• Notera att ansökningsdagen för den här annonsen kan ha passerat. Läs annonsen noggrant innan du går vidare med din ansökan.

Detection Engineer

The role

The Security Operations Center team is embarked on a maturity mission, and requires a highly motivated and talented Detection Engineer to help guide us on this journey. This Detection Engineer role requires an understanding of the day to day operations of this area.

The SOC team mostly operates out of Stockholm and is responsible for the detection, triage and alerting around potential security events affecting Kindred Group and its assets. We are searching for that certain someone who is not satisfied in just knowing common standards and frameworks, but instead likes to understand vulnerabilities, the usual tactics, techniques and procedures used by adversaries, and most importantly how to detect them. You should have a real personal passion for security (across a broad range of domains), technology and insatiable lust to develop further as a Detection Engineer.

The SOC team is part of the Group CSIRT, responsible for the detection of threats and vulnerabilities affecting the Group, responding to incidents and performing forensic investigations.

Key Responsibilities

  • Researches, analyses and understands log sources originating from security and networking devices such as firewalls, routers, proxy, anti-virus products, and operating systems
  • Performs raw data review to identify malicious activity for which signatures/content do not exist
  • Develops new content and tunes/filters the existing content for SIEM, IDS/IPS, and other security technologies
  • Maintains and improves SIEM operations and integrations with other security products
  • Develops reports and dashboards for SOC operations
  • Contributes to and suggests improvements for Security Operations framework
  • Improves security event enrichment
  • Develops and maintains triage playbooks
  • Supports DFIR Engineers' efforts during all phases of the Incident Response process, when needed
  • Manages or contributes to projects that directly correspond to the maturity and/or capabilities of the SOC
  • Monitors intelligence sources in order to maintain situational awareness of the ways to detect emerging cyber threats
  • Develops and maintains documentation related to security event logging and monitoring
  • Communicates with key stakeholders to ensure that security event monitoring requirements and procedures are followed

Skills and Experience

  • Advanced knowledge of computer networking: TCP/IP, routing and protocols
  • Advanced knowledge of packet structure and previous experience performing in-depth packet analysis
  • Advanced knowledge of Incident Response methodologies and information security best practices/technologies
  • Advanced knowledge regarding the administration, use, securing and exploitation of common operating systems
  • Minimum of 3 years experience utilising HIDS/NIDS, SIEM, anti-virus, web-proxy, packet capture tools, host based analysis technologies in a security analyst capacity
  • Minimum of 3 years experience analysing logs originating from security and networking devices such as firewalls, routers, proxy, anti-virus products, and operating systems required
  • Proficiency in log parsing and data analysis (REGEX is a must)
  • Demonstrate knowledge of indicators of compromise (IOC) and Advanced Persistent Threat (APT) as it applies to event/incident/offense analysis
  • Research and analytical background and an analytical approach; especially with respect to event classification and event correlation
  • Able to perform true and false positive event (or offense) analysis with a high degree of accuracy
  • Must exhibit the ability to take threat intelligence and correlate it within the context of event/incident/offense analysis
  • Familiarity with a standardised incident response framework, and ability to further develop triage procedures within the SOC
  • Highly desirable: experience with threat intelligence feeds and platforms (e.g. MISP, yara rules, virustotal, etc.)
  • Highly desirable: experience with cloud platforms like AWS, GCP or Azure
  • Highly desirable: experience with O365
  • Highly desirable: experience with Splunk or Elasticsearch
  • Desirable: Relevant university degree, GCDA, GNFA, GCFE, GMON, GSOC or other technical certification, Certification for security operations technology e.g. SIEM, HIDS/NIDS solutions


  • Time to detect incidents
  • % of coverage for the security event detection systems
  • True/False positive ratio for security alerts
  • Count of use detection use cases

Application process

Click on the "Apply Now" button and complete the short web form. Please add a covering letter in English to let us know your motivation for applying and your salary expectation. Our Talent Acquisition team will be in touch soon.

Kindred is an equal opportunities employer committed to employing a diverse workforce and an inclusive culture. As such we oppose all forms of discrimination in the workplace. We create equal opportunities for all our applicants and will treat people equally regardless of and not limited to, gender, age, disability, race, sexual orientation. We are committed not only to our legal obligations but also to the positive promotion that equal opportunities bring to our operations as set out in our sustainability framework. Kindred has an ESG rating of AAA by MCSI.

Job alerts

Not suited to this role but interested in working at Kindred Group?

We are always on the lookout for talented, passionate people to join our global teams so if you'd like us to let you know when suitable jobs come up, please click on “Register for Alerts”.

Detta är en jobbannons med titeln "Detection Manager" hos företaget Kindred People AB och publicerades på webbjobb.io den 7 november 2022 klockan 13:44.

Hur du söker jobbet

webbjobb-logo-white webbjobb-logo-grey webbjobb-logo-black