Security Content Engineer £65000 GBP Hybrid WORKING Location: Central London, Greater London - United Kingdom Type: Permanent Security Content Engineer (SOC) Location: London (Full time - 5 days onsite) Salary: Up to £65,000 bonus Clearance: Must be eligible for UK Developed Vetting (DV) clearance We are seeking an experienced Security Content Engineer to join a high-performing Security Operations Centre (SOC) environment. This role is focused on designing, developing, and optimising detection content to strengthen cyber defence capabilities and improve threat visibility across enterprise environments. You will play a critical role in enhancing detection efficacy, reducing false positives, and ensuring robust coverage against evolving threat landscapes. Key Responsibilities Design and implement detection use cases across SIEM and SOAR platforms using threat intelligence and incident data Develop, map, and maintain detection logic aligned to MITRE ATT&CK frameworks Continuously tune and optimise correlation rules to improve signal-to-noise ratio Validate detection logic through simulations, threat emulation, and red team collaboration Work closely with SOC tooling and engineering teams to ensure efficient data ingestion and parsing Document detection logic, methodologies, and expected outputs for audit and operational use Contribute to post-incident reviews, enhancing detection coverage and response effectiveness Maintain and evolve a repository of use cases, KPIs, and SOC performance metrics Requirements 6 years of commercial experience in SOC content engineering, detection engineering, or SIEM administration Strong hands-on experience with SIEM platforms and query languages (e.g. SPL, KQL) Solid understanding of detection engineering principles, data modelling, and regex Proven experience working with MITRE ATT&CK and threat-informed defence strategies Ability to design scalable and maintainable detection content in complex environments Strong documentation and stakeholder communication skills Desirable Relevant certifications such as Splunk Enterprise Security, GIAC GCDA, or similar Experience with SOAR platforms and automation workflows Background in threat hunting or incident response If you are a detection-focused cyber security professional who thrives on building high-quality, intelligence-led SOC content, apply today. Reference: SMM/ACC/SCE samc