Senior Security Engineer, Insider Trust

GlaxoSmithKline is seeking a highly skilled and proactive Detection Engineer to join our dynamic CSO team. The successful candidate will be instrumental in developing, implementing, and maintaining advanced systems to detect and neutralize cyber threats and vulnerabilities. With a solid foundation in information security, system monitoring, and incident response, the Detection Engineer will be at the forefront of safeguarding our digital infrastructure.

The Detection Engineer will thrive in a fast-paced and dynamic setting that requires quick reflexes, efficient problem-solving, and a proactive approach to cybersecurity challenges. This role is designed for a vigilant and dedicated individual who is ready to take on complex security issues and drive innovation in threat detection and response.

Responsibilities:

• Craft, own, and enhance default rules for our SIEM platform, ensuring robust detection across various data sources and timeframes.

• Develop and implement SOAR workflows to automate incident response tasks.

• Document SIEM configurations, detection rules, and incident response procedures.

• Conduct thorough false positive analysis and contribute to the continuous improvement of our detection capabilities.

• Design and manage sophisticated security detection systems to pinpoint threats and malicious activities.

• Refine detection rules and algorithms to minimize false positives and guarantee prompt threat detection.

• Analyse security logs, alerts, and outputs from diverse sources to interpret potential security incidents.

• Validate and investigate security incidents, employing a range of tools and methods.

• Work in tandem with the incident response team to assist in analysing and containing incidents.

• Stay updated on emerging cybersecurity threats and trends to maintain cutting-edge detection strategies.

• Regularly reassess and refine the company's security policies and protocols related to detection.

• Offer technical expertise and training to team members and stakeholders on detection tools and best practices.

• Lead the development of automated processes for detecting and mitigating security events.

• Document findings comprehensively, maintaining essential technical documentation.

Why You?

Basic Qualifications:

We are looking for professionals with these required skills to achieve our goals:

• Bachelor's degree in Computer Science or Information Security, or equivalent professional experience (7+ years).

• 4+ years of experience acting in a Detection Engineering role

• Experience in writing behavioural detection rules for SIEM or WAF

• Experience in security monitoring, threat hunting, and incident response.

Preferred Qualifications:

If you have the following characteristics, it would be a plus:

• Familiarity with YARA or static detections is advantageous.

• Knowledge of the MITRE ATT&CK Matrix and experience in building detections within this framework.

• Skilled in scripting and programming languages, particularly Python, proficiency in writing regular expressions (regex).

• Understanding of Detection Engineering processes, including backlog prioritization, writing tests.

• Experience in creating and managing detections for cybersecurity products, and working in a SOC or similar environment is beneficial.

• Strong analytical skills with a focus on false positive analysis.

• Comprehensive knowledge of cybersecurity frameworks, threat intelligence, and industry best practices.

• Exceptional communication and teamwork capabilities.

• In-depth knowledge of network protocols, operating systems, and secure architectures.

• Experience with various security technologies, including SIEM, IDS/IPS, and firewalls.

• Proficiency in scripting or programming languages is a plus.

• Familiarity with compliance and regulatory frameworks such as GDPR, HIPAA, NIST, or ISO is advantageous.

• Professional certifications like CISSP, GCIH, Splunk Certifications (SIEM & SOAR), ATT&CK Threat Hunting and Detection Engineering Certification, GIAC Certified Detection Analyst (GCDA), GIAC Cloud Threat Detection (GCTD) or equivalent are highly desirable.

Please visit  GSK US Benefits Summary to learn more about the comprehensive benefits program GSK offers US employees.

Why GSK?

Uniting science, technology and talent to get ahead of disease together.

GSK is a global biopharma company with a special purpose – to unite science, technology and talent to get ahead of disease together – so we can positively impact the health of billions of people and deliver stronger, more sustainable shareholder returns – as an organisation where people can thrive. We prevent and treat disease with vaccines, specialty and general medicines. We focus on the science of the immune system and the use of new platform and data technologies, investing in four core therapeutic areas (infectious diseases, HIV, respiratory/ immunology and oncology).

Our success absolutely depends on our people. While getting ahead of disease together is about our ambition for patients and shareholders, it’s also about making GSK a place where people can thrive. We want GSK to be a place where people feel inspired, encouraged and challenged to be the best they can be. A place where they can be themselves – feeling welcome, valued, and included. Where they can keep growing and look after their wellbeing. So, if you share our ambition, join us at this exciting moment in our journey to get Ahead Together.

If you require an accommodation or other assistance to apply for a job at GSK, please contact the GSK Service Centre at 1-877-694-7547 (US Toll Free) or +1 801 567 5155 (outside US).

GSK is an Equal Opportunity Employer and, in the US, we adhere to Affirmative Action principles. This ensures that all qualified applicants will receive equal consideration for employment without regard to race, color, national origin, religion, sex, pregnancy, marital status, sexual orientation, gender identity/expression, age, disability, genetic information, military service, covered/protected veteran status or any other federal, state or local protected class.

Important notice to Employment businesses/ Agencies

GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.

Please note that if you are a US Licensed Healthcare Professional or Healthcare Professional as defined by the laws of the state issuing your license, GSK may be required to capture and report expenses GSK incurs, on your behalf, in the event you are afforded an interview for employment. This capture of applicable transfers of value is necessary to ensure GSK’s compliance to all federal and state US Transparency requirements. For more information, please visit GSK’s Transparency Reporting For the Record site.