Cyber Operations Content Development Engineer

Job Title: Cyber Operations Content Development Engineer

Contract Type: Permanent Full-Time

Salary: Up to £70,000

Benefits: Private Medical, Pension, 25 days annual leave, Gym Membership, Cycle to Work Scheme, Employee Assistance Programme

Office Location/Working Policy: Hybrid - London (2 days per week)

Working Hours: 0845 - 1730

What to wear: Smart casual

The Role

We are looking for a Cyber Operations Content Development Engineer with deep expertise in Security Information and Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR) technologies. In this role, you will design, develop, and optimize detection and response content to enhance the organisation's security monitoring and incident response capabilities.

You will work closely with threat detection engineers, SOC analysts, threat hunters, and incident responders to ensure that our detection and response content is effective, scalable, and aligned with current and emerging threats.

Role Responsibilities

• Develop, maintain and tune correlation rules and alerts to identify malicious activities with high fidelity and low false positives
• Develop dashboards, reports, and correlation rules to support proactive threat detection and security monitoring.
• Develop, deploy and maintain SOAR playbooks
• Develop, deploy and maintain automations in SOAR and other platforms to support SOC operations
• Integrate security tools, threat intelligence feeds, and custom logic into automated playbooks.
• Continuously improve playbook efficiency and effectiveness through testing, feedback, and metrics
• Integrate third-party and internal systems with SIEM and SOAR platforms through APIs and custom connectors.
• Continuously tune and optimise SIEM rules and SOAR playbooks to reduce false positives and improve detection accuracy.
• Collaborate with other team members and SOC management to develop and deliver solutions supporting SOC operations and customer needs
• Perform rule tuning, suppression, and logic refinement to minimize alert fatigue and increase detection accuracy.
• Participate in post-incident reviews to develop new detections and response automations.
• Develop and maintain parsers for log sources
• Document processes, workflows, and procedures to facilitate knowledge sharing and customer integrations.
• Run sprint meetings to manage and track ad-hoc tasks to improve overall service to clients
• Mentor junior team members

Skills, Knowledge & Experience

• Proven experience in security operations, detection engineering, or content development.
• Strong expertise in at least one enterprise SIEM platform
• Proven experience creating and tuning SIEM rules, correlation logic, and dashboards.
• Hands-on experience building and maintaining SOAR playbooks
• Strong understanding of common attack vectors, TTPs, and MITRE ATT&CK framework.
• Proficiency in scripting or automation (e.g., Python, PowerShell, JSON, REST APIs).
• Excellent analytical, problem-solving, and documentation skills.
• Experience working in a large enterprise SOC or MSSP environment.
• Familiarity with EDR/XDR platforms and threat hunting methodologies.
• Knowledge of CI/CD pipelines for content deployment.

About Acora

Acora are a progressive full-stack full-service business technology services partner, built for the AI era. Combining the capabilities of a Managed Service Provider (MSP), Managed Security Service Provider (MSSP), IT Consulting, Professional Services and Development company, Acora helps customers achieve breakthrough results - often quicker and at lower risk than they thought possible.

We believe in a better working world, where our customers are confident to fully embrace the AI opportunity and generate economic impact.

Our Values

We're proud to share the values we live by. They're not dusty abstract concepts. Our values define our culture: they act as a promise to our customers and a constant challenge to ourselves, both as individuals and as a team, to be Game-Changers.

#1 BE THE BEST YOU CAN BE

We challenge ourselves to raise our game each day. By embracing a mindset of growth, we continuously strive to improve ourselves, our ways of working, and the service we deliver to our customers.

#2 WE DO WHAT WE SAY

When we make a promise, we follow-through - no excuses. We don't leave anyone hanging or walk away from challenges. Reliable and focused, we value clear communication to build trust and give customers, and colleagues, the confidence they can count on us every time.

#3 TOGETHER WE WIN

Business is the biggest team sport of them all. By communicating well, breaking down silos and staying aligned, we create clarity and focus. Strong relationships, shared goals and commitment make us a winning team – for each other and for our customers.

Interested in becoming an Acoran? Check out the link to our website to read more about us -

How to become an Acoran . . .

If you would like to be considered for this position and want to be part of a growing & innovative company . . . Click "apply" now.

To be considered for this position, you must have full rights to work in the UK.

Equal Opportunities at Acora

Acora is an equal opportunity employer, committed to providing equal opportunities regardless of race or ethnic origin, gender identity, family situation, sexual orientation, disability, religion or age. We hire our people on the basis of qualifications, merit, skills, and business need.

We are a Level 1 Disability Confident Committed Employer and will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, perform essential job functions, and receive equitable benefits and all privileges of employment. Please contact us to request any reasonable adjustments.

Join us at Acora in creating a workplace where everyone can succeed and make an impact. We look forward to welcoming you to our team!