Associate Director, Detection Engineering

Position Title: Associate Director, Detection Engineering

Location: Delft

Role Purpose:

The purpose of this role is to lead a global team that builds, maintains and continuously improves detection logic across a variety of MXDR technologies, according to a clear strategy that is regularly updated to meet market and client demands. The global team will be made up of regionally located colleagues (UK, NL, AU & PH), that all contribute to a global set of detection logic, custom detections for clients and structural improvement projects around these themes. 

The head of global detection engineering will be responsible for ensuring a market leading detection coverage on the technologies we deploy as part of our MXDR services. They ensure that we detect high risk cyber attack techniques, that result in high fidelity detections at our clients, with low false positive ratios. 

A key part of the role is engaging and collaborating with other leaders in the GMS and NCC business, to ensure that we achieve the following key ambitions: 

• Provide up-to-date detection coverage for our clients, based on the latest insights from threat intelligence, incident response and red teaming activities other NCC teams undertake 

• Support the SOC in maintaining manageable false positive ratio’s across clients (tuning is a SOC responsibility) 

• Be a sparring partner for engineers that build and maintain our UCP platform and associated technologies 

• Build custom detection logic at the request of clients 

As part of the role, there will also be a limited number of data scientists reporting into the head. The role’s responsibilities therefore also cover providing data science research and innovation within the context of GMS. 

Summary:

• Lead a global implementation team that builds, maintains and continuously improves detection logic across a variety of MXDR technologies 

• Be part of the GMS DevSecOps leadership team and actively contribute to setting vision, direction and feature set of our technology platforms 

• Ensure that our detection logic is a differentiator in the market, providing extensive and high quality coverage for advanced cyber attacks 

• Manage senior detection engineers who each manage a number of detection engineers on a specific technology set (EDR, NDR, SIEM) 

• Work pro-actively with wider NCC teams to ensure all relevant inputs are available (TI, DFIR, RTO etc) to build top-notch detection logic and to ensure other teams (like solution architecture and implementations) have the required information to deploy high quality MXDR systems with the best possible coverage 

• Ensure that we can always provide transparency to clients about the detection coverage they receive 

• Ensure that we develop new ways of applying data science to our vast data sets in order to further improve detection of cyber attacks, correlation of alerts and other efficiencies and improvements that provide improved coverage to clients and improved efficiency to our SOC 

What we are looking for in you:

• Experience in detection engineering on a range of technologies (SIEM and EDR, ideally NDR as well) 

• Experience in working in a global firm in a multi-cultural context 

• Experience in working in a complex international environment, that’s subjected to a significant amount of change 

•           Excellent oral and written communication skills 

• Ability to work with clients and NCC colleagues to continuously improve the service we deliver 

• Experience with and knowledge of application of data science within a cyber security context 

• Inspiring leader, with ability to communicate effectively at all levels, creating an approachable and supportive environment for colleagues 

• Have hands-on experience with a variety of technologies we use: Sentinel, Defender for End-point, Carbon Black, Splunk, etc 

• Experience with purple teaming and other adjacent cyber security practices/topics that strengthen detection engineering 

• Forensics and/or incident response experience 

Behaviours:

• Focusing on Clients and Customers.  
• Working as One NCC.
• Always Learning.
• Being Inclusive and Respectful. 
• Delivery Brilliantly.  
• Enabling Performance
• Looking Externally

Why NCC Group?

At NCC Group, our mission is to create a more secure digital future. That mission underpins everything we do, from our work with our incredible clients to groundbreaking research shaping our industry. Our teams' partner with clients across a multitude of industries, delving into, securing new products, and emerging technologies, as well as solving complex security problems. As global leaders in cyber and escrow, NCC Group is a people-powered business seeking the next group of brilliant minds to join our ranks.   

Our colleagues are our greatest asset, and NCC Group is committed to providing an inclusive and supportive work environment that fosters creativity, collaboration, authenticity, and accountability. We want colleagues to put down roots at NCC Group, and we offer a comprehensive benefits package, as well as opportunities for learning and development and career growth. We believe our people are at their brilliant best when they feel bolstered in all aspects of their well-being, and we offer wellness programs and flexible working arrangements to provide that vital support. 

What do we offer in return?

We have a high-performance culture which is balanced evenly with world-class well-being initiatives and benefits;

⏰Flexible working

💸 Financial & Investment

• Pension
• Bonus
• Life Assurance
• Share Save Scheme
• Maternity & Paternity leave

🙋🏾Community & Volunteering Programmes

⚡ Green Car Scheme

🚴 Cycle Scheme

🏥 Healthcare

🏙️ Office Lifestyle

🧑🏻‍🤝‍🧑🏻 Employee Referral Program

🧘🏻 Lifestyle & Wellness

🎓 Learning & Development

👨🏿‍🦽 Diversity & Inclusion

So, what’s next?

If this sounds like the right opportunity for you, then we would love to hear from you! Click on apply to this job to send us your CV and the relevant member of our global talent team will be in touch with you. Alternatively send your details to global.ta@nccgroup.com .

About your application

We review every application received and will get in touch if your skills and experience match what we’re looking for. If you don’t hear back from us within 10 days, please don’t be too disappointed – we may keep your CV on our database for any future vacancies and we would encourage you to keep an eye on our career opportunities as there may be other suitable roles.

If you do not want us to retain your details, please email global.ta@nccgroup.com. All personal data is held in accordance with the NCC Group Privacy Policy (candidate-privacy-notice-261023.pdf (nccgroupplc.com)). We are committed to diversity and flexibility in the workplace. If you require any reasonable adjustments to support you during the application process, please tell us at any stage.

Please note that this role involves mandatory pre-employment background checks due to the nature of the work NCC Group does. To apply, you must be willing and able to undergo the vetting process. This role being advertised will be subject to BS7858 screening as a mandatory requirement.