Cloud Security Engineer

Main Purpose:

Serve as a senior technical expert within the IT Security Operations Centre, leading complex security incident investigations and advanced threat hunting activities. Drive continuous improvement of security monitoring capabilities through custom detection development, automation, and forensic analysis. Act as technical escalation point for SOC analysts while coordinating cross-functional response efforts during critical security events. Enhance organizational security posture through proactive threat identification, root cause analysis, and development of advanced security tools and procedures.

Knowledge Skills and Abilities, Key Responsibilities:

Core Competencies

Security Monitoring & Detection

- Advanced Infrastructure Security Knowledge: Demonstrated expertise in network security architecture, endpoint protection, and cloud security principles

- Security Information and Event Management (SIEM): Proficiency with Splunk Enterprise Security or similar platforms for advanced correlation, threat hunting, and analytics

- Endpoint Detection & Response (EDR): Expert-level experience with Microsoft Defender for Endpoint (or equivalent), including configuration management, alert triage, and response automation

- Threat Intelligence Integration: Ability to incorporate threat feeds into detection systems and develop custom detection rules based on emerging threats

- Advanced Analytics: Experience with behavioural analytics, anomaly detection, and machine learning-based security monitoring techniques

Incident Response & Forensics

- Incident Management Leadership: Ability to take ownership of complex security incidents from initial detection through complete remediation

- Digital Forensics: Expertise in memory forensics and network forensics to establish incident timeline and scope

- Malware Analysis: Advanced skills in static and dynamic malware analysis, including disassembly, debugging, unpacking, and sandbox analysis

- Threat Hunting: Proactive identification of threats that have evaded existing security controls through hypothesis-driven investigations

- Incident Coordination: Experience leading cross-functional response teams and communicating effectively with stakeholders during security incidents

Technical Expertise

- Scripting & Automation: Strong programming skills in PowerShell, Python, and other relevant languages for security automation and custom tool development

- Active Directory & Identity Management: Deep understanding of AD architecture, LDAP queries, and common attack vectors against identity infrastructure

- Operating System Security: Comprehensive knowledge of Windows, Linux, and macOS security mechanisms and hardening techniques

- Network Security: Expertise in network protocols, traffic analysis, and network-based detection techniques

- Cloud Security: It would be advantageous (but not required) if the candidate had experience securing assets across major cloud platforms (AWS, Azure) and understanding cloud-specific security controls

Key Responsibilities

Security Operations

- Lead complex security investigations requiring advanced forensic techniques and cross-platform analysis

- Develop and maintain custom detection rules, playbooks, and response procedures

- Perform regular threat hunting exercises to identify potential compromises

- Analyze and validate security alerts escalated from Tier 1 analysts

- Conduct root cause analysis for security incidents and develop mitigation strategies

Engineering & Development

- Design and implement security monitoring improvements and automation workflows

- Develop custom scripts and tools to enhance detection and response capabilities

- Maintain and optimize security tooling, including SIEM content, EDR policies, and detection rules

- Collaborate with security architecture teams to improve defensive posture

- Contribute to continuous improvement of security monitoring and response processes

Leadership & Knowledge Transfer

- Serve as technical escalation point for Tier 1 SOC analysts

- Document findings, methodologies, and lessons learned from security incidents

- Collaborate with threat intelligence teams to enhance detection capabilities

Qualifications

Required Experience

- 5+ years of experience in cybersecurity with at least 3 years in a SOC or incident response role

- Demonstrated expertise with SIEM platforms, preferably Splunk Enterprise Security

- Advanced knowledge of Microsoft Defender for Endpoint or similar EDR solutions

- Experience with memory forensics tools (e.g., Volatility) and malware analysis techniques

- Proficiency in at least one scripting language (PowerShell, Python, Perl)

Relevant Certifications (not required)

- GIAC Certified Incident Handler (GCIH)

- GIAC Reverse Engineering Malware (GREM)

- GIAC Certified Forensic Analyst (GCFA)

- Certified Information Systems Security Professional (CISSP)

- Offensive Security Certified Professional (OSCP)

Personal Attributes

- Exceptional analytical and problem-solving abilities

- Strong communication skills with ability to explain technical concepts to various audiences

- Self-motivated with ability to work under pressure during security incidents

- Detail-oriented with strong documentation habits

- Collaborative mindset and team-oriented approach to security operations

This role requires a security professional who can handle complex security incidents, perform advanced technical analysis, and provide leadership during critical security events. The successful candidate will combine technical depth with operational excellence to strengthen our security posture and respond effectively to emerging threats.

Key Relationships and Department Overview:

IT Security, Trading IT, Middle Office teams.