Overview

Job Description

Responsibilities

• Design, develop and deploy detection logic across SIEM, EDR and cloud security platforms.
• Build detections aligned with frameworks such as MITRE ATT&CK and continuously tune for accuracy and performance.
• Conduct threat modelling and participate in purple team exercises to assess and improve detection effectiveness.
• Use Detection-as-Code principles to manage detection rules via version control, CI/CD pipelines and automated testing frameworks.
• Reduce false positives through tuning, enrichment and contextual awareness.

Qualifications

• Expertise in detection engineering, threat hunting, or a related Cyber Security field.
• Proficiency in Sentinel, KQL, XDR and Splunk is required.
• Experience with SIEM platforms (e.g. Splunk, Sentinel, Elastic), EDR tools (e.g. CrowdStrike, SentinelOne), and/or cloud- security services (e.g. AWS GuardDuty, GCP Chronicle).
• Ability to create and iterate on detection content (e.g. SIEM rules, correlation searches and detection-as-code signatures) to proactively identify malicious behaviour and improve threat visibility and reduce false positives.
• Familiarity with MITRE ATT&CK framework and threat detection lifecycle.TPBN1_UKTJ