2 of 2 Permanent Threat Intelligence Jobs in West Yorkshire

The Role As a SOC Detection Engineer, you will design, develop, and maintain high-quality detection content to improve threat visibility and reduce risk across customer environments. You apply expert knowledge of attacker tactics and telemetry sources to create and manage scalable, accurate, and resilient detection rules across SOC platforms. Operating as part of the SOC team, you support … operations by expanding detection coverage, improving rule performance, and collaborating with threat intelligence, incident response, and platform engineering teams to operationalise threat insights. You also contribute to internal process improvement, customer-facing engagements, and knowledge sharing across the wider SOC team. Key Responsibilities Detection Engineering and Delivery – You will develop, test, and deploy detection rules across SIEM … XDR, and other SOC platforms, supporting comprehensive, customer-aligned threat coverage. Lifecycle Management and Optimisation – You will monitor detection performance, tune rules to reduce false positives, and remediate logic or configuration issues caused by changing environments. Post-Incident Gap Analysis – You will perform detection reviews following incidents to identify missed coverage, determine root causes, and improve detection logic or More ❯

Customer Communications - You provide timely incident updates and lead bridging calls with customers during high-priority incidents, ensuring that communications are clear, evidence-led, and aligned to customer expectations. • Threat Hunting Oversight - You lead and coordinate proactive threat hunting across customer environments, using hypothesis-based approaches to identify undetected threats and validate detection coverage. Essential Duties • Advanced Investigation … all available tooling. o Reconstruct attack chains and identify root causes using MITRE ATT&CK. o Recommend and coordinate response actions to mitigate impact during active incidents. • IOC and Threat Analysis o Investigate indicators of compromise using commercial and open-source threat intelligence. o Validate alerts and determine their relevance to customer environments, providing context on adversary behaviour … and recommending follow-up actions when threats are confirmed. • Threat Hunting o Lead and participate in threat hunts using hypothesis-driven approaches mapped to TTPs and MITRE ATT&CK. o Leverage telemetry and queries in tooling to identify suspicious indicators not surfaced through existing detection logic. o Document hunting activities, findings, and detection coverage gaps to support tuning More ❯