Security Operations Center Architect

SOC Detection Engineer

Location: Farnborough

Salary: Up to £70,000 plus benefits

Contract Type: Permanent

Working Pattern: Full-time, Monday to Friday (office-based, 9–5)

Eligibility: Must have the right to work in the UK and be eligible to obtain BPSS clearance

Summary

Are you a SOC Detection Engineer looking to support national Cyber Defence capabilities? This role offers the opportunity to contribute to the development and optimisation of advanced threat detection systems within a highly secure environment.

You will work within a Security Operations Centre (SOC), designing and maintaining detection logic across SIEM (Security Information and Event Management) and EDR (Endpoint Detection and Response) platforms. Your work will help identify and contain malicious activity, reduce false positives, and improve overall detection coverage across networks, endpoints, cloud services, and identity platforms.

Job Description

As a SOC Detection Engineer, you will be part of a specialist cyber operations team responsible for implementing and maintaining high-fidelity detection capabilities. You will contribute to the development of detection rules, threat hunting activities, and automation workflows to support incident response and continuous improvement.

Key responsibilities include:

• Designing and tuning detection rules and use cases in SIEM and EDR platforms
• Monitoring and investigating security alerts to identify potential threats
• Conducting proactive threat hunting using MITRE ATT&CK and threat intelligence sources
• Collaborating with incident response teams to support investigations and containment
• Enhancing detection coverage across network, endpoint, cloud, and identity sources
• Developing automation scripts and playbooks to streamline triage and response
• Documenting detection processes and providing knowledge transfer to SOC analysts

Person Specification

You will be working closely with technical and non-technical stakeholders to deliver effective detection engineering solutions. Candidates who can demonstrate strong analytical skills, technical depth, and clear communication will be well suited to this role.

Essential Criteria

To be successful, you must demonstrate:

• Relevant HNC (i.e. Level 4 or higher) qualification in Cyber Security Or Computer Science, or Networks OR certifications such as CompTIA Security+, ISACA OR equivalent experience
• Strong hands-on experience with SIEM platforms (Elastic Security mandatory; Sentinel or Splunk desirable) and EDR tools (e.g. Elastic XDR, Microsoft Defender, CrowdStrike, SentinelOne)
• Proficiency in detection rule development using query languages (e.g. ESQL, KQL, Lucene), and practical understanding of log sources across network, endpoint, cloud, and identity platforms
• Solid knowledge of MITRE ATT&CK, threat actor tactics, and experience in incident detection, triage, and analysis within a SOC or similar environment

Desirable Criteria

• Exposure to cloud security monitoring (AWS, Azure, GCP), SOAR platforms, and automation playbook creation
• Experience with threat intelligence integration, rule writing (YARA, Sigma, Snort/Suricata), and container/Kubernetes security
• Familiarity with offensive security methodologies and scripting for automation (e.g. Python, PowerShell)

Security Clearance

Baseline Personnel Security Standard (BPSS) clearance is required and must be maintained for this role. Please note that in the event that BPSS clearance cannot be obtained, you may not be eligible for the role and/or any offer of employment may be withdrawn on grounds of security.