Overview
SOC Detection Engineer
Location: Farnborough
Salary: Up to £70,000 plus benefits
Contract Type: Permanent
Working Pattern: Full-time, Monday to Friday (office-based, 9–5)
Eligibility: Must have the right to work in the UK and be eligible to obtain BPSS clearance
Summary
Are you a SOC Detection Engineer looking to support national Cyber Defence capabilities? This role offers the opportunity to contribute to the development and optimisation of advanced threat detection systems within a highly secure environment.
Job Description
As a SOC Detection Engineer, you will be part of a specialist cyber operations team responsible for implementing and maintaining high-fidelity detection capabilities. You will contribute to the development of detection rules, threat hunting activities, and automation workflows to support incident response and continuous improvement.
Key responsibilities
* Designing and tuning detection rules and use cases in SIEM and EDR platforms
* Monitoring and investigating security alerts to identify potential threats
* Conducting proactive threat hunting using MITRE ATT&CK and threat intelligence sources
* Collaborating with incident response teams to support investigations and containment
* Enhancing detection coverage across network, endpoint, cloud, and identity sources
* Developing automation scripts and playbooks to streamline triage and response
* Documenting detection processes and providing knowledge transfer to SOC analysts
Person Specification
You will be working closely with technical and non-technical stakeholders to deliver effective detection engineering solutions. Candidates who can demonstrate strong analytical skills, technical depth, and clear communication will be well suited to this role.
Qualifications and Experience
* Relevant HNC (Level 4 or higher) in Cyber Security, Computer Science, Networks, or certifications such as CompTIA Security+, ISACA, or equivalent experience
* Strong hands-on experience with SIEM platforms (Elastic Security mandatory; Sentinel or Splunk desirable) and EDR tools (e.g. Elastic XDR, Microsoft Defender, CrowdStrike, SentinelOne)
* Proficiency in detection rule development using query languages (e.g. ESQL, KQL, Lucene) and practical understanding of log sources across network, endpoint, cloud, and identity platforms
* Solid knowledge of MITRE ATT&CK, threat actor tactics, and experience in incident detection, triage, and analysis within a SOC or similar environment
* Exposure to cloud security monitoring (AWS, Azure, GCP), SOAR platforms, and automation playbook creation
* Experience with threat intelligence integration, rule writing (YARA, Sigma, Snort/Suricata), and container/Kubernetes security
* Familiarity with offensive security methodologies and scripting for automation (e.g. Python, PowerShell)
Security Clearance
Baseline Personnel Security Standard (BPSS) clearance is required and must be maintained for this role. If BPSS clearance cannot be obtained, you may not be eligible for the role and/or any offer of employment may be withdrawn on security grounds.
#J-18808-Ljbffr