NMC Cyber Security Engineer
<p><b>Salary: £35,000 - 60,000 per year</b></p>
<b>Requirements:</b>
<ul><li>Experience with log analysis and correlation of large datasets from multiple data sources to identify and investigate attack patterns.</li><li>Experience of supporting and developing SIEM platforms in the context of a Security Operations Centre.</li><li>Experience of log source configuration and parsing, including experience of data normalization using RegEx.</li><li>Practical experience in the creation, testing, implementation, and support of custom tooling to support Security Operations.</li><li>Experience working with APIs.</li><li>Practical experience in software development and scripting, preferably PowerShell and Python.</li><li>Initiative and the ability to produce quality work without close supervision.</li><li>Good written and verbal communication skills, particularly in relation to technical subjects.</li><li>Attention to detail and genuine passion for maintaining high-quality software configuration.</li><li>Broad cyber security awareness and practical experience.</li><li>Experience working with code repositories and CI/CD.</li><li>Ability to acquire SC and NPPV3 level clearances.</li><li>Certifications demonstrating a combination of offensive and defensive knowledge are desirable (e.g., PNPT, OSCP, BTL2, GCFA).</li><li>Previous public sector experience is a plus.</li><li>Previous SOC or security engineering experience is a plus.</li><li>Previous experience monitoring the security of cloud technologies is a plus.</li><li>Experience with Microsoft Power Apps/Power Automate and Azure Logic Apps is a plus.</li></ul>
<b>Responsibilities:</b>
<ul><li>Develop, maintain, and deploy SIEM detection rules for complex technical environments.</li><li>Maintain knowledge of the threat landscape and TTPs employed by threat actors.</li><li>Ensure detections are relevant and effective by collaborating across wider NMC functions.</li><li>Create custom solutions using both low-code and traditional development approaches.</li><li>Optimize log collection to align with detection requirements.</li><li>Maintain documentation for detection rules to be used by analysts.</li><li>Scope, test, and implement new SIEM data connectors.</li><li>Contribute to Continual Service Improvement and innovations with wider NMC teams.</li><li>Support the creation of automation and analyst playbooks.</li></ul>
<b>Technologies:</b>
<ul><li>Azure</li><li>CI/CD</li><li>Cloud</li><li>Support</li><li>PowerShell</li><li>Python</li><li>Security</li><li>REST</li></ul>
<p><b>More:</b></p>
<p>We are Police Digital Service, dedicated to protecting people from harm and supporting UK policing through innovative technology. Our National Management Centre (NMC) plays a crucial role in providing visibility and control of information risks, working 24/7 to ensure proactive threat detection and response. Were committed to employee well-being, offering 28 days of annual leave plus bank holidays (rising to 30 after 5 years), flexible working hours, and a supportive environment for professional growth. We embrace diversity and encourage applications from a broad range of backgrounds, creating a rich and inclusive workplace. Hybrid working arrangements allow you to enjoy both face-to-face collaboration and home working opportunities.</p>
<p>last updated 8 week of 2026</p>
<b>Requirements:</b>
<ul><li>Experience with log analysis and correlation of large datasets from multiple data sources to identify and investigate attack patterns.</li><li>Experience of supporting and developing SIEM platforms in the context of a Security Operations Centre.</li><li>Experience of log source configuration and parsing, including experience of data normalization using RegEx.</li><li>Practical experience in the creation, testing, implementation, and support of custom tooling to support Security Operations.</li><li>Experience working with APIs.</li><li>Practical experience in software development and scripting, preferably PowerShell and Python.</li><li>Initiative and the ability to produce quality work without close supervision.</li><li>Good written and verbal communication skills, particularly in relation to technical subjects.</li><li>Attention to detail and genuine passion for maintaining high-quality software configuration.</li><li>Broad cyber security awareness and practical experience.</li><li>Experience working with code repositories and CI/CD.</li><li>Ability to acquire SC and NPPV3 level clearances.</li><li>Certifications demonstrating a combination of offensive and defensive knowledge are desirable (e.g., PNPT, OSCP, BTL2, GCFA).</li><li>Previous public sector experience is a plus.</li><li>Previous SOC or security engineering experience is a plus.</li><li>Previous experience monitoring the security of cloud technologies is a plus.</li><li>Experience with Microsoft Power Apps/Power Automate and Azure Logic Apps is a plus.</li></ul>
<b>Responsibilities:</b>
<ul><li>Develop, maintain, and deploy SIEM detection rules for complex technical environments.</li><li>Maintain knowledge of the threat landscape and TTPs employed by threat actors.</li><li>Ensure detections are relevant and effective by collaborating across wider NMC functions.</li><li>Create custom solutions using both low-code and traditional development approaches.</li><li>Optimize log collection to align with detection requirements.</li><li>Maintain documentation for detection rules to be used by analysts.</li><li>Scope, test, and implement new SIEM data connectors.</li><li>Contribute to Continual Service Improvement and innovations with wider NMC teams.</li><li>Support the creation of automation and analyst playbooks.</li></ul>
<b>Technologies:</b>
<ul><li>Azure</li><li>CI/CD</li><li>Cloud</li><li>Support</li><li>PowerShell</li><li>Python</li><li>Security</li><li>REST</li></ul>
<p><b>More:</b></p>
<p>We are Police Digital Service, dedicated to protecting people from harm and supporting UK policing through innovative technology. Our National Management Centre (NMC) plays a crucial role in providing visibility and control of information risks, working 24/7 to ensure proactive threat detection and response. Were committed to employee well-being, offering 28 days of annual leave plus bank holidays (rising to 30 after 5 years), flexible working hours, and a supportive environment for professional growth. We embrace diversity and encourage applications from a broad range of backgrounds, creating a rich and inclusive workplace. Hybrid working arrangements allow you to enjoy both face-to-face collaboration and home working opportunities.</p>
<p>last updated 8 week of 2026</p>