Detection Engineer - Cyber Security

Summary: The Detection Engineer - Cyber Security role focuses on designing, developing, and deploying detection logic across various security platforms, including SIEM and EDR. The position requires expertise in detection engineering and threat hunting, with a strong emphasis on using frameworks like MITRE ATT&CK. The role also involves conducting threat modeling and improving detection effectiveness through collaboration and tuning. This position is hybrid and classified as inside IR35.

Key Responsibilities:

• Design, develop and deploy detection logic across SIEM, EDR and cloud security platforms.
• Build detections aligned with frameworks such as MITRE ATT&CK and continuously tune for accuracy and performance.
• Conduct threat modelling and participate in purple team exercises to assess and improve detection effectiveness.
• Use Detection-as-Code principles to manage detection rules via version control, CI/CD pipelines and automated testing frameworks.
• Reduce false positives through tuning, enrichment and contextual awareness.

Key Skills:

• Expertise in detection engineering, security operations, or threat hunting.
• Strong experience with SIEM platforms (e.g., Splunk, Sentinel, Elastic).
• Proficiency in writing detection logic in query languages (e.g., SPL, KQL, Sigma).
• Familiarity with MITRE ATT&CK framework.
• Understanding of network, endpoint, cloud and identity-related attack vectors.
• Ability to handle and correlate large volumes of log data.

Salary (Rate): undetermined

City: London Area

Country: United Kingdom

Working Arrangements: hybrid

IR35 Status: inside IR35

Seniority Level: undetermined

Industry: IT