Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Design and optimise threat detection rules across various platforms to enhance cyber security.
- Company: Join the Government Cyber Coordination Centre, a key player in national cyber security.
- Benefits: Competitive salary, health benefits, and opportunities for professional growth.
- Why this job: Make a real impact on public safety while working with cutting-edge technology.
- Qualifications: Experience in query languages and detection engines; strong analytical skills required.
- Other info: Dynamic role with potential for career advancement in a vital government initiative.
The predicted salary is between 36000 - 60000 £ per year.
This is an exciting opportunity to work at the heart of Government cyber security, as part of the Government Cyber Coordination Centre (GC3). The GC3 coordinates the cross‑Government response to cyber security vulnerabilities, threats, and incidents, enhancing cyber resilience and enabling the Government to more efficiently and effectively protect public services.
Design, implement, and optimize threat detection content across a wide range of platforms and data sources. This role combines advanced query language skills, a deep understanding of system and network logging, and experience with rule‑based detection engines and CI/CD pipelines (notably those developed in Python). Successful candidates must meet the security requirements before they can be appointed. The level of security needed is Security Check (SC) but must be willing to undergo Developed Vetting (DV) clearance whilst in post where necessary.
Key Responsibilities- Develop and optimize detection rules using query languages such as KQL (Microsoft Sentinel / Defender XDR), SPL (Splunk), AQL (QRadar), EQL/Lucene (Elastic Security), and SQL across traditional and security data platforms.
- Create and manage detection rules using cross‑platform languages such as Sigma and YARA.
- Build, test, and deploy detection rules using CI/CD tools and principles (e.g., GitHub Actions, GitLab CI, Azure DevOps).
- Tune and validate alerting logic to reduce false positives and optimize signal‑to‑noise ratio.
- Contribute to detection‑as‑code practices with structured rule repositories (e.g., Sigma, Panther, custom JSON/YAML formats).
- Support threat hunting and incident triage using advanced log queries and packet inspection.
- Collaborate with offensive security and threat intelligence teams to translate TTPs into behavioural detections, aligned with industry frameworks such as MITRE ATT&CK.
A Disability Confident employer will generally offer an interview to any applicant that declares they have a disability and meets the minimum criteria for the job as defined by the employer.
Detection Engineer in City of Westminster employer: Cabinet Office
Contact Detail:
Cabinet Office Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Detection Engineer in City of Westminster
✨Tip Number 1
Network like a pro! Reach out to folks in the cyber security field, especially those connected to the Government Cyber Coordination Centre. A friendly chat can open doors and give you insights that job descriptions just can't.
✨Tip Number 2
Show off your skills! When you get the chance to interview, be ready to discuss your experience with query languages and detection rules. Bring examples of your work or even a mini-project to demonstrate your expertise.
✨Tip Number 3
Stay updated on the latest trends in cyber security. Follow relevant blogs, podcasts, or forums. This not only helps you in interviews but also shows your passion for the field, which is always a plus!
✨Tip Number 4
Don't forget to apply through our website! We make it easy for you to showcase your talents and connect with us directly. Plus, it’s a great way to ensure your application gets the attention it deserves.
We think you need these skills to ace Detection Engineer in City of Westminster
Some tips for your application 🫡
Tailor Your Application: Make sure to customise your CV and cover letter for the Detection Engineer role. Highlight your experience with query languages and detection rules, as well as any relevant projects you've worked on. We want to see how your skills align with what we're looking for!
Show Off Your Technical Skills: Don’t hold back on showcasing your technical prowess! Mention your experience with CI/CD tools, rule-based detection engines, and any programming languages you’re comfortable with, especially Python. This is your chance to impress us with your knowledge!
Be Clear and Concise: When writing your application, keep it clear and to the point. Use bullet points where possible to make it easy for us to read through your qualifications and experiences. We appreciate a well-structured application that gets straight to the good stuff!
Apply Through Our Website: We encourage you to apply directly through our website. It’s the best way to ensure your application gets to the right people. Plus, it shows us you’re keen and know how to navigate the process like a pro!
How to prepare for a job interview at Cabinet Office
✨Know Your Tech Inside Out
Make sure you’re well-versed in the query languages mentioned in the job description, like KQL, SPL, and SQL. Brush up on your knowledge of detection engines and CI/CD pipelines, especially if you've worked with Python. Being able to discuss your experience confidently will show that you're the right fit for the role.
✨Showcase Your Problem-Solving Skills
Prepare examples of how you've developed and optimised detection rules in the past. Think about specific challenges you faced and how you overcame them. This will demonstrate your analytical skills and ability to reduce false positives, which is crucial for this position.
✨Familiarise Yourself with Cyber Security Frameworks
Get to grips with industry frameworks like MITRE ATT&CK. Be ready to discuss how you can translate TTPs into behavioural detections. Showing that you understand these frameworks will highlight your commitment to enhancing cyber resilience.
✨Ask Insightful Questions
Prepare thoughtful questions about the GC3's current projects or future initiatives. This not only shows your interest in the role but also gives you a chance to demonstrate your knowledge of government cyber security. It’s a great way to engage with the interviewers and leave a lasting impression.
