Security Engineer

Key Responsibilities

• Lead investigation and response for complex or high-impact security incidents, including coordination across cross-functional teams.
• Oversee daily security operations to ensure timely detection, triage, and resolution of security alerts and incidents.
• Drive improvements in detection coverage, including tuning alerts, queries, and dashboards across SIEM (Elastic) and EDR platforms.
• Develop and enhance incident response processes, playbooks, and operational workflows.
• Work with IT and business stakeholders to implement remediation actions and strengthen security controls.
• Oversee vulnerability management prioritisation and remediation tracking with system owners.
• Identify and implement automation, AI-assisted analysis, and workflow improvements to improve operational efficiency, alert triage, and response consistency.
• Evaluate and apply AI-enabled tools or techniques to support security operations, including alert enrichment, incident summarisation, detection tuning, reporting, and knowledge management, while ensuring appropriate governance and data protection.
• Mentor and guide engineers, supporting knowledge sharing and capability development within the team.
• Ensure accurate incident documentation, reporting, and post-incident reviews are conducted.
• Oversee and contribute to weekly and monthly security operations reporting, including metrics, incident trends, and improvement actions.
• Participate in on-call escalation support for critical incidents.

Requirements

• Degree in information security, computer science, IT, or equivalent practical experience.
• Proven experience in security operations, incident response, or security engineering roles.
• Strong hands-on experience with SIEM, preferably Elastic, and EDR platforms.
• Solid experience with CrowdStrike Falcon EDR, including RTR, IOA detections, investigation, and response actions.
• Strong understanding of incident response methodologies, attack techniques, and threat detection.
• Experience coordinating incident response across multiple teams.
• Strong knowledge of operating systems, including Windows, Linux, and macOS, and networking fundamentals.
• Ability to analyse complex security events and drive resolution.
• Familiarity with AI-assisted security operations, automation, or data analysis use cases, with an understanding of responsible AI usage, data confidentiality, and validation of AI-generated outputs.
• Experience using scripting, SOAR, workflow automation, or AI-assisted tools to streamline security investigations, reporting, or operational knowledge capture is advantageous.