Are you a Detection Engineer ready to take on the fight against modern adversaries?
Join a well‑established SOC working with high‑profile Defence clients, where your expertise genuinely matters.
In this hands‑on technical role, you’ll own the end‑to‑end design, development and maturity of detection logic across SIEM platforms—engineering effective responses to real-world attacker techniques. You’ll operate with a high degree of autonomy, acting as a trusted SME across multiple secure environments within a complex MSSP setting.
This is a standout opportunity to advance your career at the sharp end of cyber defence.
Location: Hybrid working – 2 days per week in our Farnborough office.
Security: You must hold or be eligible for SC Clearance.
What you'll be doing:
1. Design, build, test and continuously refine advanced SIEM detection logic, including rules, correlations and analytics.
2. Research emerging threats, vulnerabilities and adversary TTPs, mapping them to MITRE ATT&CK to close detection and visibility gaps.
3. Tune and validate detections to minimise false positives and deliver high‑fidelity alerts for SOC analysts.
4. Act as a technical authority, providing expert guidance to SOC Analysts, Architects and Engineers to strengthen overall detection capability.
5. Define, implement and maintain technical detection standards across environments.
6. Clearly communicate complex technical risks and detection logic to both technical teams and non‑technical stakeholders.
What you’ll bring:
7. Deep SIEM expertise, building advanced detection logic, automation and complex queries in Splunk (SPL) and Microsoft Sentinel (KQL).
8. A proven track record delivering complex detection engineering projects within enterprise or MSSP environments.
9. Strong analytical skills, with the ability to break down sophisticated attacks into actionable detection patterns.
10. Confidence to own technical delivery end‑to‑end, driving work through to completion with minimal escalation.
11. Expert knowledge of MITRE ATT&CK, with real‑world application in detection engineering.
12. A BSc in Computer Science, IT, or a related discipline.
13. Solid scripting skills in Python, PowerShell, or similar, supporting automation and data manipulation.
14. Experience developing detections in QRadar and/or conducting EDR‑focused threat hunting ( CrowdStrike, Microsoft Defender for Endpoint).
15. Broad infrastructure awareness across Cloud (Azure/AWS), on‑prem, and SaaS / PaaS / IaaS environments.
If you are interested in this role but not sure if your skills and experience are exactly what we’re looking for, please do apply, we’d love to hear from you!
Employment Type: Full‑time, Permanent.
Location: Hybrid: 2 days per week in Farnborough.
Security Clearance Level: SC Cleared oreligible.
Internal Recruiter: Jane.
Salary: To £65,000.
Benefits: 25 days annual leave with the choice to buy additional days, health cash plan, life assurance and pension.
Sopra Steria:
Our Aerospace, Defence and Security business designs, develops and deploys digital solutions to Central Government clients. The work we do makes a real difference to the client’s goal of National Security, and we operate in a unique and privileged environment. We are given time for professional development activities, and we coach and mentor our colleagues, sharing knowledge and learning from each other. We foster a culture in which employees feel valued and supported and have pride in their work for the customer, delivering outstanding rates of customer satisfaction in the UK’s most complex safety‑ and security‑critical markets.