Security Content Engineer

£65000 GBP

Hybrid WORKING

Location: Central London, Greater London - United Kingdom Type: Permanent

Security Content Engineer (SOC)

Location: London (Full time - 5 days onsite)

Salary: Up to £65,000 + bonus

Clearance: Must be eligible for UK Developed Vetting (DV) clearance

We are seeking an experienced Security Content Engineer to join a high-performing Security Operations Centre (SOC) environment. This role is focused on designing, developing, and optimising detection content to strengthen cyber defence capabilities and improve threat visibility across enterprise environments.

You will play a critical role in enhancing detection efficacy, reducing false positives, and ensuring robust coverage against evolving threat landscapes.

Key Responsibilities

• Design and implement detection use cases across SIEM and SOAR platforms using threat intelligence and incident data
• Develop, map, and maintain detection logic aligned to MITRE ATT&CK frameworks
• Continuously tune and optimise correlation rules to improve signal-to-noise ratio
• Validate detection logic through simulations, threat emulation, and red team collaboration
• Work closely with SOC tooling and engineering teams to ensure efficient data ingestion and parsing
• Document detection logic, methodologies, and expected outputs for audit and operational use
• Contribute to post-incident reviews, enhancing detection coverage and response effectiveness
• Maintain and evolve a repository of use cases, KPIs, and SOC performance metrics

Requirements

• 6+ years of commercial experience in SOC content engineering, detection engineering, or SIEM administration
• Strong hands-on experience with SIEM platforms and query languages (e.g. SPL, KQL)
• Solid understanding of detection engineering principles, data modelling, and regex
• Proven experience working with MITRE ATT&CK and threat-informed defence strategies
• Ability to design scalable and maintainable detection content in complex environments
• Strong documentation and stakeholder communication skills

Desirable

• Relevant certifications such as Splunk Enterprise Security, GIAC GCDA, or similar
• Experience with SOAR platforms and automation workflows
• Background in threat hunting or incident response

If you are a detection-focused cyber security professional who thrives on building high-quality, intelligence-led SOC content, apply today.