Security content engineer

Security Content Engineer
£65000 GBP
Hybrid WORKING
Location: Central London, Greater London - United Kingdom Type: Permanent

Security Content Engineer (SOC)

Location: London (Full time - 5 days onsite)

Salary: Up to £65,000 + bonus

Clearance: Must be eligible for UK Developed Vetting (DV) clearance

We are seeking an experienced Security Content Engineer to join a high-performing Security Operations Centre (SOC) environment. This role is focused on designing, developing, and optimising detection content to strengthen cyber defence capabilities and improve threat visibility across enterprise environments.

You will play a critical role in enhancing detection efficacy, reducing false positives, and ensuring robust coverage against evolving threat landscapes.

Key Responsibilities Design and implement detection use cases across SIEM and SOAR platforms using threat intelligence and incident data
Develop, map, and maintain detection logic aligned to MITRE ATT&CK frameworks
Continuously tune and optimise correlation rules to improve signal-to-noise ratio
Validate detection logic through simulations, threat emulation, and red team collaboration
Work closely with SOC tooling and engineering teams to ensure efficient data ingestion and parsing
Document detection logic, methodologies, and expected outputs for audit and operational use
Contribute to post-incident reviews, enhancing detection coverage and response effectiveness
Maintain and evolve a repository of use cases, KPIs, and SOC performance metrics
Requirements 6+ years of commercial experience in SOC content engineering, detection engineering, or SIEM administration
Strong hands-on experience with SIEM platforms and query languages (e.g. SPL, KQL)
Solid understanding of detection engineering principles, data modelling, and regex
Proven experience working with MITRE ATT&CK and threat-informed defence strategies
Ability to design scalable and maintainable detection content in complex environments
Strong documentation and stakeholder communication skills
Desirable Relevant certifications such as Splunk Enterprise Security, GIAC GCDA, or similar
Experience with SOAR platforms and automation workflows
Background in threat hunting or incident response
If you are a detection-focused cyber security professional who thrives on building high-quality, intelligence-led SOC content, apply today.

Reference: SMM/ACC/SCE

#samc
TPBN1_UKTJ