Join a highly secure Security Operations Centre supporting Critical National Infrastructure (CNI) environment as a senior Detection Engineering Lead. Define detection strategy, lead a specialist engineering team, and deliver high-quality security detection outcomes aligned to KPIs. Work closely with senior operational, threat intelligence, and service delivery stakeholders.
Key Highlights
Technical Skills Required
Benefits & Perks
Job Description
An exciting opportunity has arisen for an experienced Detection Engineering Lead to join a highly secure Security Operations Centre supporting a Critical National Infrastructure (CNI) environment. This is a senior, hands-on leadership role combining deep technical expertise with strategic ownership of detection engineering capabilities.
The role sits at the heart of a mature SOC, responsible for defining detection strategy, leading a specialist engineering team, and delivering high-quality security detection outcomes aligned to KPIs. Working closely with senior operational, threat intelligence, and service delivery stakeholders, the successful candidate will play a key role in shaping and evolving detection capabilities in a mission-critical environment.
What’s on Offer
- Salary up to £65,000
- Security clearance required (with sponsorship for further clearances)
- Comprehensive benefits package
- Bonus scheme
- Strong focus on career progression and long-term development
- Ongoing training and skill-up opportunities
- Opportunity to work in a high-impact, nationally significant environment
- Hybrid working model (role and security permitting)
What You Need to Be Successful
- Advanced hands-on experience with Splunk and Microsoft Sentinel SIEM platforms
- Strong understanding of AWS and Azure cloud environments
- Advanced ability writing high-fidelity detections using SPL and KQL
- Strong Python development skills for automation and Detection-as-Code pipelines
- Experience in network monitoring, threat intelligence, and use of the MITRE ATT&CK framework
- Deep understanding of security detection methodologies and best practices
- Proven experience defining detection strategy, managing workloads, and driving service improvements
- Excellent communication and stakeholder management skills, including presenting to senior audiences
Desirable Skills & Experience
- Experience implementing Detection as Code methodologies
- Prior people management or team leadership experience
While not essential, candidates with the following are highly regarded and supported in continued professional development:
SANS courses (e.g. SEC599, SEC530, SEC699, FOR608, SEC541)
GIAC certifications (e.g. GDAT, GCIH, GCDA, GMON, GSOC, GDSA, GCED)
CISSP, ISSEP, CCSP
Vendor certifications from Splunk, AWS, or Microsoft