KI

Senior SecOps Engineer

KI

full-time

Posted on:

Location Type: Hybrid

Location: LondonUnited Kingdom

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

AzureCloudGoogle Cloud PlatformKubernetesPython

About the role

  • Lead development and tuning of SIEM detection rules and alerts
  • Develop and tune detection use-cases for AI misuse (suspicious tool calls, anomalous connector usage, token abuse, prompt injection attempts, unusual access patterns)
  • Design and implement advanced detection logic and analytics
  • Conduct and automate proactive threat hunting activities
  • Analyse complex security events and identify advanced threats
  • Optimise security monitoring to reduce false positives and improve signal quality
  • Build security dashboards and metrics for leadership visibility
  • Lead incident response for medium to high severity security incidents
  • Lead investigation and response for AI-related incidents (prompt injection, data leakage via AI tooling, compromised connectors, overprivileged tool access), and translate lessons learned into improved monitoring, playbooks, and preventative controls
  • Coordinate incident response activities across security and technology teams
  • Conduct advanced forensic analysis and root cause investigation
  • Drive post-incident reviews and implement improvements
  • Maintain and improve incident response playbooks
  • Mentor junior analysts on incident response techniques
  • Participate in crisis management and business continuity exercises
  • Lead threat hunting program and conduct advanced hunting activities
  • Analyse threat intelligence and translate to detection and response capabilities
  • Research adversary TTPs and attack techniques (MITRE ATT&CK)
  • Share threat intelligence with stakeholders and drive proactive improvements
  • Monitor threat landscape and assess impact to Ki's environment
  • Build threat intelligence capabilities and processes
  • Lead vulnerability prioritisation and risk assessment
  • Partner with teams on infrastructure and application vulnerability remediation
  • Track vulnerability metrics and drive timely remediation
  • Coordinate penetration testing and security assessments
  • Support risk-based vulnerability management decisions
  • Collaborate with Cloud Security engineers on detection and monitoring architecture
  • Partner with AppSec on integrating security testing into vulnerability management
  • Support SANE, cloud, and infrastructure engineers during complex infrastructure and application incidents
  • Lead cross-functional workstreams on security initiatives
  • Proactively identify opportunities for collaboration across security functions
  • Mentor junior and mid-level security operations analysts Build trust and credibility with engineering teams
  • Uphold and advance security operations principles and ways of working
  • Contribute to security operations roadmap and strategy Drive security operations process improvements

Requirements

  • Significant experience in security operations, incident response, threat hunting, or SOC roles
  • Deep expertise in security monitoring, detection, and incident response
  • Proven track record leading complex security incidents to resolution
  • Experience with advanced threat hunting and detection engineering
  • Hands-on scripting experience and delivering automations to production
  • Strong background in SIEM platforms and security operations tooling
  • Demonstrated ability to mentor and develop junior analysts
  • Experience building trust and collaborating with engineering teams
  • Practical understanding of AI and LLM threat patterns and mitigations, and how to operationalise detections in SIEM
  • Expert knowledge of Azure Sentinel (or similar SIEM platforms)
  • Advanced KQL query language methodology for detection and hunting
  • Deep understanding of MITRE ATT&CK framework and adversary TTPs
  • Expert knowledge of incident response methodologies (NIST, SANS)
  • Experience with advanced threat hunting techniques and methodologies & XDR/EDR platforms (Darktrace or similar)
  • Advanced security event analysis and correlation
  • Understanding of cloud security monitoring (GCP, Azure)
  • Knowledge of network security monitoring and traffic analysis
  • Strong understanding of networking, operating systems, and cloud security
  • Scripting skills in Python, PowerShell, or similar for automation
  • Understanding of Infrastructure-as-Code and DevSecOps practices
  • Familiarity with Kubernetes and container security
  • Advanced incident response and coordination skills
  • Digital forensics and malware analysis knowledge
  • Experience with forensic tools and techniques
  • Understanding of legal and regulatory requirements for incident handling
  • Experience with vulnerability scanning platforms and tools
  • Knowledge of vulnerability prioritisation frameworks (CVSS, EPSS)
  • Understanding of penetration testing methodologies
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
SIEM detection rulesdetection use-casesadvanced detection logicthreat huntingforensic analysisincident responseKQL query languageMITRE ATT&CK frameworkscripting in Pythonvulnerability scanning
Soft Skills
mentoringcollaborationtrust buildingincident coordinationprocess improvementcommunicationleadershipanalytical thinkingproblem-solvingcrisis management
Certifications
NIST incident response methodologiesSANS incident response methodologies