London | Croydon | Hybrid
Up to £115k + 25% Bonus, 30 Days Holiday, 14% Pension, Full Family HC + Lots More.
This is an amazing employee first Global FS organization
This is a globally scaled, highly regulated organisation undergoing a major transformation of its cyber defence capability and this is a build-focused leadership role, not a traditional security operations position with the mandate is to design and scale a modern detection engineering function, leading a technical and cultural shifting toward:
Detection as Code
Automated response and orchestration
Engineering-led security delivery
Measurable, high-fidelity threat detection
To be considered for this role you really must possess a strong background in Detection Engineering & Security Engineering, with deep experience building detection use cases within enterprise SIEM platforms.
Experience implementing or working within Detection-as-Code / content-as-code models, hands‑on experience with CI/CD pipelines and engineering-led delivery practices & strong scripting or programming capability (Python, PowerShell or similar)
Cloud‑based telemetry and security tooling & the ability to operate across engineering, security, and operational stakeholders as well as acting as the TDA!
Building end‑to‑end detection pipelines (from code to production deployment) coupled with exposure to security automation / SOAR design and threat frameworks (e.g. MITRE ATT&CK)
Essentially you are tasked with building the detection platform itself, not managing alerts where security is treated as an engineering discipline, not an operational function. This is a high vise role with influence across cyber, engineering, and platform teams and need you to define modern detection delivery at scale
THE ROLE
Define how detection capabilities are built, tested, deployed, and continuously improved across a complex global estate.
Design and deliver a scalable detection engineering capability
Build and implement Detection-as-Code frameworks using version‑controlled environments
Establish CI/CD pipelines for detection and automation, including testing, validation, and controlled deployment.
Develop and optimise detection logic across:
Identity
Cloud environments
Design and implement automated response workflows to reduce manual intervention
Reducing false positives
Aligning coverage to real-world threat patterns
Introduce and enforce engineering standards across security (code quality, testing, release management, governance)
Partner closely with:
Incident response teams
Platform / cloud engineering teams
Lead, mentor, and scale a team of engineers in a globally distributed environment
Technology environment
Cloud-native SIEM platforms (e.g. Microsoft Sentinel / Splunk / Elastic)
SOAR / automation tooling and playbook orchestration
Endpoint and identity telemetry platforms (e.g. Defender / CrowdStrike / cloud identity systems)
Cloud environments (Azure-led, with multi‑cloud exposure)
Git‑based version control
CI/CD pipelines (GitHub Actions, Azure DevOps, Jenkins or similar)
Infrastructure as Code (Terraform / ARM / similar)
Scripting and development (Python, PowerShell or equivalent)
Frameworks / approaches
MITRE ATT&CK aligned detection strategy
#J-18808-Ljbffr