Cyber Security Detection Engineer

Cybersecurity Detection Engineer

Please note that we will consider candidates residing in other provinces, i.e Gauteng

This role entails technical and research abilities!
Detection Engineers are responsible for improving the detection within the Nview MDR service and are the escalation point for when Response Engineers require assistance in terms of case investigations. Detection Engineers create new detectors and design threathunts, but also develop new methods of performing detection, whether that is with the current technology that may be in place or designing new systems that allow for improved detection. Detection Engineers keep informed of the latest vulnerabilities, exploits, attacker tactics and detection methods in order to use this knowledge to develop better detection within Nview MDR. Beyond detection, they also have an overall and in-depth understanding of the technology and processes that make up the Nview MDR service, from the underlying software to the individual response procedures.

Experience
• You have several years’ experience performing system and/or network administration and have some practical work experience on Active Directory and Windows Server. You have also worked on Linux platforms and are comfortable at the command line. Even if you have not worked in a cyber security specific role, you performed some cyber security functions as part of your role and you most certainly keep up to date with threats and cyber security news and trends.

About You
• You may have some interest or experience in offensive security, but your passion lies in defending against attackers and working in a blue team.
• You have a deep desire to get to root cause and leave no stone unturned in any investigation/research you do.
• You are a technical person and have broad knowledge in systems and networks.
• You enjoy building things (tools and procedures) and prefer using them to other tools that may not work as well.
• You have an immense desire to learn and are always researching and investigating new solutions and ideas.
• You have experience in both Linux and Windows OS, and good exposure to Active Directory.
• You work well in a small team and also enjoy engaging outside your team occasionally.

Responsibilities
• Threat Research – Keep updated in terms of the latest tools and techniques being used by attackers. Be aware of high-profile vulnerabilities and understand how they may affect Nview clients. Understand how Nview can be used to detect these threats and attacks, not only with its current technology stack but with applying new detection technologies or methods. Utilise this gained knowledge by informing clients when they are at risk, alternatively engage with CSM to communicate this.
• Build and Maintain Threathunts – Develop new threathunts based on gaps in detection or to provide better overall detection. These threathunts need to be documented in CyberFire. Review threathunts on a regular basis to ensure they remain accurate with the view of migrating them to detectors.
• Detection Innovation – Based on current threats, vulnerabilities or known defence trends, develop detectors including documentation for these detectors. Work with response to improve detectors which may not be effective or which may generate excessive false positives. Ensure detectors do not break by implementing regular testing of individual detectors.
• Manage Threat Intelligence – Regularly review threat feeds to determine their effectiveness. Ineffective feeds should be discarded. Research and be aware of new threat feeds that can be tested and introduced. Monitor internal threat intelligence and ensure it is evolving and continuously improving.
• Incident Investigation Support – Be an escalation point for when Response Engineers require assistance in terms of incident investigations, particularly for critical incidents.

To apply, please send your CV to

While we would really like to respond to every application, should you not be contacted for this position within 15 working days please consider your application unsuccessful this time around.