2 of 2 Remote Anomaly Detection Jobs in Gloucester

autonomously. Build relationships outside the HMG community with external SOCs and cybersecurity researchers to identify beneficial analytics, tradecraft, and threat intelligence. Develop complex KQL analytics and playbooks for detection rules against M365 environments and host-based analytics for Linux and Windows VMs. Review open-source research on threats impacting cloud services and prioritize implementation. Research vulnerabilities and produce … proof-of-concept exploits to demonstrate potential compromises. Emulate adversary TTPs for training and detection evaluation. Review red team and pentest findings to improve detection rules. Provide forensic support and threat emulation to improve alert triage and accuracy. Identify gaps in SOC processes and data analysis, demonstrating the need for improvements through scenarios and red teaming. … knowledge is desirable. Understanding of Windows Active Directory and Windows OS fundamentals. Knowledge of networking fundamentals. Experience with CI/CD and source control. Experience in writing malware and anomaly detection rules. Use of statistical methods for anomaly detection. Advanced practical experience with Microsoft Sentinel and/or Microsoft XDR. Proficiency in writing complex KQL analytics More ❯

Grade: GG10 - GG11 Job Description Point of escalation for intrusion analysis, forensics and Incident Response queries. Able to provide root cause analysis of complex, non-standard analytic findings and anomaly-based detections for which a playbook does not exist. · Mentor and share knowledge with the wider team as and when it becomes prudent. · Contribute and facilitate collaboration through the … that may benefit the Blue Team, including both communicating suggestions for funding/prioritisation to technical lead, and working as lead implementor when required. · Development of new complex and anomaly-based KQL analytics, and associated playbooks that result in creation of bespoke detection rules/analytics against M365 environments, plus host-based analytics for Linux and Windows … of AWS · Knowledge of Windows Active Directory · Knowledge of Windows Operating System fundamentals · Knowledge of Networking fundamentals · Experience using CICD and source control · Experience in writing new malware and anomaly detections Knowledge of using statistical methods to find anomalies in data · Advanced Practical use of Microsoft Sentinel and/or Microsoft XDR · Competent in writing med-highly complex KQL More ❯