London | Croydon | Hybrid
Up to £115k + 25% Bonus, 30 Days Holiday, 14% Pension, Full Family HC + Lots More.
This is an amazing employee first Global FS organization
This is a globally scaled, highly regulated organisation undergoing a major transformation of its cyber defence capability and this is a build-focused leadership role, not a traditional security operations position with the mandate is to design and scale a modern detection engineering function, leading a technical and cultural shifting toward:
- Detection as Code
- Automated response and orchestration
- Engineering-led security delivery
- Measurable, high-fidelity threat detection
To be considered for this role you really must possess a strong background in Detection Engineering & Security Engineering, with deep experience building detection use cases within enterprise SIEM platforms.
Experience implementing or working within Detection-as-Code / content-as-code models, hands‑on experience with CI/CD pipelines and engineering-led delivery practices & strong scripting or programming capability (Python, PowerShell or similar)
Cloud‑based telemetry and security tooling & the ability to operate across engineering, security, and operational stakeholders as well as acting as the TDA!
Building end‑to‑end detection pipelines (from code to production deployment) coupled with exposure to security automation / SOAR design and threat frameworks (e.g. MITRE ATT&CK)
Essentially you are tasked with building the detection platform itself, not managing alerts where security is treated as an engineering discipline, not an operational function. This is a high vise role with influence across cyber, engineering, and platform teams and need you to define modern detection delivery at scale
THE ROLE
- Define how detection capabilities are built, tested, deployed, and continuously improved across a complex global estate.
- Design and deliver a scalable detection engineering capability
- Build and implement Detection-as-Code frameworks using version‑controlled environments
- Establish CI/CD pipelines for detection and automation, including testing, validation, and controlled deployment.
- Develop and optimise detection logic across:
- Identity
- Cloud environments
- Design and implement automated response workflows to reduce manual intervention
- Reducing false positives
- Aligning coverage to real-world threat patterns
- Introduce and enforce engineering standards across security (code quality, testing, release management, governance)
- Partner closely with:
- Incident response teams
- Platform / cloud engineering teams
- Lead, mentor, and scale a team of engineers in a globally distributed environment
Technology environment
- Cloud-native SIEM platforms (e.g. Microsoft Sentinel / Splunk / Elastic)
- SOAR / automation tooling and playbook orchestration
- Endpoint and identity telemetry platforms (e.g. Defender / CrowdStrike / cloud identity systems)
- Cloud environments (Azure-led, with multi‑cloud exposure)
- Git‑based version control
- CI/CD pipelines (GitHub Actions, Azure DevOps, Jenkins or similar)
- Infrastructure as Code (Terraform / ARM / similar)
- Scripting and development (Python, PowerShell or equivalent)
Frameworks / approaches
- MITRE ATT&CK aligned detection strategy
#J-18808-Ljbffr…