Threat Content Developer (Cyber)

Integrity360 is one of Europe’s leading cyber security specialists operating from office locations in the UK, Ireland, Bulgaria and Sweden. The group provides a comprehensive range of professional, support and managed cyber security services that identify and assess, protect and prevent, detect and analyze and respond and recover cyber risks and threats. Working either independently or as an extension of a organizations own team Integrity360 strengthen security postures for both mid market and enterprise organizations across a wide range of sectors including financial services, insurance, government, healthcare, retail, telecoms and utilities.

During June 2021 the company received a major strategic investment from leading London based private equity firm August Equity as part of a significant growth and expansion plan that will build the brand international.

With four Security Operation Centres, the company offers a complete end-to-end security services offering to its clients, covering their security from every angle. Its services include Managed Security, Cyber Security Testing, Incident Response, Security Integration and Cyber Risk & Assurance services. Its 300 clients can be found in all business verticals and include some of the largest and most well-known brands in the country.

What sets Integrity360 apart is its excellent team of people that drive the business forward. The company was founded with a focus on technical expertise and that philosophy remains today. The skills and experience in the company are some of the greatest in the industry and clients remain with Integrity360 because they can rely on and trust them to go above and beyond to ensure their needs are met.

Job RoleThe role of Threat Content Developer provides the successful candidate with an opportunity to develop & enhance Integrity360’s threat detection capabilities across Managed Threat Detection (MTD) and Managed Detection & Response (MDR) service lines.Tracking adversary activity across a range of industries, the successful applicant will help to ensure Integrity360-managed products are positioned to detect the latest tactics, techniques, and procedures employed by attackers.Working alongside teams including Incident Response, Cyber Threat Intelligence, and Integrity360’s Cyber Security Operations Centre (CSOC), the successful applicant will translate intelligence concerning adversary activity into detection capabilities which guide actionable investigations of real time threats.You will bring your knowledge & expertise of security operations, threat detection and security platforms, and threat intelligence review to technically assess and prioritize evolving threats. Considering Integrity360’s existing use case catalogue, you will help to identify and close gaps in coverage, continually improving detective capabilities with proactive and reactive additions to Integrity360’s overall threat content roadmap.If security is something that is not just your career but your passion – you spend endless hours researching and reading about what is happening in the world and where/how the latest hacks or vulnerabilities exploits are happening….we want to hear from you!

This role is open to candidates from Bulgaria, Italy, Spain, UK and Ireland. Depending on the location this could be 100% remote or hybrid.

Key Areas / Responsibilities Continual assessment of the Integrity360 detection portfolio, considering strengths and weaknesses and translating them into roadmap items and priorities.Ongoing analysis of various threat intelligence forms, tracking adversary activity in the context of adversary groups, campaigns, and software.Tracking emerging threats, such as 0-day exploits published for popular software used across the Integrity360 customer base.Continuous deployment of detection analytics (predominantly to SIEM), designed to detect any threats or risks identified during threat intelligence reviews.Engage with colleagues, from teams such as Incident Response, to identify indicators which may precede successful attacks, operationalizing those indicators into new detections.Contribute to the development of new tools used within the Threat Content Development team, typically leveraging automation to minimize delivery times and maximize intelligence integrations.Author technical documentation, with high-level explanations and low-level details of new detections and/or systems.

Qualifications / Qualities:Basic:Bachelor’s degree, preferably in Information Technology, Computer Science, Software, Cyber Security, or a related field.4+ years hands-on technical experience within an IT security related position, such as Detection Engineer, DevSecOps Engineer, Network Security Engineer, Cyber Security Engineer, Information Security Engineer, etc.Demonstrable experience implementing threat detection capabilities in security tooling such as SIEM, EDR, XDR, or SOAR.Deep understanding of security frameworks such as Mitre ATT&CK, OWASP, NIST, and/or CIS.Strong, low-level understanding of networking principles, operating systems, and software design practices.Familiar with commonly adopted cloud technologies across different vendors (e.g. Azure, AWS, GCP).Genuinely passionate about security, with a curious and analytical approach to problem solving.Preferred:A working knowledge of incident response and investigation best practices, capable of identifying avenues of investigation for new detections.Capable of working with one or more programming/ scripting language, e.g. Python, PowerShell, Bash, etc.Experience working with one or more popular CI/CD tool, such as Azure DevOps or GitLab Runner, familiar with tools such as git.

What we will provide for you:You will have the opportunity on a daily basis to interact with other committed, talented and equally security focused professionals in a challenging, team-oriented environment to guide and liaise on technical issues and mentor other staff members.Opportunity to shape & develop Integrity360’s Threat Detection capabilitiesFurther education, mentoring and training to enhance your skillsetA financially secure company that is going from strength to strength with significant growth plans that we are achieving.4 additional days paid annual leaveMultiSport card fully coveredPremium healthcare insurance with dental coverLife insuranceBrand new, modern officeRegular food days and events

Key Skills

• Azure
• Cybersecurity