The Role
Provide custom detection capabilities for customers by assessing detection gaps, hosting threat workshops, querying SIEMs (Splunk, Sentinel), writing pseudo-logic and work packages for detections-as-code, deriving detections from threat intelligence, explaining attack paths to customers, and tracking development and testing through ticketing systems.
Summary Generated by Built In
Our Global Detection Engineering Team provides detection capabilities for various security products used in our 24/7 managed monitoring service with customers all over the world. This role will be to join our detection engineering team, where you will focus on providing a tailored experience of custom detections to all our customers.
All customers have the benefit of access to NCC’s wide library of detections but there are many cases for exceptions and requirements for custom detections. This role sits at the pivotal point between our customers and the detection engineers. Together with (representatives of our) customers you will focus on assessing the gap and need for custom detections (on top of the deployment of detections from NCC’s detection library) to provide the appropriate level of detection each customer desires.
We're looking for a wide range of backgrounds for potential candidates; the exact responsibilities of any candidate can be tailored given their experience and skillset. Any candidate that only partially matches the skillset is encouraged to apply.
Key Responsibilities
- Schedule and host threat workshops utilizing industry-approved methodologies such as DREAD or STRIDE.
- Correlate log events in SIEM solutions with activities which have taken place in the (business) application or technology.
- Query data ingested into customer SIEM environments to assess the practical feasibility of newly proposed detections.
- Prepare pseudo-logic and work packages for detection engineers who write detections-as-code within the NCC detection repository.
- Derive new generic detection opportunities from Threat Intelligence reports to further expand NCC’s detection library.
- Identify potential abuse patterns in customer applications.
- Query large datasets of data in SIEMs (Sentinel & Splunk).
- Explain (potential) attack paths to customers.
- Write pseudo-logic for the development of new detections.
- Track the status of detections under development and share status updates with the customer.
- Obtain feedback from customers on exceptions and allowed behavior during the testing phase of the development of new analytics.
- Ensure work is up-to-date and tracked in (internal) ticketing system(s).
Skills, Knowledge & Expertise
- Experience in detection engineering on a range of technologies (SIEM and EDR)
- OR
- Experience in SOC or Managed Detection Services
- OR
- Experience in Analytically-minded IT Systems administration/Network Administration and looking for a change in career/focus on Security
- Excellent oral and written communication skills.
- Ability to work with client engagement teams and NCC colleagues to continuously improve the service we deliver.
- Good understanding of IT Systems and platforms from a security context.
Desired Requirements:
- A security mindset and demonstrable experience or knowledge of contemporary attack tactics and techniques.
- Forensics or Incident Response competency would be considered valuable.
- Strong knowledge of the latest threats in security.
- The skills to translate technical attacks to effects in the business (and vice versa).
- Experience in simulating attacks is considered an advantageous skill to enhance other skills
- Experience with SIEM tools, preferably Splunk and Microsoft Sentinel.
And has knowledge of one or more of the below:
- Azure or other cloud technologies,
- Windows Active Directory,
- Windows Operating System fundamentals,
- Networking fundamentals.
- System management technologies
- Identity and access management procedures and technologies
Job Benefits
- A good salary that matches the things you have already done and will do;
- Flexible working hours and flexibility in working from home or at the office, allowing you to optimally combine your private life with your work;
- A favorable pension scheme, 26 vacation days (+4 mandatory days off), and 8% holiday pay with a full-time contract;
- Plenty of development opportunities: you can gain and share knowledge through training, TechTalks, events, and our own Fox Academy;
- A laptop and business phone. If you use your own phone, you will receive a reimbursement of up to €25 per month;
- A remote work allowance (for hybrid working);
- A performance bonus and profit sharing because we value your effort;
- When we work in the office, we gather every day for a delicious lunch.
About
We assess, develop and manage cyber threats across our increasingly connected society. We advise global technology, manufacturers, financial institutions, critical national infrastructure providers, retailers and governments on the best way to keep businesses, software and personal data safe.With our knowledge, experience and global footprint, we are best placed to help businesses identify, assess, mitigate & respond to the risks they face.We are passionate about making the Internet safer and revolutionising the way in which organisations think about cyber security.Headquartered in Manchester, UK, with over 35 offices across the world, NCC Group employs more than 2,000 people and is a trusted advisor to 15,000 clients worldwide.
Skills Required
- Experience in detection engineering on SIEM and EDR technologies
- Experience in SOC or Managed Detection Services
- Analytically-minded IT Systems administration or Network Administration experience
- Excellent oral and written communication skills
- Ability to work with client engagement teams and colleagues to improve service delivery
- Good understanding of IT systems and platforms from a security context
- Security mindset and knowledge of contemporary attack tactics and techniques
- Forensics or Incident Response competency
- Strong knowledge of latest threats in security
- Ability to translate technical attacks to business effects
- Experience simulating attacks
- Experience with SIEM tools, preferably Splunk and Microsoft Sentinel
- Knowledge of Azure or other cloud technologies
- Knowledge of Windows Active Directory
- Windows operating system fundamentals
- Networking fundamentals
- System management technologies
- Identity and access management procedures and technologies
Am I A Good Fit?
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
NCC Group is a global cyber security and resilience company that helps organizations manage risk, strengthen resilience, and build trust. They provide services in cyber security consulting, managed services, technical assurance, and software escrow.









