Mott MacDonald are seeking a Security Engineer with a strong background in threat hunting and incident response who will be working closely with our Security Operations Centre (SOC) and Security Operations (SO) teams.

As a vital member of our cyber security team, you will play a critical role in ensuring the security of our digital infrastructure and data.

Job Description

Key Responsibilities and Accountabilities

Proactive Threat Hunting:

• Continuously identify and hunt for security threats within our network and systems. Utilise advanced threat hunting techniques and tools to uncover potential risks.
• Develop, customise, and maintain threat hunting playbooks that outline standardised procedures for investigating various types of threats. These playbooks will help ensure consistent and effective threat response.

Threat Intelligence:

• Stay abreast of the evolving threat landscape, emerging attack tactics, and vulnerabilities.
• Evaluate new MITRE ATT&CK tactics and techniques against existing architecture and configurations.
• Produce reports and communications on the latest threats for a variety of audiences.
• Apply threat intelligence to enhance detection and response strategies for both insider risks and external threat actors.

Security Tool Development and Management:

• Manage and maintain various security tools and technologies, ensuring they are up-to-date and optimised for threat detection.
• Work with penetration testers and prioritise vulnerability assessment outputs.

Reporting and Documentation:

• Create detailed reports on threat hunting activities, incidents, and vulnerabilities.
• Maintain thorough documentation of procedures and findings.

Risk Management:

• Work with Risk Managers to ensure weaknesses and threats are documented, prioritised appropriately, and remediated.

Formal Education and Certification:

• Bachelor's degree or equivalent work experience.
• Relevant certifications such as CISSP or CCSP are preferred.
• Has, or is eligible for, UK Security Clearance (SC).

Knowledge and Experience:

• Proven experience in threat hunting and incident response, with a minimum of 2 years in a similar role with a large multinational organisation.
• Broad experience in a wide variety of IT systems.
• Experience with Microsoft and Azure security tools and controls.
• Understanding of modern cloud and network technologies.
• Good understanding of network architecture and defence by design.
• Proficiency in scripting and programming (e.g., Python, PowerShell) and a broad range of technical skills.
• Strong understanding of ransomware attack techniques and mitigation strategies.
• Worked within Frameworks NIST, Cyber Essentials, ISO 27001 and NCSC CAF.
• Worked with CIS benchmarks.

Personal Attributes:

• Excellent interpersonal skills: writing, speaking, listening, persuading, influencing and collaborating.
• Superior analytical, evaluative, and problem-solving abilities.
• Ability to convey complex technical concepts to non-technical stakeholders.
• Ability to learn new things quickly, to thrive on change, navigate ambiguity, and to strive for continuous improvement.
• Ability to develop and maintain a workplan.