Lead Detection & Security Engineering Specialist | Leading Global Investment Group

[Up to c. £350k Comp Package (or equivalent) | Hybrid Working]

Role Overview

We’re supporting a fast-scaling, technology-driven investment firm as it builds out its core security capability from first principles. This hire will take a central role in defining and delivering a modern, detection-first security programme across infrastructure, endpoints and cloud environments. Working directly alongside the CISO, you will architect and implement the firm’s detection and response foundations - designing telemetry strategy, response workflows and supporting security controls in a largely greenfield environment. This is not a SOC management role and not a prevention-heavy policy function. The philosophy is pragmatic and detection-led: assume breach, instrument intelligently, and build high-fidelity visibility. You will be expected to operate independently, shape architectural direction, and over time help grow the function from a single senior engineer into a small, high-calibre team...

Key Responsibilities

• Architect and scale the firm’s end-to-end detection and response capability, from telemetry ingestion through to investigation workflows
• Design high-signal detection logic informed by real attack techniques, not generic vendor rules
• Build and refine detection pipelines, including data transformation and enrichment logic
• Implement deception mechanisms, behavioural detections and adversary-informed monitoring strategies
• Operate confidently at the systems layer, pivoting into Windows or Linux internals when required to validate hypotheses or build deeper detections
• Lead incident investigations, performing root-cause analysis and implementing structural remediation
• Contribute to identity and trust architecture, including certificate services and authentication models where relevant
• Integrate detection and security controls into engineering and infrastructure workflows
• Define practical standards that support a permissive, engineering-aligned security model rather than heavy-handed prevention
• Identify systemic blind spots and continuously improve monitoring depth and coverage
• Lay the groundwork for future team expansion, with the opportunity to mentor and scale the function over time

What You’ll Bring...

• 6-12 years’ experience minimum (8+ preferred) in detection engineering, security engineering or advanced incident response within complex technical environments
• Strong depth in Windows and/or Linux internals, with the ability to reason at the OS and systems layer
• Experience building detections end-to-end - not just tuning alerts within a pre-built system
• Preference for candidates with a red team, exploit development, or adversary-simulation background, or those who deeply understand attack mechanics
• Practical experience working with telemetry pipelines, SIEM platforms, or custom detection tooling
• Comfort with automation and lightweight coding to transform and enrich data (string and structure transformation, pipeline logic, scripting)
• Background in systems engineering, infrastructure, or low-level software environments
• Strong independent problem-solving ability - someone who can propose architecture and execute without heavy oversight
• Clear communication skills and confidence engaging directly with senior stakeholders
• Desire and ability to grow into a leadership/mentorship capacity as the function scales

...