Sr. SOC Engineer

Job Description

Are you ready to grow your career in our global tech hub? Zurich Cover-More helps people travel safely across the globe every day. We are there at every step of a traveller’s journey, to keep them safe and help them out if something goes wrong. We are committed to providing reliable, fast, flexible and bespoke services for our customers as well as the many well-known brands we partner with! Due to recent international acquisitions, our business has seen great growth and as a result we are now seeking a driven and engaging to join our team. This is a key position that will have you managing and truly partnering with a portfolio of our current clients. This is a fantastic opportunity for an experienced who wants to engage with their customer; you’ll become a part of their business and provide high quality, market leading advice and value-add service. So, what’s the job? Red Team You'll lead the Vulnerability Management Program, providing strategic guidance to regional technology teams to address cyber risks. You'll initiate and execute Red Teaming Exercises across global Business Units, testing security controls and delivering actionable feedback. You'll manage the External Attack Surface Platform, assess risks, coordinate remediation efforts, and report on enterprise-wide security posture. You'll perform regular penetration tests to identify and exploit weaknesses in the external attack surface. You'll establish a Counter-Adversary capability in the Global SOC, maintaining sandboxes, identifying attacker TTPs, and performing advanced threat hunting. You'll manage Threat Intelligence feeds and respond to Zero-Day vulnerabilities by configuring alerts and defining automated response actions. You'll track and ensure completion of security improvements discovered during critical incidents or P1 investigations. You'll document and maintain a robust Incident Response Plan, aligning with best practices and evolving threat landscapes. You'll stay ahead of the curve through research on emerging threats, new defensive technologies, and evolving industry standards. Blue Team You'll lead and facilitate Security Incident Response Drills and Tabletop Exercises, enhancing organizational readiness. You'll serve as the technical escalation point for complex detections across the enterprise security stack. You'll collaborate with the Global SOC to optimize and evolve defensive control strategies. You'll support ISO27001 and SOC 2 audits, providing technical evidence and ensuring compliance. You'll assist with the deployment of standard security tools, ensuring consistent implementation across regions. You'll manage security vendors, attend QBRs, and drive improvements in their services. You'll create and maintain Blue Team playbooks, ensuring up-to-date CrowdStrike Fusion SOAR automations. You'll ensure all security tools are fully integrated into the NextGen SIEM, with reliable log ingestion and correlation. You'll conduct proactive threat hunting using CrowdStrike Query Language and develop Fusion Workflows to detect IOCs, alert teams, and automate responses. You'll perform daily health checks to validate the functionality and reliability of all deployed security tools. And what are we looking for? You’ll have experience with security incident management and network monitoring in medium to large-scale enterprise environments. You’ll bring over 6 years of general Information Security experience, with proven exposure to both strategic and hands-on roles. You’ll have strong communication skills and demonstrated success collaborating across business and technical teams in large organisations. You’ll have a solid understanding of core security technologies, including endpoint protection, data loss prevention, network security, and identity access controls. You’ll ideally have experience working with tools like CrowdStrike, Netskope, and Vectra — or similar EDR, SASE, and NDR platforms. You’ll be familiar with SIEM technologies, with working knowledge of log correlation, threat detection, and rule creation. You’ll have experience in scripting (e.g., Python, PowerShell) and developing or integrating security tooling via APIs to automate tasks or enhance capabilities So, why choose us? We value optimism, caring, togetherness, reliability and determination. We have more than 2600 employees worldwide: we’re a global group of digital natives, actuaries, marketers, doctors, nurses, case managers, claims specialists, finance experts and customer service professionals. We share a global mission to look after travellers, at every step of their journey. Job flexibility. We understand the importance of making sure that work fits into your life, not the other way around. Our hybrid work week policy ensures our employees maintain work-life balance with the flexibility of 3 days in the office and 2 days working from home. Career growth . We want you to continue to learn, develop and bring your ideas to the table. We want to hear what you think, and we want you to work with the business - not for the business! Diversity and inclusion. We respect who you are and thoroughly embrace diversity. So whatever walk of life you wander, just be you and come as you are. Take the time you need, for you and your community. We encourage you to take the time you need, when you need it. We offer regular annual and personal leave benefits along with anniversary leave, covid leave (to get vaccinated and for when you’re sick), volunteer leave and a comprehensive paid parental leave scheme. We Also Offer Some Other Perks, Including Mediclaim insurance cover in case of any health emergency Coverage under group personal accident insurance Flexible and compressed work weeks and hybrid working options. Generous range of paid leave – 21 annual leave days, 6 sick leave days, 12 public holidays An extra day off for you to take on your birthday or your annual work anniversary.