Job Description
Full Time Permanentposition Hybrid role based in our City Centre offices What we offer We have embraced a hybrid working model for most of our positions, which means that you can enjoy a balanced approach of working from home for part of the week and working from the office for the remainder of the week. We offer a comprehensive benefits package including competitive salaries and bonuses, robust Learning and Development support, excellent Defined Contribution pension and comprehensive Wellbeing initiatives and support to name but a few. Further details on our benefits package can be accessed here Benefits (life- Role Overview We are seeking an experienced Senior Technical Specialist (Detection Engineer) to join the Endpoint Security Team as a Subject Matter Expert, focusing on SIEM management, Log source onboarding, and continuous improvement of security monitoring coverage and capabilities. The Senior Technical Specialist will be a key player in driving the operational excellence of our Security Information and Event Management (SIEM) systems. The Senior Technical Specialist will help mature the detection processes and capabilities to better defend our environments. This role will support our global SOC by providing high-fidelity signals and technical analysis aimed to detect adversarytactics, techniques, and behaviours. The Endpoint Security team report to the Head of Security Operations, providing security services to the European group of companies. The Senior Technical specialist will report to the Endpoint Security Manager within Central Security Services. The candidate will report to the Endpoint Security Manager and work closely with other security professionals to ensure that our SIEM platform and log sources are effectively managed, continuously optimised and aligned with the organisation's security posture. Team Background The Endpoint Security Team sits within our Central Security Services department and reports to the Head of Security Operations. This team has oversight/responsibility for: Antivirus Endpoint Detection and Response (EDR) Security Incident Event Monitoring (SIEM) Privileged Access Management (PAM) Database Security Endpoint Security Metrics & KPI's Endpoint Security Strategy & Roadmaps What you will help us to achieve Build new detection capabilities based upon research, analysis of threat actor methodologies, and testing of new attack techniques for cloud-based platforms in Azure, AWS, GCP and other SaaS providers. Serve as a Subject Matter Expert (SME) for SIEM management, log source onboarding, and SIEM platform optimisation. Design, deploy, and maintain SIEM agents/systems across the environment to meet Service Level Agreements (SLAs) and operational requirements. Onboard and integrate new log sources into SIEM, ensuring compliance with organisational security policies and regulatory requirements. Contribute to development and implementation of use cases and correlation rules to detect and respond to security incidents. Perform periodic audits and health checks of SIEM infrastructure, including performance tuning, system upgrades, and patch management. Collaborate with cross-functional teams to ensure successful integration of log sources from various network devices, application, and security tools. Participate in incident detection and response activities, acting as a key member of the Critical Incident Response Team during major incidents. Proactively identify opportunities to automate, optimise, and enhance the SIEM platform and overall security operations. Actively work with our threat operations and engineering team to enhance the processes that support the SOC team's mission. Mentor junior engineers and provide training on SIEM technologies and security event management practices. Production of quality documentation and training material. The main point of contact and the highest escalation point to the SIEM service. Ensure adherence with risk management programmes. Security Infrastructure Capacity Planning & Management for the SIEM service. Attend project meetings and maintain strong relationships. Identify opportunities or emerging demands and plan for them. Ensure that business risks are identified, and adequate controls are in place. Ensure alignment with industry best practices, compliance standards, and frameworks such as ISO 27001, NIST, GDPR, MITRE ATT&CK framework and more. What you will need to be successful in the role Third level qualification in Information Security or IT, or equivalent work or education-related experience preferable. Ideally five years' experience in an IT Security industry role and ten plus years' experience in the IT industry. Previous experience in one or more of the following: Host, Network, or Cloud Intrusion Detection, Cloud Security Research, Cloud Security Operations (CloudSecOps) in AWS, GCP, Microsoft Azure, Kubernetes/Docker, and/or SaaS services. In-depth experience with popular SIEM platforms such as Trellix SIEM, Microsoft Sentinel, Splunk, QRadar etc. Experience creating and optimizing detections for cloud environments Programming / Scripting experience (Python, JavaScript, PowerShell, etc.) Ability to Design, build and implement components of the technical infrastructure using an advanced and in-depth knowledge of the technology and be a resource for other technologists, Architects and CSS management. Advanced technical troubleshooting skills, particularly in the windows environment. Experience with failover clusters, disaster recover, backup & restore, patching and server hardening. Owns the resolution of incidents and problems. Acts as lead technologist. Runs meetings / workshops to drive out problems, etc. Ensures that solutions arrived at are comprehensive and of high quality. Provides direction and leadership. Have an ability to identify key influencers and build strong relationships with them. Provides leadership to and advises, coaches and mentor's less senior staff. Knowledge of information security and risk control frameworks such as COBiT, ISO 27001, ISO 27002, GDPR, OWASP. Industry recognised certifications desired such as Security +, Certified Information Systems Security Professional (CISSP), SIEM-specific certifications (e.g., Splunk Certified Admin, QRadar Specialist), SAN's certificates etc. are desirable. Specialized Knowledge: Deep understanding of Cloud and Application Security Best Practices. Knowledge of secure coding, application security, threat modelling. Familiarity with the Lockheed Martin Kill Chain analysis, MITRE ATT&CK framework, STRIDE threat modelling framework. Ability to author products for peer and management audience levels. An understanding of cyber advanced persistent threats, threat actors, IOC's and TTPs. Understanding of security technologies (intrusion detection/prevention system, network and operating system security, network firewall, WAF, SIEM, log management, VPN). Knowledge of incident handling processes and techniques. Knowledge of the cyber threat landscape and how to apply attacker motivation, capability, and intent to an organizational threat profile. Analytical capabilities and a strong ability to think creatively when approaching issues. An understanding of log analysis from multiple sources (e.g. firewall, cloud, endpoints) to identify and investigate security events and anomalies. Key Competencies Problem Solving and Decision Making Planning & Organising Team Working & Cross Functional Collaboration Innovation and Change Drive for Results About us Canada Life Group is the top-level European holding company for the Great-West Lifeco Group's European insurance, reinsurance, and asset management companies, with business operations in the UK, Ireland, Germany, and the Isle of Man. European Technology sits within Canada Life Group and encompasses the technology community across all European entities, Irish Life Group, Canada Life UK, Canada Life Europe, and Central Technology Services. European Technology supports the business strategy and collaboration of technology across all European divisions. There are multiple IT units within European Technology, each of which has its own individual set of technology platforms. Central Technology Services (CTS) provides IT infrastructure and security operations services to Europe. The company reserves the right to draw up a shortlist as part of the selection process. Where Agency assistance is required the Canada Life Recruitment Team will engage directly with suppliers. Unsolicited CVs / profiles supplied to Canada Life by Recruitment Agencies will not be accepted for this role. Canada Life Group Services is proud to be an Equal Opportunities employer. We have created an environment of inclusion and growth to help people achieve their potential, to ensure they can bring their whole selves to work and to feel valued. We celebrate diversity of thought and perspective and want all of our employees to feel valued, respected and supported. We have built a culture that promotes equality and inclusion for all of our current and future employees and strive to ensure that our behaviours, processes and practices are aligned to this culture. If you require any accommodations during the recruitment process please contact and we will be delighted to ensure you are fully supported to be your best. CLGS supports Equal Opportunity and is regulated by the Central Bank of Ireland. To be considered for this role you will be redirected to and must complete the application process on our careers page. To start the process click the Apply button below to Login/Register.