Detection Engineer

Key Responsibilities

• Develop and maintain detections using Splunk SPL.
• Analyse logs from cloud, infrastructure, application, gateway, Linux, SSH, CDN, vulnerability management, and audit sources.
• Create detections for areas such as: 
  • cloud security monitoring and cloud control-plane activity,
  • infrastructure, platform, and access-related security events,
  • bespoke assurance use cases based on customer-specific log sources,
  • suspicious or anomalous activity identified through threat models, security testing.
• Review existing detection coverage and identify gaps.
• Assess new log sources and define detection use cases.
• Map detections to MITRE ATT&CK, risk scenarios, and assurance requirements where relevant.
• Tune detections to reduce false positives and improve analyst usability.
• Document detection purpose, logic, alerting criteria, data source, MITRE mapping, false positives, and investigation guidance.
• Support SOC analysts with alert context and investigation advice.

Skills, Knowledge & Expertise

• Splunk SPL or similar query language.
• Security detection engineering, SIEM engineering, threat hunting, or security monitoring.
• Cloud audit logs, especially AWS; GCP or OCI experience is also useful.
• MITRE ATT&CK and common attacker behaviours.
• Kubernetes or container security monitoring.
• Cloud security concepts such as IAM, KMS, security groups, route tables, ACLs, object storage, and service accounts.
• Use of allowlists, thresholds, baselines, aggregation, and anomaly-style detection logic.
• Regex and basic scripting, e.g. Python, Bash, or PowerShell.
• Documentation using Jira, JSM, Confluence, or similar tools.

• Experience with Splunk Enterprise Security and Splunk Security Essentials.
• Experience writing or tuning scheduled alerts..
• Experience reviewing threat models, security testing outputs, or assurance requirements.
• Experience using a detection as code deployment pipeline.

Job Benefits

• Flexible Working: Balance your work and personal life with our flexible working options.
• Generous Holiday Allowance: Enjoy 25 days of holiday, plus bank holidays, with the option to buy up to 5 additional days of annual leave.
• Medicash & Critical Illness Scheme
• Financial & Investment Benefits: Enjoy peace of mind with our Pension, Life Assurance, and Share Save Scheme.
• Community & Volunteering Programmes: Make a difference in your community with our volunteering opportunities.
• Green Car Scheme: Drive green and save money with our eco-friendly car scheme.
• Cycle Scheme: Stay fit and healthy with our cycle-to-work scheme.
• Special Time Off: Take time off for those big moments in life, like getting married/entering into a civil partnership, becoming a grandparent, and welcoming home a new pet.
• Family Planning: Benefit from our generous maternity and paternity leave, as well as time off and support for those undergoing fertility treatments.