Senior SIEM Content Developer – Detection Engineering | Cyber Security
Location: Newbury - Remote Working - Outside IR35
Team: Cyber Defence Ops
Experience Level: Mid–Senior
The Role
We’re on the hunt for a Senior SIEM Content Developer who lives and breathes detection logic. If you enjoy diving deep into attacker behaviors, writing detection rules that actually catch things (not just flag every login attempt), and helping drive threat visibility across modern tech stacks — this might be for you! You'll be part of a global cyber defence team building and refining detections across SIEM, EDR, and ELK stacks, and collaborating with security analysts, threat hunters, and incident responders to stop threats faster and smarter.
🔧 What You'll Be Doing
* Writing & tuning detection rules across SIEM/EDR/ELK to surface real attacker behaviors (not noise)
* Analyzing TTPs, threat intel, and real-world incidents to build behavior-based detections (beyond IOC chasing)
* Rapid-prototyping searches mid-incident to surface lateral movement, C2, or privilege escalation attempts
* Creating and maintaining detection logic documentation + MITRE ATT&CK coverage mapping
* Supporting blue team investigations with deep log analysis and quick-turnaround queries
* Working with multiple data sources: firewalls, EDR, proxy, VPN, NetFlow, etc.
🧩 You’ll Fit If You Have
* 1–3 years writing SIEM/EDR detection content
* 1+ year in a SOC environment (Tier 2+ preferred)
* Strong grasp of detection engineering and attacker methodology
* Solid experience with ELK, Splunk, or similar SIEM platforms
* Comfort pivoting through logs under pressure and building fast, accurate queries
* Experience with threat modeling and mapping detections to MITRE ATT&CK
* Bonus: You've worked with version control for detection rules, or done some detection-as-code
✅ Nice-to-Haves
* Certs like GCIA, GCIH, CEH, GNFA, GCFA
* Familiarity with frameworks like Sigma or KQL
* A side interest in threat hunting or malware behavior
📈 What You’ll Impact
* How quickly we detect and respond to real threats
* The signal-to-noise ratio of our security stack
* Our ability to spot emerging TTPs and adapt quickly
💬 Why Join?
* Work with a smart, collaborative cyber team that values creativity and curiosity
* Make real contributions to global security operations
* Flexible hybrid setup, no micromanaging — just impact
* Opportunity to own detection content and make your mark in a high-impact space