Security Engineer

Security Engineer

As a security engineer at our client you are responsible for the development of technical aspects and ongoing development of the detection platforms for the our clients SOC. This includes the Microsoft Sentinel platform and various log sources, tools and technologies feeding into the platform. The role is part of the Security Operations Centre and plays a vital role in keeping the teams sharp against real world threats, and in focussing their security strategy.

Responsibilities

• Health monitoring and performance monitoring of our Microsoft Sentinel instance and supporting infrastructure.
• Support the development of SOC automations to improve overall SOC efficiency, analytics and response time to security incidents.
• Provide KQL and Logic App expertise for the development and tuning of SOC use cases / analytics rules to improve detection capabilities.
• Onboarding, tuning, filtering and evaluation of data sources / feed and creation of detection use cases associated with the data sources.
• Manage log storage, retention policies, and data integrity.
• Perform regular tuning of the Sentinel system to minimize false positives and enhance accuracy.
• Conduct regular reviews and updates of use cases to ensure their effectiveness.
• Serve as the SME for the SOC and Microsoft Sentinel.
• Provide mentoring to the team to support the continual technical development of team members.
• Maintain detailed documentation of Sentinel configurations, rules, and use cases.
• Utilise and maintain a deep knowledge of the business as well as working relationships with each region.
• Partner with our threat intelligence, hunting and incident detection and response teams.
• Create and manage relevant dashboards, workspaces and reports including overall Sentinel costs.
• Act as the Subject Matter Expert (SME) for Microsoft Defender for Endpoint and enhancing detection capabilities.

Secondary responsibilities include:

• Support the evolution of the detection mechanisms used within the SOC e.g. Introduce Jupyter Notebooks for Advanced Threat Hunting and Machine Learning
• Acting as the secondary point for incident escalation during major incidents if required.
• Support and future Red Team / Purple Team activities
• Create the vision and plans to continue to mature our Microsoft Sentinel instance.
• Manage and support AWS infrastructure and Services that support the SOC operation.

Benefits

• A base salary based on your experience between €65.000 and €75.000
• An excellent pension scheme;
• 20 statutory vacation days + 5 additional leave days;
• Annual performance bonus of 7%;
• Holiday allowance of 8% of your gross annual salary, paid in June;
• Employee access to a dedicated website with attractive discounts on products and services from various brands;
• Net travel allowance - €0.23 per kilometer (starting from a 10 km radius);
• Company laptop and phone;
• A dynamic and innovative work environment;
• Opportunities for personal and professional growth;
• Relocation package for candidates moving to the Netherlands from abroad.

Requirements

• Extensive experience in Cyber Operations include monitoring, incident response & handling, threat detection and threat intelligence
• SIEM, IDS and general security tooling experience Including Microsoft Sentinel, Microsoft Defender, KQL, AWS, Splunk, Next Generation Firewalls, Risk and Compliance toolsets
• Extensive knowledge of hacking and threat detection or monitoring techniques
• Strong written and verbal communication skills with an ability to communicate technical details in a clear and understandable manner in Business English
• Self-starter, self-motivated, and able to work independently while following the team's mission and vision in a fast-paced operationally focused environment
• Process and procedure lifecycle ownership
• Knowledge of relevant legal obligations & applicable legislation such as GDPR
• International working experience (global team) - Must be flexible to work with global teams and working on different time zones
• Business fluency in English
• Mentoring and coaching

Nice to have

• Desirable skills & experience includes:
• Azure AZ-500 (Azure Security Engineering Associate) / SC-100 (Microsoft Cybersecurity Architect)
• Microsoft Sentinel / SC-200 (Security Operations Analyst Associate)
• AWS / AWS Guard Duty
• Linux/Unix Administration Experience, preferably CentOS/RHEL
• ITIL certification
• Industry certification (CISA / CISSP certification/ CREST / SANS/ CISM)
• Scripting Python/PowerShell/Bash
• Non-English language skills e.g. Spanish, Swedish

Interested in applying? Let's have a chat! Cyber Security District is working exclusively together with our client on this role.

Cyber Security District is the first recruitment agency with 100% focus on cybersecurity in The Netherlands. To discuss open opportunities or career options, please visit our website cybersecuritydistrict.com and follow the Cyber Security District LinkedIn page for the latest job opportunities and market information.