Senior Detection and Automation Engineer

Detection & Automation Engineer

My client is a leading global financial institution, renowned for its scale, complexity, and commitment to innovation in security. This is a unique opportunity to join a world-class cyber team at the heart of a highly regulated, global organisation.

As a Detection & Automation Engineer, you will play a key role in evolving the organisation’s security operations capability toward a more modern, engineering-led model. This is a hands-on position focused on building scalable detection and response solutions, rather than traditional alert monitoring or manual SOC activities. You'll also act as a technical, leader.

You will work across the full detection lifecycle, designing, building and deploying detection logic using an engineering-led, pipeline-based approach. The role is centred around “detection as code,” applying software engineering and DevSecOps principles to security operations to create repeatable, high-quality outcomes. You’ll collaborate closely with SOC, threat intelligence and engineering teams to ensure detections are effective, actionable and aligned to real-world threats.

Alongside hands-on delivery, you will provide technical leadership within the team, helping shape best practices, guiding approaches to detection engineering and automation, and acting as a key subject matter expert within the function. This is leadership through expertise and ownership, rather than formal line management.

This is an opportunity to join a highly mature environment that is actively investing in automation, scalability and the future of security operations, ideal for someone who enjoys building, improving and engineering security capability at scale.

Key Requirements

• Strong background in security engineering, detection engineering or DevSecOps
• Hands-on experience building detections within SIEM platforms
• Experience working with automation and orchestration tooling (SOAR or similar)
• Strong coding / scripting ability (Python or similar) with experience building automation workflows
• Experience working in cloud environments (AWS, Azure or GCP) and understanding cloud-native security
• Familiarity with engineering-led approaches (e.g. version control, pipelines, automation practices)
• Good understanding of security operations, threat detection and attacker behaviour
• Experience working in complex or regulated environments (financial services beneficial but not essential)
• Ability to build scalable, repeatable solutions rather than one-off detections
• Ability to influence technical direction and contribute to best practices within a team

Location: Surrey (3 days onsite)