Senior Cyber Security Engineer

The Department for Business and Trade (DBT) has a clear mission - to grow the economy. Our role is to help businesses invest, grow and export to create jobs and opportunities right across the country. We do this in three ways.

Firstly, we help to build a strong, competitive business environment, where consumers are protected and companies rewarded for treating their employees properly.

Secondly, we open international markets and ensure resilient supply chains. This can be through Free Trade Agreements, trade facilitation and multilateral agreements.

Finally, we work in partnership with businesses every day, providing advance, finance and deal-making support to those looking to start up, invest, export and grow.

The Digital, Data and Technology (DDaT) directorate develops and operates tools and services to support us in this mission. The team have been nominated four times in a row for Best Public Sector Employer at the Women in Tech awards and won the award in 2025!

This role sits within DBTs SOC (Security Operations Centre), reporting to the Lead Cyber Security Engineer. The SOC is responsible for identification and mitigation of threats, both internal and external to the security of the department. This role supports these actions by creating new capabilities, supporting existing capabilities and providing expertise to colleagues when required. You will also be focussing on implementing data pipelines to deliver logging into the SIEM solution and building automated enrichment capabilities. This role will involve the development of security tools, providing cyber security advice to the development community in DBT to ensure best practice is being followed.

As a Senior Cyber Security Engineer, you will take a leading role in shaping and evolving our Microsoft Sentinel capability, moving beyond traditional SIEM usage into a scalable, engineering-led security data platform. You will be responsible for designing and onboarding complex log sources across a multi-platform environment, including AWS (Cloudtrail / Cloudwatch), Datadog, Logstash and 3rd party integrations.

A key part of the role is working closely with internal engineering teams and external partners to ensure high-quality, structured logging is produced at source. You will help and define and implement logging standards, including structured JSON logging and best practices for application frameworks such as Django, ensuring data is meaningful, consistent and aligned to detection and monitoring use cases.

You will also drive the standardisation and normalisation of logs using frameworks such as ASIM, enabling scalable, reusable detection logic and improving overall visibility across the estate. This role goes beyond onboarding logs as you will be expected to challenge existing approaches, improve data quality, and ensure that security monitoring is both effective and efficient.

A major focus of this position is to support the team in the evolution of our data architecture within sentinel. You will provide input into the design for a data lake strategy incorporating hot, cold and archive storage tiers, enabling long-term retention, historical analysis, and log replay capabilities while actively optimising ingestion and storage costs.

Over the coming 12-18 months, DBTs SOC will be looking to make big strides in its maturity journey through the transition to a SecDevOps way of working in Azure and MS Sentinel and through the implementation of an enterprise log management solution, all of which the Senior Engineer will be involved with.

Main responsibilities

You will be:

• Supporting the Lead Cyber Security Engineer in the implementation of the monitoring and improvement roadmap
• Working with SOC Engineering and IDR leads to agree priorities and technical steps to deliver those improvements
• Testing and implementing changes within multiple cloud environments
• Producing documentation to accurately represent the system that has been implemented and its current state for other engineers to use and rely on
• Updating and maintaining existing tools and infrastructure
• Proactively review and identify opportunities and technical mechanisms to enrich security logs ingested into the SIEM to improve SOC efficiencies
• Maintaining the pipelines and infrastructure that is facilitating the ingestion of logs and processing logs
• Assisting with active investigations and providing expert knowledge to assist analysts
• Creating playbooks and documentation for the maintenance of playbooks

It is essential that you have:

• Demonstratable experience configuring Security related tools and implementing security policies
• Proven ability to onboard, integrate and work with logs from cloud platforms (AWS Cloudtrail, AWS Cloudwatch, Azure EventHub) and tools such as Datadog, Logstash or similar, ensuring data is usable for monitoring and detection
• Demonstratable experience building queries, detections, and working with log data within Sentinel, including proficient use of KQL
• Hands on experience of working with developers or 3rd parties to implement structured logging (JSON) and improve log quality within applications (Django or similar frameworks)
• Demonstratable experience of using command line and scripting languages e.g., Python, PowerShell etc to manage resources

It is desirable that you have:

• Hands on experience of normalising log data (ASIM) to enable consistent, scalable, and reusable detection use cases across multiple data sources
• Experience to data lake design, tiered storage (hot/cold/archive), or strategies for log retention, replay and cost optimisation with a SIEM or cloud environment