Cyber Security Defender

**Role type: Fixed Term Contract**

At Bupa, you’ll find an inclusive environment where you can be yourself and where everyone is driven by the same purpose - helping people live longer, healthier, happier lives and making a better world.

The primary goal of this role is to support and accelerate progress towards shifting Left our Cyber Defences through implementing automations to enhance prevention, detection, triage, and remediation of security events and incidents as well as strengthening our security detection and prevention controls via a threat-led approach.

Working in the Cyber Security Operations Centre (CSOC) within Cyber Defence Centre (CDC), you will join S25 program of work to help achieve the objectives of continuous threat exposure monitoring and achieving autonomous response through SOAR automations.

**key responsibilities include the following**:

- ** Continuous Threat Exposure Monitoring**: You will establish, implement and run strategic processes and tools for continuous monitoring, detection and remediation of any weaknesses in our cyber defences stemmed from sub-optimal configuration of security policies or a lack of full coverage across the estate. By continuously validating our cyber defences, you will help reduce the probability of threat actors circumnavigating our perimeter and endpoint security controls, in turn reducing the likelihood of compromised systems and/or breach of our data.
- ** Achieving autonomous cyber response through SOAR automation**: Your role will involve developing and deploying automated systems that enable efficient triaging of and response to security events and incidents, allowing for swift identification of critical issues and appropriate response measures. You will focus on automating response tasks, reducing manual effort, and ensuring faster and more consistent responses to security events and incidents. You will also drive the implementation of automated processes that enrich the data collected from security events and incidents, providing valuable context, and facilitating more accurate analysis.
- ** Developing and tuning SEIM detection use cases**: Adopting a threat-led approach, you will work towards creating effective Security Information and Event Management (SIEM) detection use cases, enabling us to promptly detect and respond to potential cyber threats. This also includes tuning existing detections for improved efficacy and reduced noise-to-signal ratio. This work will be grounded on the MITRE ATT&CK framework, ensuring a comprehensive and rapid detection and response mechanism against potential cyber threats.
- ** Logs Acquisition & Analysis**: Utilizing the MITRE ATT&CK and D3FEND techniques, you'll facilitate the process of acquiring and analysing new logs sources, offering vital data and insights into the security environment. This also includes identifying existing logs that can be off-boarded or archived to better manage SEIM log ingestion capacity demand. This work also includes integrating CSOC function with wider program of work including projects, programs and security architecture and consulting team so that SOC requirements are well integrated for upfront consideration in SDLC.

By actively contributing to these areas, you will play a crucial role in fortifying our organization's cyber defences, enabling us to stay ahead of emerging threats and protect our systems and data effectively.

**To be successful in this role you’ll need**:

- Tertiary education in IT, Computer Science or, preferably, Cybersecurity
- 3+ years working in Cyber Security Operations Centre
- Experience working with SEIM, Log Management, Use Case Development
- Security Orchestration and Automated Response (SOAR) experience will be critical
- Familiarity with Microsoft security technology stack particularly Azure Sentinel
- Applied knowledge of Mitre ATT&CK, D3FEND, NIST CSF, Cyber Kill Chain
- Excellent communication skills
- Some of following certifications, or aspiration to achieve:

- SC-200: Microsoft Security Operations Analyst
- AZ-204: Developing Solutions for Microsoft Azure
- AZ-500: Microsoft Azure Security Technologies
- SC-900: Microsoft Security, Compliance, and Identity Fundamentals
- SC-100: Microsoft Cybersecurity Architect