Security Content Engineer

Anson McCade
Charing Cross, United Kingdom
4 days ago

Role details

Contract type
Permanent contract
Employment type
Full-time (> 32 hours)
Working hours
Regular working hours
Languages
English
Experience level
Senior
Compensation
£ 65K

Job location

Charing Cross, United Kingdom

Tech stack

Computer Security
Query Languages
Intrusion Detection and Prevention
Regular Expressions
Red Team (Cyber Security)
Kusto Query Language
Security Information and Event Management
Data Ingestion
Mitre Att&ck
Cybercrime
Splunk

Job description

We are seeking an experienced Security Content Engineer to join a high-performing Security Operations Centre (SOC) environment. This role is focused on designing, developing, and optimising detection content to strengthen cyber defence capabilities and improve threat visibility across enterprise environments.

You will play a critical role in enhancing detection efficacy, reducing false positives, and ensuring robust coverage against evolving threat landscapes., * Design and implement detection use cases across SIEM and SOAR platforms using threat intelligence and incident data

  • Develop, map, and maintain detection logic aligned to MITRE ATT&CK frameworks
  • Continuously tune and optimise correlation rules to improve signal-to-noise ratio
  • Validate detection logic through simulations, threat emulation, and red team collaboration
  • Work closely with SOC tooling and engineering teams to ensure efficient data ingestion and parsing
  • Document detection logic, methodologies, and expected outputs for audit and operational use
  • Contribute to post-incident reviews, enhancing detection coverage and response effectiveness
  • Maintain and evolve a repository of use cases, KPIs, and SOC performance metrics

Requirements

  • 6+ years of commercial experience in SOC content engineering, detection engineering, or SIEM administration
  • Strong hands-on experience with SIEM platforms and query languages (e.g. SPL, KQL)
  • Solid understanding of detection engineering principles, data modelling, and regex
  • Proven experience working with MITRE ATT&CK and threat-informed defence strategies
  • Ability to design scalable and maintainable detection content in complex environments
  • Strong documentation and stakeholder communication skills

Desirable

  • Relevant certifications such as Splunk Enterprise Security, GIAC GCDA, or similar
  • Experience with SOAR platforms and automation workflows
  • Background in threat hunting or incident response

If you are a detection-focused cyber security professional who thrives on building high-quality, intelligence-led SOC content, apply today.

Apply for this position