SIEM Engineer

NCC Group is a leading partner in the Security Industry. It helps 1000’s clients to develop, maintain, progress and secure their Cyber Security through the use of Vulnerability/Penetration Testing, Audits and 24/7 monitoring, amongst others.

NCC Group provide a range of managed and hosted services delivered from our UK based Security Operations Centre SOC which operates 24/7, 365 days a year. Our team of over 30 accredited security experts are available 24/7, dealing daily with over 250 million log events and providing support for over 5,000 network devices.

This team are specialists in SIEM integration and content creation, with our services backed up by our own mature methodology for onboarding, developing and designing use cases for many of the UK’s largest companies. This has been tried and tested across dozens of major deployments and hundreds of use cases and is uniquely tailored to each client whilst providing the methodology to ensure that development and implementation are completed to a very high standard.

We operate a single point of contact for all Managed Service Security Requirements and work directly with clients to build, develop and design solutions for individual security requirements. Our team of experts provide proactive monitoring and response to help quickly evaluate and investigate security incidents as they occur and supporting day-to-day availability and change requests to help supplement your network security architecture.

Primary Responsibilities

A successful candidate will be responsible for the day-to-day support and operations of several SIEM solutions within our Leeds based SOC. Roles and responsibilities for this role include, but may not be limited to:

Maintaining the NCC Group SOCs SIEM and EDR platforms. Onboard and manage SIEM event sources and transition through to live SOC Managed Services. Assisting in the development of new SOC infrastructure to assist in SIEM and surrounding SOC requirements. Providing guidance and support to SOC personnel regarding SIEM operations, concepts, and development. Collaborating with our Analytics Development capability to create and deploy new detection mechanisms (both traditional analytics and machine learning techniques). Providing SIEM expertise to support Security Analysts during incidents and investigations. Collaborating with other teams to help develop and drive improvements/progression

A successful candidate would be able to provide security advice to customers to help them develop their security awareness and infrastructure. Working for a Security Partner requires a surrounding knowledge and experience of security awareness, incidents, response and management.

Skills and Development

Having competency in most of the below skills is required and the ability to use these at a higher level is desirable:

Experience using common SIEM technology stacks including but not limited to:SplunkLogRhythmSentinel Experience with EDR software including but not limited toCarbon BlackDefender for Endpoint Experience configuring, maintaining, and troubleshooting both Windows and Linux operating systems. Familiarity with incident response procedures. (This could be a from a wide pool of skills, such as investigating security alerts, incident response, security audits, configuration reviews, industry best practices, etc.) Experience configuring Network Security Devices such as but not limited to Cisco, Fortinet, CheckPoint, Suricata, Snort, Palo Alto. A fundamental understanding of logging types and collection methods such as Windows Event Log and various Syslog protocols. Basic Development/ scripting skills (such as PowerShell, Python, Bash and any associated skills, such as Regex)

Certification

The following certifications are desirable, but not a requirement. A level of knowledge/experience within the below practices is also desirable. Successful candidates that do not possess these certifications may be tasked with working towards them at the beginning of their employment:

Splunk Certified Administrator Splunk Certified Power User LogRhythm Certified Support Engineer LogRhythm Certified Deployment Engineer Microsoft Azure Fundamentals Microsoft Security Operations Analyst CompTIA Certifications (Security+/ Network+/ Linux+) Crest, GIAC or CISSP Certification Degree in related field. Other relevant certifications.

Other Information

This role is based at the NCC Group office in Leeds, United Kingdom. This role will involve an out-of-hour’s element (post training).

About NCC Group

We are passionate about helping our customers to protect their brand, value and reputation against the ever-evolving threat landscape. We fuel that passion with investment – in our people, our business and we want to invite talented people to join us in our vision to be the leading cyber security advisor.

The NCC Group family has 2,500 members located around the world providing a trusted advisory service to 15,000 customers. Our heart is in our space.