SOC Detection Engineer

ROLE SUMMARY 

The SOC Detection Engineer is responsible for the development of technical aspects and ongoing development of the detection platforms for the Verisure SOC. This includes the Microsoft Sentinel platform and various log sources, tools and technologies feeding into the platform. 

The role is part of Verisure Global Security Operations Centre and plays a vital role in keeping our teams sharp against real world threats, and in focussing our security strategy. 
 

PRIMARY ROLE & RESPONSIBILITIES 

Primary responsibilities include: 

• Support the development of SOC automations to improve overall SOC efficiency, analytics and response time to security incidents. 

• Development and tuning of SOC use cases / analytics rules to improve threat detection capabilities. 

• Onboarding, tuning and filtering data sources / feed and creation of detection use cases associated with the data sources. 

• Configure SIEM tools to collect, correlate, and analyse security event data from various sources. 

• Conduct regular reviews and updates of use cases to ensure their effectiveness. 

• Create and manage relevant dashboards, workspaces and reports including overall Sentinel costs. 

• Partner with our threat intelligence, hunting and incident detection and response teams. 

• Serve as the SME for the SOC and Microsoft Sentinel. 

• Perform regular tuning of the Sentinel system to minimize false positives and enhance accuracy. 

• Act as the Subject Matter Expert (SME) for Microsoft Defender for Endpoint and enhancing detection capabilities. 

• Maintenance and support of Microsoft Sentinel. 

• Health and Performance monitoring of Microsoft Sentinel and supporting infrastructure. 

• Manage log storage, retention policies, and data integrity. 

• Evaluate data sources value and usage within the SOC 

• Provide mentoring to the team to support the continual technical development of team members. 

• Maintain detailed documentation of Sentinel configurations, rules, and use cases. 

• Utilise and maintain a deep knowledge of the business as well as working relationships with each region. 

SECONDARY ROLE 

Secondary responsibilities include: 

• Support the evolution of the detection mechanisms used within the SOC e.g. Introduce Jupyter Notebooks for Advanced Threat Hunting and Machine Learning 

• Acting as the secondary point for incident escalation during major incidents if required. 

• Support and future Red Team / Purple Team activities 

• Create the vision and plans to continue to mature Microsoft Sentinel. 

• Manage and support AWS infrastructure and Services that support the SOC operation. 

ESSENTIAL SKILLS & EXPERIENCE 

Essential skills & experience includes: 

• Extensive experience in Cyber Operations include monitoring, incident response & handling, threat detection and threat intelligence 

• SIEM and general security tooling experience Including Microsoft Sentinel, Microsoft Defender, KQL, AWS, Splunk, Next Generation Firewalls. 

• Extensive knowledge of hacking and threat detection or monitoring techniques 

• Strong written and verbal communication skills with an ability to communicate technical details in a clear and understandable manner in Business English 

• Self-starter, self-motivated, and able to work independently while following the team’s mission and vision in a fast-paced operationally focused environment 

• Process and procedure lifecycle ownership 

• Knowledge of relevant legal obligations & applicable legislation such as GDPR 

• International working experience (global team) - Must be flexible to work with global teams and working on different time zones 

• Mentoring and coaching 

DESIRABLE SKILLS & EXPERIENCE 

Desirable skills & experience includes: 

• Azure AZ-500 (Azure Security Engineering Associate) / SC-100 (Microsoft Cybersecurity Architect) 

• Microsoft Sentinel / SC-200 (Security Operations Analyst Associate)  

• AWS / AWS Guard Duty 

• Linux/Unix Administration Experience, preferably CentOS/RHEL 

• ITIL certification 

• Industry certification (CISA / CISSP certification/ CREST / SANS/ CISM) 

• Scripting Python/PowerShell/Bash 

• Non-English language skills e.g. Spanish, Swedish