Detection Engineer

The Opportunity Develop new detection logic to contribute to Detection Engineering content repository. Continuously improve existing detection logic. Write and maintain detection tests cases. Review findings of TI, CERT, and Red Team activities and evaluate from a detection engineering improvement perspective. Key Accountabilities Researching data sets and potential IOCs for distribution Running tools/techniques to get data Researching log sources and data sets Writing rules and alert logic Writing test processes and procedures for the logic Monitoring test output and bug fixing Monitoring the system & data health Add global filters to detection logic based on operational feedback Scheduling and deploying new analytics Keep generic detection lookups consistent with new Detection tools/versions Ensuring work is up-to-date or tracked Minimum Requirements Proven experience in detection engineering on a range of technologies (SIEM and EDR, ideally NDR as well) OR  Proven experience in SOC or Managed Detection Services OR  Proven experience inAnalytically-mindedIT Systems administration/Network Administration and looking for a change in career/focus on Security AND Excellent oral and written communication skills Ability to work with client engagement teams and NCC colleagues to continuously improve the service we deliver Good understanding of IT Systems and platforms from a security context Desirable Requirements A security mindset and demonstrable experience or knowledge of the contemporary attack tactics and techniques. Forensics or Incident Response competency would be considered valuable Strong knowledge of the latest threats in security or is eager to build this knowledge, Experience with simulating attacks. Certificates such as CEH and OSCP are not required but are a plus. Experience with Endpoint or Network monitoring. Experience with SIEM tools, preferably Splunk and/or Microsoft Sentinel. Experience with Scripting languages such as PowerShell, Python, Bash Experience with version control (Git, Azure Dev Ops, etc.) And has knowledge of one or more of the below: Azure or other cloud technologies, Windows Active Directory, Windows Operating System fundamentals, Networking fundamentals. Ways of working Focusing on Clients and Customers. Working as One NCC. Always Learning. Being Inclusive and Respectful. Delivering Brilliantly. Our company At NCC Group, our mission is to create a more secure digital future. That mission underpins everything we do, from our work with our incredible clients to groundbreaking research shaping our industry. Our teams' partner with clients across a multitude of industries, delving into, securing new products, and emerging technologies, as well as solving complex security problems. As global leaders in cyber and escrow, NCC Group is a people-powered business seeking the next group of brilliant minds to join our ranks. Our colleagues are our greatest assets, and NCC Group is committed to providing an inclusive and supportive work environment that fosters creativity, collaboration, authenticity, and accountability. We want colleagues to put down roots at NCC Group, and we offer a comprehensive benefits package, as well as opportunities for learning and development and career growth. We believe our people are at their brilliant best when they feel bolstered in all aspects of their well-being, and we offer wellness programs and flexible working arrangements to provide that vital support. Come join us? What do we offer in return? We have a high-performance culture which is balanced evenly with world-class well-being initiatives and benefits: ⏰Flexible working Financial & Investment Pension Life Assurance Share Save Scheme Maternity & Paternity leave