Cyber Security Engineer

Job Description

Role Title: Cyber Security Engineer

Role Type: Permanent

Location: Edinburgh (with blended home working)

Responsibilities

• Design, deploy and manage the next-generation detection and log management platforms including SIEM, log ingestion pipelines and cloud security monitoring tools.
• Develop advanced detection rules, correlation searches and playbooks to improve threat detection and response.
• Onboard and normalize log sources, perform data parsing and maintain SIEM alerting to support SOC operations.
• Engineer and maintain log pipelines using Cribl for optimal ingestion, filtering, routing and replay.
• Architect scalable solutions for log archival, rehydration and compliance-driven retention.
• Implement security monitoring, alerting and automation across Azure workloads using Microsoft Defender XDR, Defender for Cloud, Azure Monitor, Azure AD, Azure EventHubs, Log Analytics and Kusto Query Language.
• Build security automation playbooks and integrations for SOAR tools.
• Govern SOC architecture, develop interface definitions, security guidelines and collaborate with the Cyber Security Operation Centre and other security functions.
• Participate in incident response, contributing to the Cyber Security Incident Response Team for cyber incidents.

Qualifications & Experience

• Demonstrable experience in cyber security engineering, SIEM engineering, or related roles.
• Deep understanding of SIEM, log ingestion, SOAR, AV, CSPM, EDR/XDR, and cloud security technologies.
• Experience developing and maintaining SIEM alerts, detection rules, log pipeline architecture, and log pipelines.
• Strong knowledge of Azure-native security services and Azure monitoring stack (Defender, Monitor, AD, EventHubs, Log Analytics, KQL).
• Proficiency in writing queries in Kusto Query Language (KQL) or Splunk Processing Language (SPL).

Preferred (Not Required)

• Understanding of microservices architecture, Azure Logic Apps and DevSecOps practices.
• Experience with security architecture reviews and risk assessments.
• Experience with ITSM tools such as Jira or ServiceNow.
• Experience with CI/CD for security content deployment and configuration management.
• Knowledge of scripting languages for automation and API integration.
• Industry recognised certifications (SC-200, SC-100, AZ-500, Splunk, PCSAE, CISSP, CEH).
• Experience working with globally dispersed teams.

Benefits

• 40 days annual leave.
• 16% employer pension contribution.
• Discretionary performance based bonus where applicable.
• Private healthcare.
• Flexible benefits including gym discounts, season ticket loans and employee discount portal access.

Equal Opportunities

Aberdeen is a Disability Confident Committed employer. All applicants, including those with a disability, are encouraged to apply. The employer is committed to providing an inclusive workplace free from unfair or unlawful treatment and values diversity across all backgrounds and identities.