Senior Cyber Detect Engineer

A.P. Moller - Maersk is a global logistics company whose purpose is “Improving life for all by integrating the world”. We are embarking on an industry-defining transformation, on a bold new direction, expanding our capabilities to become a true end-to-end logistics provider that can deliver intelligent solutions for customers around the world. It’s a big moment for all of us – and we all have our part to play. 

Do you see yourself enjoying lots of opportunities to collaborate with colleagues around the globe, expanding your skills in an atmosphere that prioritizes employee growth and being a part of an inspiring work environment?  Then join us as we reinvent the future of integrated logistics.  

What We offer

To work at Maersk is to work with the world. You’ll learn from – and collaborate with – skilled professionals who literally move the world, every day. With a supportive environment to develop your skills, you’ll gain access to world-class learning programmes to accelerate your career goals. And you’ll find yourself welcome in our diverse and inclusive culture, where you are valued for who you are and rewarded for what you bring. For this and many other of our roles, we can offer the flexibility of hybrid working, alongside industry leading benefits such as pension and family health/dental insurances as standard.

About the role

A Detection and Automation engineer is responsible for identifying potential security threats and automating the processes that detect and respond to these threats. Their role typically involves a combination of monitoring, analysis, and the implementation of automated systems to enhance the efficiency and effectiveness of an organization’s cybersecurity measures. They will help with the deployment, configuration, maintenance, and support our internal business critical systems. Look after services Lifecycle management (development, build, maintenance, and improvement) of the end to end / full-stack cyber security logging & monitoring platform. Supporting the business to transition to a more flexible, scalable approach that supports a distributed workforce and hybrid working mode.

Key responsibilities

Threat Detection:

• Monitoring: reviewing networks, systems, and applications via the logs/ data received for signs of security breaches or unusual activities/ trends.
• Develop and implement threat detection mechanisms across multiple platforms, including SIEM, EDR, XDR, and Deception tooling.
•  Regularly test and validate detection logic and triggers to ensure accuracy and reliability.
• Analysis: Analyse security alerts and logs to identify potential threats and vulnerabilities to build out use cases and playbooks and to reduce the manual effort of investigating them.
• Incident Response: Collaborate with incident response teams to investigate and mitigate security incidents.

Automation:

• Scripting and Tools Development: Develop and implement scripts and tools to automate repetitive tasks related to threat detection and incident response. o Integration: Integrate security tools and platforms (like SIEMs, IDS/IPS, firewalls) to streamline detection and response workflows.
• Playbooks: Create and maintain automated response playbooks to standardize and accelerate incident handling processes.

Security Operations:

• SIEM Management: Manage Security Information and Event Management (SIEM) systems to ensure effective collection, correlation, and analysis of security data.
•  Rule Tuning: Continuously fine-tune detection rules and signatures to reduce false positives and enhance detection accuracy.
• Threat Intelligence: Utilize threat intelligence feeds to stay updated on emerging threats and adapt detection mechanisms accordingly.
• XDR: Manage and ensure effective playbooks are in place to drive mundane activities.
• EDR: Manage and maintain detections from the EDR platform to ensure aggregation and automation is driven via XDR.
• Testing: Ensuring that simulations and testing against all detections are done quarterly to ensure all are still fit for purpose.

Collaboration and Communication:

• Team Coordination: Work closely with other cybersecurity professionals, such as threat hunters, incident responders, and security engineers.
• Reporting: Provide detailed reports on security incidents, detection performance, and the effectiveness of automated processes.

Required experience & skills

Technical Proficiency:

• Knowledge of Security Tools: Proficient with security tools such as SIEM, IDS/IPS, EDR, and firewalls. XDR advantageous.
• Programming and Scripting: Skilled in scripting languages like Python, Bash, or PowerShell for automation tasks.
• Networking and Systems: Understanding of network protocols, operating systems, and common IT infrastructure.

Analytical Skills:

• Threat Analysis: Ability to analyse complex security data and logs to identify patterns indicative of security threats.
• Problem-Solving: Strong problem-solving skills to develop effective detection and automation solutions.

Experience & Qualifications

Typically, a Detection and Automation Engineer has a background in cybersecurity, computer science, or a related field. Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or SANS GIAC certifications can be advantageous. Practical experience with security operations, incident response, and automation tools is highly valued. In summary, a Detection and Automation Analyst plays a crucial role in enhancing an organization’s cybersecurity posture by leveraging automation to improve the efficiency and effectiveness of threat detection and response processes.

If you share our commitment and motivation without reservation, bring passion to your job and want to make a difference, you've come to the right place. We look forward to hearing from you!

Maersk is committed to a diverse and inclusive workplace, and we embrace different styles of thinking. Maersk is an equal opportunities employer and welcomes applicants without regard to race, colour, gender, sex, age, religion, creed, national origin, ancestry, citizenship, marital status, sexual orientation, physical or mental disability, medical condition, pregnancy or parental leave, veteran status, gender identity, genetic information, or any other characteristic protected by applicable law. We will consider qualified applicants with criminal histories in a manner consistent with all legal requirements.

We are happy to support your need for any adjustments during the application and hiring process. If you need special assistance or an accommodation to use our website, apply for a position, or to perform a job, please contact us by emailing  [email protected].