Detection Engineer
Delft or Madrid (Remote)
Our Global Detection Engineering Team provides detection capabilities for various security products used in our 24/7 managed monitoring service with customers all over the world. This role will be to join our detection engineering team, where you will focus on one of our detection capabilities. You will use our latest Threat Intelligence and your own creativity to write and maintain detection logic for our customers. Previous experience with detection engineering is not a prerequisite. We're looking for a wide range of backgrounds for potential candidates, the exact responsibilities of any candidate can be tailored given their experience and skillset. Any candidate that only partially matches the skillset is encouraged to apply.
The Opportunity
- Develop new detection logic to contribute to Detection Engineering content repository.
- Continuously improve existing detection logic.
- Write and maintain detection tests cases.
- Review findings of TI, CERT, and Red Team activities and evaluate from a detection engineering improvement perspective.
Key Accountabilities
- Researching data sets and potential IOCs for distribution
- Running tools/techniques to get data
- Researching log sources and data sets
- Writing rules and alert logic
- Writing test processes and procedures for the logic
- Monitoring test output and bug fixing
- Monitoring the system & data health
- Add global filters to detection logic based on operational feedback
- Scheduling and deploying new analytics
- Keep generic detection lookups consistent with new Detection tools/versions
- Ensuring work is up-to-date or tracked
Minimum Requirements
- Proven experience in detection engineering on a range of technologies (SIEM and EDR, ideally NDR as well)
OR
- Proven experience in SOC or Managed Detection Services
OR
- Proven experience in Analytically-minded IT Systems administration/Network Administration and looking for a change in career/focus on Security
AND
- Excellent oral and written communication skills
- Ability to work with client engagement teams and NCC colleagues to continuously improve the service we deliver
- Good understanding of IT Systems and platforms from a security context
Desirable Requirements
- A security mindset and demonstrable experience or knowledge of the contemporary attack tactics and techniques.
- Forensics or Incident Response competency would be considered valuable
- Strong knowledge of the latest threats in security or is eager to build this knowledge,
- Experience with simulating attacks. Certificates such as CEH and OSCP are not required but are a plus.
- Experience with Endpoint or Network monitoring.
- Experience with SIEM tools, preferably Splunk and/or Microsoft Sentinel.
- Experience with Scripting languages such as PowerShell, Python, Bash
- Experience with version control (Git, Azure Dev Ops, etc. )
And has knowledge of one or more of the below:
- Azure or other cloud technologies,
- Windows Active Directory,
- Windows Operating System fundamentals,
- Networking fundamentals.
Ways of working
Focusing on Clients and Customers.
Working as One NCC.
Always Learning.
Being Inclusive and Respectful.
Delivering Brilliantly.
Fox-IT
We are Fox-IT, or Fox. We stand for making the world safer and more secure. That means every one of us contributes in making society safer and more secure with the help of our technical and innovative solutions. From our Red Team of hackers, our Blue Team of defense specialists, highly skilled developers to trusted security consultants and more: We do this for organizations where cyber security is highly important. That is why we continuously develop our individual skills and knowledge.
We are critical thinkers, naturally security paranoid and thrive on development. We are part of NCC Group and with 2000 like-minded colleagues around the globe, we are on our never-ending mission to create a safer world.
We are on a mission to make society a safer and more secure place. Our people are the ones who make that possible; a global community of talented individuals working together towards a safer future.
We aim to create an environment where everyone can reach their full potential. We work together, we are brilliantly creative, we embrace difference and we want you to join in our mission.
Our offer
You will work in a place at the top of cybersecurity where your ideas are valued. You cannot always tell all the details about your work, but you can tell that you contribute to a safer society. That's not all, you also get:
- A good salary that matches the things you have already done and will do;
- Flexible working hours and flexibility in working at home or in the office, so that you can optimally combine your private life with your work;
- A favorable pension scheme, 26 vacation days (+4 office closing days) and 8% vacation pay with a full-time contract;
- Lots of development opportunities: you can gain and share knowledge through TechTalks, Crypto Colloquia, events and our own Fox Academy;
- A laptop and business phone. Do you use your own phone? Then you will receive a maximum reimbursement of €25;
- A monthly reimbursement for your internet at home of a maximum of € 40,- and a homework allowance.
- A performance bonus and profit sharing, because we value your effort;
- When we work in the office, we gather every day for a delicious lunch.
You can apply by clicking on the button, which will take you to our ATS (Workday). After your application, we will get to work and see if we are a good match.
So, what's next?
If this sounds like the right opportunity for you, then we would love to hear from you! Click on apply to this job to send us your CV and cover letter and the relevant member of our global talent team will be in touch with you. Alternatively send your details to global. ta@nccgroup. com .
About your application
We review every application received and will get in touch if your skills and experience match what we're looking for. If you don't hear back from us within 10 days, please don't be too disappointed - we may keep your CV on our database for any future vacancies and we would encourage you to keep an eye on our career opportunities as there may be other suitable roles.
If you do not want us to retain your details, please email global. ta@nccgroup. com. All personal data is held in accordance with the NCC Group Privacy Policy (candidate-privacy-notice-261023. pdf (nccgroupplc. com)). We are committed to diversity and flexibility in the workplace. If you require any reasonable adjustments to support yo.