Job Description
Key ResponsibilitiesDesign, develop and deploy detection logic across SIEM, EDR and cloud security platforms.Build detections aligned with frameworks such as MITRE ATT&CK and continuously tune for accuracy and performance.Conduct threat modelling and participate in purple team exercises to assess and improve detection effectiveness.Use Detection-as-Code principles to manage detection rules via version control, CI/CD pipelines and automated testing frameworks.Reduce false positives through tuning, enrichment and contextual awareness.SkillsExpertise in detection engineering, threat hunting, or a related Cyber Security field.Proficiency in Sentinel, KQL, XDR and Splunk is required.Experience with SIEM platforms (e.g. Splunk, Sentinel, Elastic), EDR tools (e.g. CrowdStrike, SentinelOne), and/or cloud-native security services (e.g.
AWS GuardDuty, GCP Chronicle).Ability to create and iterate on detection content (e.g. SIEM rules, correlation searches and detection-as-code signatures) to proactively identify malicious behaviour and improve threat visibility and reduce false positivesFamiliarity with MITRE ATT&CK framework and threat detection lifecycle.TPBN1_UKTJ