Cloud-security Hybrid Jobs in Vereinigtes Königreich

Hybrid Senior Associate, Detection Engineer, Cyber Managed Services Senior Associate, Detection Engineer, Cyber Managed Services with verification

Kroll · United Kingdom · Hybrid

About the job

We’re seeking an enthusiastic Senior Associate-Detection Engineer to join our Cyber Team!

This role is Remote-UK

Working within our Security Operations Centre as a Detection Engineer, the focus of this role is the implementation of security monitoring, detection and response technologies across Kroll’s client base. This involves developing, testing and tuning security content across SIEM and EDR technologies.

Day-to-day Responsibilities
  • Develop, test and tune detections (aka use cases, rules) for the latest threats using leading SIEM and EDR technologies.
  • Identify false positives/negatives and tune detections to increase fidelity.
  • Understand the threat landscape including new/emerging threats.
  • Develop, test and tune parsers to normalise raw logs.
  • Handle requests for new detections, determine the security value of those requests and clearly explain your decision to stakeholders.
  • Be an SME on audit logging and recommend configurations to customers.
  • Improve the computational efficiency of existing content.
  • Work with customers to build effective whitelists and blacklists.
  • Understand and master data sources across a variety of categories including Windows, Linux, IAM, EDR, NGAV, NDR, Cloud Security, Email Security, Firewalls, IPS/IDS, MFA, Web Proxies, VPNs, ZTNA, Productivity Apps and CASB.
  • Collaborate with key stakeholders including Incident Response, SOC, Threat Intelligence, Offensive Security, Solutions Engineering, Platform Engineering, Project Management, Product Management, Account Management and Sales.
  • Deploy and maintain detection content at scale.
  • Essential traits:
  • Familiar with prevailing threats and how to mitigate them using SIEM and/or EDR.
  • Understanding of Windows Event Logs, Linux Syslogs or EDR telemetry.
  • Experience writing or tuning detections for SIEM or EDR technologies.
  • Familiarity with the Mitre ATT&CK framework.
  • Understand security principles and practices.
  • Ability to relay complex technical subject matter to non-technical stakeholders.
  • Demonstrable analytical and technical aptitude with focus on identifying and alleviating the root cause of a problem.
  • Proven ability to thrive and respond to frequent demands of multiple constituents, both internal and external, in a high demand, customer-centric environment.
  • SANS/GIAC certifications preferred.
  • Proficiency in scripting language preferred.

About Kroll

Join the global leader in risk and financial advisory solutions—Kroll. With a nearly century-long legacy, we blend trusted expertise with cutting-edge technology to navigate and redefine industry complexities. As a part of One Team, One Kroll, you'll contribute to a collaborative and empowering environment, propelling your career to new heights. Ready to build, protect, restore and maximize our clients’ value? Your journey begins with Kroll.

In order to be considered for a position at Kroll, you must formally apply via careers.kroll.com

Kroll is committed to equal opportunity and diversity, and recruits people based on merit

K