Senior Cyber Detect Engineer Maersk is the largest shipping and container logistics company in the world. A $40bn organisation with over 85,000 people, we ship roughly 20% of the world's container freight. We're bringing our organisation together to become an integrated container shipping and logistics company, fundamentally re-thinking how we do business.
Maersk is going through times of unprecedented change. As we aspire to secure sustainable growth of our businesses, we need to re-think the way we engage with our customers and partners. Digitisation and IT are taking centre stage in enabling this engagement. Join us in Transport and Logistics IT as we re-think what technology can do to drive growth.
Job Purpose A Detection and Automation engineer is responsible for identifying potential security threats and automating the processes that detect and respond to these threats. Their role typically involves a combination of monitoring, analysis, and the implementation of automated systems to enhance the efficiency and effectiveness of an organization's cybersecurity measures. They will help with the deployment, configuration, maintenance, and support our internal business critical systems. Look after services Lifecycle management (development, build, maintenance, and improvement) of the end to end / full-stack cyber security logging & monitoring platform. Supporting the business to transition to a more flexible, scalable approach that supports a distributed workforce and hybrid working mode.
Key responsibilities Threat Detection: Monitoring: reviewing networks, systems, and applications via the logs/data received for signs of security breaches or unusual activities/trends.Develop and implement threat detection mechanisms across multiple platforms, including SIEM, EDR, XDR, and Deception tooling.Regularly test and validate detection logic and triggers to ensure accuracy and reliability.Analysis: Analyse security alerts and logs to identify potential threats and vulnerabilities to build out use cases and playbooks and to reduce the manual effort of investigating them.Incident Response: Collaborate with incident response teams to investigate and mitigate security incidents.Automation: Scripting and Tools Development: Develop and implement scripts and tools to automate repetitive tasks related to threat detection and incident response.Integration: Integrate security tools and platforms (like SIEMs, IDS/IPS, firewalls) to streamline detection and response workflows.Playbooks: Create and maintain automated response playbooks to standardize and accelerate incident handling processes.Security Operations: SIEM Management: Manage Security Information and Event Management (SIEM) systems to ensure effective collection, correlation, and analysis of security data.Rule Tuning: Continuously fine-tune detection rules and signatures to reduce false positives and enhance detection accuracy.Threat Intelligence: Utilize threat intelligence feeds to stay updated on emerging threats and adapt detection mechanisms accordingly.XDR: Manage and ensure effective playbooks are in place to drive mundane activities.EDR: Manage and maintain detections from the EDR platform to ensure aggregation and automation is driven via XDR.Testing: Ensure that simulations and testing against all detections are done quarterly to ensure all are still fit for purpose.Collaboration and Communication: Team Coordination: Work closely with other cybersecurity professionals, such as threat hunters, incident responders, and security engineers.Reporting: Provide detailed reports on security incidents, detection performance, and the effectiveness of automated processes.Primary internal stakeholders: Detect engineering teamManager of Detect EngineeringCapability and Strategy ownersPrimary external stakeholders: VendorsCyber Operations Engineering teamsRequired experience & skills: Technical Proficiency: Knowledge of Security Tools: Proficient with security tools such as SIEM, IDS/IPS, EDR, and firewalls. XDR advantageous.Programming and Scripting: Skilled in scripting languages like Python, Bash, or PowerShell for automation tasks.Networking and Systems: Understanding of network protocols, operating systems, and common IT infrastructure.Analytical Skills: Threat Analysis: Ability to analyse complex security data and logs to identify patterns indicative of security threats.Problem-Solving: Strong problem-solving skills to develop effective detection and automation solutions.Attention to Detail: Accuracy: Meticulous attention to detail to ensure accurate threat detection and efficient automation processes.Continuous Improvement: Commitment to continuously improving detection mechanisms and automation workflows.Soft Skills: Communication: Effective communication skills to convey technical information to non-technical stakeholders and document processes clearly.Collaboration: Ability to work collaboratively within a team and across departments.Experience & Qualifications: Typically, a Detection and Automation Engineer has a background in cybersecurity, computer science, or a related field. Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or SANS GIAC certifications can be advantageous. Practical experience with security operations, incident response, and automation tools is highly valued. In summary, a Detection and Automation Analyst plays a crucial role in enhancing an organization's cybersecurity posture by leveraging automation to improve the efficiency and effectiveness of threat detection and response processes.
#J-18808-Ljbffr