Threat Detection Engineer

Role Description: Threat Detection Engineer

As a Threat Detection Engineer, you will be responsible for developing, improving, and expanding detection capabilities within the Cyber Defence domain. The role focuses on designing effective detections based on hypotheses, threat insights, and concrete use cases. Rather than only looking at individual alerts, you will also contribute to the broader vision for detection and monitoring across the organisation.

You will work on expanding the scope of logging and detection across multiple domains, including cloud environments, OT, endpoints, and applications. You will translate security challenges into technically strong detection logic and ensure that use cases are developed and maintained in a scalable and sustainable way.

Within this role, there is a strong focus on KQL and modern detection methods, while experience with Splunk is also relevant. Python is less important, but a solid understanding of programming logic and a more engineering driven approach to building use cases is appreciated. This also includes working with notebooks and maintaining CI CD pipelines for detection content.

In addition, you will help further professionalise the team by supporting the introduction of new techniques and capabilities, such as breach and attack simulation, while continuously contributing to the effectiveness and long term development of the detection landscape.

Responsibilities
* Design, build, and optimise detections based on hypotheses, threat scenarios, and use cases
* Translate security requirements into technical detection logic within SIEM and related tooling
* Expand logging and detection coverage across cloud, OT, applications, and endpoints
* Develop and improve use cases with a strong focus on quality, relevance, and a low false positive rate
* Work with technologies such as KQL, Splunk, and security data from tools such as Defender for Endpoint and cloud environments
* Maintain and improve CI CD pipelines for detection content
* Use notebooks and more engineering oriented methods to develop use cases
* Contribute to new capabilities such as breach and attack simulation
* Help shape the vision, direction, and further maturity of threat detection engineering within the organisation
* Collaborate with other Cyber Defence teams to align on requirements, priorities, and improvements

Profile
* Experience in threat detection engineering or a similar role within cyber security
* Strong capability in building detections and forming hypotheses around threats and attacker behaviour
* Experience with KQL is important
* Experience with Splunk is preferred
* Knowledge of cloud security and cloud logging is important
* Experience with OT security or detection within OT environments is a strong plus
* Experience with Defender for Endpoint and cloud focused security tooling is relevant
* Understanding of CI CD principles within detection content development
* Able to think beyond individual alerts and contribute to the vision and development of the detection domain
* Python is not a core requirement, but affinity with programming logic and engineering driven ways of working is welcome