SOC Content Engiener

Role: SOC - Security Content Engineer

Location: London

Career Level: Specialist

Salary £50,000 - £65,000

Role Overview

The Security Content Engineer is responsible for the design, development, and optimization of detection logic, correlation rules, and analytic content across SOC platforms. Your primary objective is to ensure high detection efficacy while maintaining a minimal false-positive rate, directly enhancing the organization's defensive posture.

Key Responsibilities

• Detection Strategy: Design and implement detection use cases in SIEM and SOAR platforms based on the latest threat intelligence and incident trends.
• Framework Alignment: Develop and maintain detection logic strictly aligned with the MITRE ATT&CK framework and organizational threat models.
• Rule Optimization: Continuously tune and optimize existing correlation rules to reduce noise and improve alert accuracy.
• Validation & Testing: Validate detections through controlled security simulations and feedback from red team exercises.
• Collaboration: Work closely with SOC Tooling Engineers to ensure efficient data source utilization and accurate parsing logic.
• Documentation & Compliance: Document use cases, logic, and testing methodologies to support audit efforts and maintain traceability.
• Continuous Improvement: Review post-incident findings to identify gaps and enhance detection and response coverage.
• Metrics Management: Maintain a comprehensive repository of SOC use cases, KPIs, and performance metrics.

Requirements & Qualifications

• Education: Bachelor’s degree in Cybersecurity, Data Analytics, or a related technical field.
• Experience: 6–8 years of professional experience in SOC content engineering, detection development, or SIEM administration.
• Technical Skills: * Strong proficiency in SIEM query writing (e.g., SPL, KQL).
• Expertise in Regex (Regular Expressions) and data modeling.
• Deep familiarity with MITRE ATT&CK mappings and implementation.
• Preferred Certifications: Splunk Enterprise Security Certified Admin/Engineer, GIAC Certified Detection Analyst (GCDA), or equivalent.

Security Clearance Requirements

Due to the specific nature of the client requirements, any offer of employment is subject to:

• Satisfactory BPSS (Baseline Personnel Security Standard).
• Ability to obtain a high level of Security Clearance, which typically requires:
• 10 years of continuous UK address history.
• No periods of 30 consecutive days or more spent outside of the UK.
• Being a British passport holder with no dual nationalism at the point of application.