Senior Cloud SecOps Engineer

We are expanding the Security Operations team extensively, and this is an exciting role as part of an advanced detection and response team.  You will have the opportunity to shape and develop engineering-centric approaches and solutions to security problems.  We don't believe the 'traditional SOC' model continues to be effective and efficient, and our vision challenges this with autonomic security operations, to improve our ability to withstand security attacks.

BENEFITS

• 30 days annual leave plus public holidays
• Remote friendly environment
• Remote working equipment allowance
• Health and wellness allowance
• Flexible working arrangements
• Learning days, Udemy and educational reimbursements
• Primary caregiver leave
• 4 hours of “investment time” per week, to spend working on projects that you are passionate about improving
• Mental Health support via Spill
• Perlego subscription 
• Full details are available on our careers page

Form3 appreciates that we all lead different and often really busy lives. We work remotely 100% of the time and many of us work part time. If you’re interested in hearing what different flexible working arrangements may be available, we’d love to chat.

• Identify and maintain awareness of timely and appropriate threat intelligence (supported by Threat Intel Analyst)
• Plan and co-ordinate data source collection
• Prioritise detection engineering
• Develop new and existing supportive orchestration and automation actions
• Analyse event data to triage severity and priority (supported by our software, platform and IT engineering teams as necessary)
• Conduct technical investigations and response to threats (supported by Security IR Manager).

Knowledge inside-out of one (or more) of the following technology domains:

• Containers: Kubernetes, EKS, GKS, AKS and Cilium
• Platform services: Github, Terraform, CockroachDB, NATS, Postgres and Secrets
• Networking
• Cloud Platforms: AWS, GCP and Azure
• Endpoints (mainly macOS and Linux)
• IAM

Essential

• Ability to identify threats, onboard data sources, build corresponding detection engineering and develop appropriate enrichment, orchestration and/or automation actions
• Confident analysing and interpreting data from various sources, including endpoints, network devices, applications, and cloud services
• Experience analysing events to triage the issue or find root cause through log and data analysis
• Analytical thinking, attention to detail and curiosity mindsets in interrogating anomalies
• Interest in self-learning, and desire to continually improve
• Willingness to be part of the on-call rota (additionally paid)
• Excitement towards building Autonomic Security Operations

Desirable

• Demonstrated experience in common tooling including but not limited to: SIEM, SOAR and EDR.
• Experience conducting proactive technical investigations and response to threats
• Ability to develop custom scripting for orchestration and automation actions
• Experience contributing use cases and detection engineering into a use case database
• Knowledge of, and experience applying, models of threat actor behaviour such as MITRE ATT&CK framework and Cyber Kill Chain.