Detection & Incident Response Engineer

About this role

Responsibilities

• Build and continuously improve security monitoring and alerting capabilities
• Investigate security events and operate the incident response process end-to-end
• Design, implement and tune detection rules and alerts to maximise effectiveness and reduce noise
• Own and maintain incident response procedures and alert playbooks
• Perform threat intelligence activities to enhance detection and response capabilities
• Monitor logs and respond to alerts in a timely and effective manner
• Integrate security tools and data sources into detection and alerting pipelines
• Configure and optimise Security Orchestration, Automation and Response (SOAR) workflows
• Enhance our DLP monitoring
• Contribute to broader security initiatives and tasks as required

Requirements

• Strong SOC and security operations experience
• Hands-on experience with SIEM platforms (e.g. Elastic, Microsoft Sentinel)
• Proficiency in KQL
• Solid incident response experience
• Experience with automation and orchestration (SOAR)
• Understanding of SOAP and security integrations
• Experience: 6+ years in a relevant security role
• Certifications (preferred)
• SC-200 – Microsoft Security Operations Analyst
• GIAC certifications (e.g. GCIH, GCFA, GNFA, GCIA, GMON, GCDA, GDAT)
• Elastic certifications