Detection and Response Engineer

We're building one of the best Information Security teams to make Revolut the safest place to keep your money - and that's where you come in. We need highly responsible and detail-oriented people to help support the Information Security function.

About the role

As an early member of the new team, the engineer will be helping to establish the incident response and forensics capabilities, and play a vital role within Revolut's security operations function.

The work will involve building and deploying systems for anomaly detection and prevention across a Cloud and SaaS native environment. Encompassing work from building tools for automatic detection and remediation to deploying incident response playbooks with potential impact across teams within Security, Product teams, Compliance, Comms and others.

The individual will also have an opportunity to identify and react to security scenarios where signs of compromise or abuse are identified against Revolut's employees or systems.

We are looking for a senior-level engineer.

What you'll be doing

Designing and building tools and frameworks as they relate to detection and response. These include, but are not limited to:

• SIEM, Alerting, Automation and Playbook development
• Creating and developing Anomaly Detection (User and Entity Behaviour Analytics) on SaaS and internal system platforms
• Designing, develop and deploy Security automation frameworks in IT and cloud environments
• Operating and automate detection and response processes using commercial and/or custom built tools
• Creating actionable metrics regarding detection and response
• Executing detection and response testing and develop frameworks to test detection and response efficacy
• Assessing Revolut's logging and monitoring infrastructure in order to determine capability gaps
• Assisting in the creation or modification of forward-thinking security policies and procedures as needed

What you'll need

• 2+ years of commercial security experience or an equivalent with relevant academic experience
• Experience performing and automating security activities, such as incident response actions, configuration changes, and threat hunting
• Applicable knowledge of detection and response tools and procedures within cloud based environments (Docker, Kubernetes and native deployments)
• Experience deploying, maintaining and operating vendor or open source SIEM and SOAR solutions
• Strong understanding of both security and network fundamentals and protocols