Senior SIEM Content Developer - Detection Engineering | Cyber Security
Location:Newbury - Remote Working - Outside IR35
Team:Cyber Defence Ops
Experience Level:Mid-Senior
The Role
We're on the hunt for aSenior SIEM Content Developerwho lives and breathes detection logic. If you enjoy diving deep into attacker behaviors, writing detection rules that actually catch things (not just flag every login attempt), and helping drive threat visibility across modern tech stacks - this might be for you! You'll be part of a global cyber defence team building and refining detections acrossSIEM, EDR, and ELK stacks, and collaborating with security analysts, threat hunters, and incident responders to stop threats faster and smarter.
??What You'll Be Doing
Writing & tuning detection rules across SIEM/EDR/ELK to surface real attacker behaviors (not noise)
Analyzing TTPs, threat intel, and real-world incidents to build behavior-based detections (beyond IOC chasing)
Rapid-prototyping searches mid-incident to surface lateral movement, C2, or privilege escalation attempts
Creating and maintaining detection logic documentation + MITRE ATT&CK coverage mapping
Supporting blue team investigations with deep log analysis and quick-turnaround queries
Working with multiple data sources: firewalls, EDR, proxy, VPN, NetFlow, etc.
??You'll Fit If You Have
1-3 years writing SIEM/EDR detection content
1+ year in a SOC environment (Tier 2+ preferred)
Strong grasp of detection engineering and attacker methodology
Solid experience with ELK, Splunk, or similar SIEM platforms
Comfort pivoting through logs under pressure and building fast, accurate queries
Experience with threat modeling and mapping detections to MITRE ATT&CK
Bonus: You've worked with version control for detection rules, or done some detection-as-code
?Nice-to-Haves
Certs like GCIA, GCIH, CEH, GNFA, GCFA
Familiarity with frameworks like Sigma or KQL
A side interest in threat hunting or malware behavior
??What You'll Impact
How quickly we detect and respond to real threats
The signal-to-noise ratio of our security stack
Our ability to spot emerging TTPs and adapt quickly
??Why Join?
Work with a smart, collaborative cyber team that values creativity and curiosity
Make real contributions to global security operations
Flexible hybrid setup, no micromanaging - just impact
Opportunity to own detection content and make your mark in a high-impact space
ECS Recruitment Group Ltd is acting as an Employment Business in relation to this vacancy.TPBN1_UKTJ