Senior Cyber Security Engineer

The Department for Business and Trade (DBT) has a clear mission - to grow the economy. Our role is to help businesses invest, grow and export to create jobs and opportunities right across the country. We do this in three ways. Firstly, we help to build a strong, competitive business environment, where consumers are protected and companies rewarded for treating their employees properly.

Secondly, we open international markets and ensure resilient supply chains. This can be through Free Trade Agreements, trade facilitation and multilateral agreements.

Finally, we work in partnership with businesses every day, providing advance, finance and deal-making support to those looking to start up, invest, export and grow.

The Digital, Data and Technology (DDaT) directorate develops and operates tools and services to support us in this mission. The team have been nominated four times in a row for ‘Best Public Sector Employer’ at the Women in Tech awards and won the award in 2025!

This role sits within DBT’s SOC (Security Operations Centre), reporting to the Lead Cyber Security Engineer. The SOC is responsible for identification and mitigation of threats, both internal and external to the security of the department. This role supports these actions by creating new capabilities, supporting existing capabilities and providing expertise to colleagues when required. You will also be focussing on implementing data pipelines to deliver logging into the SIEM solution and building automated enrichment capabilities. This role will involve the development of security tools, providing cyber security advice to the development community in DBT to ensure best practice is being followed.

As a Senior Cyber Security Engineer, you will take a leading role in shaping and evolving our Microsoft Sentinel capability, moving beyond traditional SIEM usage into a scalable, engineering-led security data platform. You will be responsible for designing and onboarding complex log sources across a multi-platform environment, including AWS (Cloudtrail / Cloudwatch), Datadog, Logstash and 3rd party integrations.

A key part of the role is working closely with internal engineering teams and external partners to ensure high-quality, structured logging is produced at source. You will help and define and implement logging standards, including structured JSON logging and best practices for application frameworks such as Django, ensuring data is meaningful, consistent and aligned to detection and monitoring use cases.

You will also drive the standardisation and normalisation of logs using frameworks such as ASIM, enabling scalable, reusable detection logic and improving overall visibility across the estate. This role goes beyond onboarding logs as you will be expected to challenge existing approaches, improve data quality, and ensure that security monitoring is both effective and efficient.

A major focus of this position is to support the team in the evolution of our data architecture within sentinel. You will provide input into the design for a data lake strategy incorporating hot, cold and archive storage tiers, enabling long-term retention, historical analysis, and log replay capabilities while actively optimising ingestion and storage costs.

Over the coming 12-18 months, DBT’s SOC will be looking to make big strides in its maturity journey through the transition to a SecDevOps way of working in Azure and MS Sentinel and through the implementation of an enterprise log management solution, all of which the Senior Engineer will be involved with.

Main responsibilities

You will be

• Supporting the Lead Cyber Security Engineer in the implementation of the monitoring and improvement roadmap
• Working with SOC Engineering and IDR leads to agree priorities and technical steps to deliver those improvements
• Testing and implementing changes within multiple cloud environments
• Producing documentation to accurately represent the system that has been implemented and its current state for other engineers to use and rely on
• Updating and maintaining existing tools and infrastructure
• Proactively review and identify opportunities and technical mechanisms to enrich security logs ingested into the SIEM to improve SOC efficiencies
• Maintaining the pipelines and infrastructure that is facilitating the ingestion of logs and processing logs
• Assisting with active investigations and providing expert knowledge to assist analysts
• Creating playbooks and documentation for the maintenance of playbooks

Proud member of the Disability Confident employer scheme

Disability Confident

About Disability Confident

A Disability Confident employer will generally offer an interview to any applicant that declares they have a disability and meets the minimum criteria for the job as defined by the employer. It is important to note that in certain recruitment situations such as high-volume, seasonal and high-peak times, the employer may wish to limit the overall numbers of interviews offered to both disabled people and non-disabled people. For more details please go to Disability Confident.