Cyber Security Engineer

Security Engineer

At Aberdeen, our ambition is to be the UK's leading Wealth & Investments group.

Strengthening talent and culture is one of our strategic priorities. We strive to make Aberdeen a great place to work so that we can attract and retain the industry's best talent.

Our people put our stakeholders at the heart of everything they do by helping us to make a positive difference to the lives of our clients, customers, colleagues, shareholders, and society.

We are focused on growing our direct and advised wealth platforms and repositioning our specialist asset management business to meet client demand. We are committed to providing excellent client service, supported by leading technology and talent.

Aberdeen comprises three businesses, interactive investor (ii), Investments, and Adviser, each of which focuses on meeting and adapting to our clients' evolving needs:

• Interactive investor, the UK's second largest direct-to-consumer investment platform, enables individuals in the UK to plan, save, and invest in the way that works for them.
• Our Adviser business provides financial planning solutions and technology for UK financial advisers, enabling them to create value for their customers.
• Our Investments business is a specialist asset manager that focuses on areas where we have both strength and scale to capitalise on the key themes shaping the market, through either public markets or alternative asset classes.

At Aberdeen the Security, Resilience and Protection departments the security of our customer assets and data is of paramount importance, especially within our changing digital world. Within our department, an exciting and challenging opportunity has arisen for an experienced and ambitious Security Engineer.

This role represents a unique opportunity to contribute to the evolution of the cyber security engineering team and engage with teams across the enterprise to develop a best-in-class engineering function using emerging technologies and innovative working practices. Advancing a team culture that promotes learning, creativity and supportive collaboration provides an environment where new approaches, innovative thinking and commitment will allow you to deliver high quality outputs. (I took this paragraph from Mark's Cloud Engineering position – everything from here on is mine though)

Reporting to the Cyber Security Engineering Manager, you will be responsible for designing, implementing and maintaining our next-generation detection and log management platforms. This role sits at the intersection of SIEM engineering, cloud security, and advanced log pipeline management, ensuring that our enterprise maintains world-class detection fidelity, threat visibility and compliance across diverse environments.

You will help us deliver improvements across several of our cyber security domains including Security Data & Analytics, Security Automation, Incident Response and Threat Detection. Additionally, you will work closely with our Cyber Security Operation Centre, wider security functions, specialist 3rd party security suppliers and our global IT and business teams.

Key Responsibilities:

SIEM Engineering & Operations:

• Development of advanced detection rules, correlation searches, and playbooks to improve threat detection and response
• Perform log source onboarding, parsing, and data normalisation on various data types
• Experience with design, development, configuration and maintenance of SIEM alerts to support our SOC Operations

Log Management & Data Engineering:

• Engineer and maintain log pipelines using Cribl to optimise ingestion, filtering, routing and replay
• Ability to work confidently on intelligent log transformation, data enrichment and routing strategies
• Architect scalable solutions for log archival, data rehydration and compliance-driven retention

Cloud Security:

• Leverage Azure-native security services such as Microsoft Defender XDR, Defender for Cloud, Azure Monitor and Azure AD
• Implement security monitoring, alerting and automation across Azure logging and IaaS/PaaS/SaaS workloads
• Integrate Azure EventHubs, Log Analytics and a strong knowledge of Kusto Query Language (KQL) as well as Splunk Processing Language (SPL) to optimise data pipelines and detection engineering

About the Candidate:

• Understanding of microservices architecture, Azure Logic Apps and DevSecOps
• Contribute to security architecture reviews and risk assessments
• Experience with ITSM tools such as Jira or ServiceNow for workflow, incident and change management
• Implement CI/CD practices for security content deployment and configuration management
• Knowledge of one or more scripting languages with experience in developing automation playbooks, scripts that interact with APIs and parsers for data engines
• Industry recognised certifications such as SC-200, SC-100, AZ-500, Certified Splunk Admin/Architect, PCSAE, CISSP, CEH or equivalent
• Experience of working with globally dispersed teams

We are proud to be a Disability Confident Committed employer. If you have a disability and would like to apply to one of our UK roles under the Disability Confident Scheme, please notify us by completing the relevant section in our candidate questionnaire. One of our team will reach out to support you through your application process.

Our benefits include 40 days' annual leave, a 16% employer pension contribution, a discretionary performance-based bonus, private healthcare and a range of flexible benefits – including gym discounts, season ticket loans and access to an employee discount portal.

An inclusive way of working, where diverse perspectives drive our actions, is at the core of who we are and what we do. We support a culture that values meritocracy, fairness and transparency and welcomes enquiries from everyone.

If you need assistance or an adjustment due to a disability please let us know as part of your application and we will assist.