP SOC to ensure a high-quality service is provided, detections and other types of engineering work are delivered to the appropriate standard and that the maturity (inc. efficiency) of our security monitoring is continually improving.
Supporting the development of automated custom reports on security operational performance and broader security topics (using Sentinel workbooks).
Collaborating with wider tech and security teams on the appropriate security monitoring for our various systems, including cloud platforms, SaaS applications and inhouse developed systems.
Documenting security processes and security tool low-level design/configuration.
Contributing to the development of security service delivery and operation documentation.
Supporting the security engineers, threat analysts and wider security team with their various responsibilities, including achieving and maintaining ISO 27001 certification and anything that involves KQL.

Highly proficient in writing KQL and ideally some level of proficiency in Python and Terraform.
Significant hands-on experience with Microsoft Sentinel.
Experience with Microsoft’s Defender suite, in particular Defender for Endpoints and Defender for O365.
Experience with Microsoft Entra ID (previously AAD), including the Identity Governance capabilities.
Experience with Microsoft Purview tooling, in particular MPIP and Purview Data Loss Prevention.
Experience with cloud-native logging (in particular Azure and Kubernetes).
Experience of an ‘everything-as-code’, or at least a ‘detection-as-code’ approach, including CI/CD pipelines.
Exposure to working with/inside an MSP SOC.
Exposure to Agile working.
Knowledge of attacker Tactics, Techniques and Procedures (TTPs).
Knowledge of statistics, data science and AI/ML, in particular when applied to cyber security.
Knowledge of ISO 27001.
Desire to be part of a small fast-paced team.
Relevant certifications, such as: Microsoft certifications (MS-500, AZ-500, SC-200, SC-300, SC-400), CompTIA Security+, GIAC Security Operations Certified (GSOC), Cloud Security Alliance CCSK.

Salary from £55,000 per annum.
Generous Pension Scheme – We invest in your future with employer contributions of up to 12%.
30 Days Holiday + Bank Holidays – Enjoy a generous holiday allowance with the flexibility to take bank holidays when it suits you.
Enhanced Parental Leave – Supporting you during life’s biggest moments.
Cycle to Work Scheme – Save 25-39% on a new bike and accessories through salary sacrifice.
Home & Tech Savings – Get up to 8% off on IKEA and Currys products, spreading the cost over 12 months through salary sacrifice
£1,000 Employee Referral Bonus – Know someone amazing? Get rewarded for bringing them on board!
Wellbeing Support – Access to Mental Health First Aiders, plus 24/7 online GP services and an Employee Assistance Programme for you and your family.
A Great Place to Work – We have a lovely Central London office in Holborn, and offer flexible and remote working arrangements.