The Detection Content Lead sets the strategy for developing and maintaining detection rules across security tools. This role blends technical expertise in threats and adversaries with hands-on experience in tooling, data ingestion, and rule deployment. The post holder leads a team of detection engineers and works closely with threat, monitoring, and onboarding teams to deliver high-quality, scalable, and actionable detection content aligned with adversary techniques.
Your day-today responsibilities will be to:
Design, test, and document detection rules to ensure effective coverage with minimal false positives.
Prioritise rule deployment based on threat relevance, data quality, and system performance.
Define and maintain a detection strategy aligned with evolving threats, regularly reviewing coverage and proposing improvements.
Coordinate across threat, monitoring, incident response, onboarding, and engineering teams to align efforts and track progress.
Recommend tooling enhancements, including integrations, technical add-ons, automation, and detection-as-code solutions.
Manage the full content lifecycle—from creation to tuning—ensuring version control and documentation are maintained.
Lead the Detection Content team, aligning work with CSOC operations and supporting the broader Threat Operations strategy.
Due to the requirements of the role, the successful candidates will be required to work full-time (37 hours per week).
#J-18808-Ljbffr