Overview
The role involves defining and overseeing threat-informed detection and visibility architecture for network security services to support the Cybersecurity Operations Centre's security operations.
Key Responsibilities
- - Design and recommend security controls and visibility requirements for network security services.
- - Ensure appropriate logging, telemetry, and network traffic inspection mechanisms are in place.
- - Embed zero-trust principles into detection architecture.
- - Design and recommend detection in streamed data/log collection pipelines.
- - Use and help operationalise the OpenTIDE framework for threat-informed detection.
- - Support Threat Hunting activities by ensuring necessary network telemetry and logs are available.
Required Experience
- At least 3 years of experience in IT security, with specific background in one or more of the following areas: Network security architecture, design or engineering; IT security monitoring and detection; Threat-informed defence; Threat hunting or supporting threat hunting; Practical understanding of zero-trust architectures.
- At least 2 years of experience in IT Service Management, covering: Developing and/or operating an IT service; Systems/solutions design; Familiarity with ITIL-based processes or equivalent frameworks.
- Practical experience considered a clear advantage includes: Implementing zero-trust detection frameworks; Designing or reviewing network and security system engineering documentation; Designing or validating logging and telemetry requirements; Working with threat-informed detection frameworks such as OpenTIDE; Familiarity with modern log pipelines and data platforms; Implementing open source projects or EU-based solutions related to cybersecurity; Supporting the design of SOC processes; Integrating security capabilities with automation and orchestration.
Qualifications
At least a level of education which corresponds to completed university studies of at least 3 years attested by a diploma.
