Senior Detection & Threat Engineer in London

We’re Checkout.com. You might not know our name, but companies like eBay, Spotify, Klarna, Uber, and Sony do, because we’re behind many of the digital experiences you use every day. We are where the world checks out, enabling over 10 billion transactions daily for more than one billion global shoppers. Our platform helps the most ambitious businesses deliver effortless digital experiences, at scale.

The role involves owning and evolving the company’s threat detection and threat-hunting capability. This role defines what “good” looks like for detection and increasingly engineers it directly as capability shifts into Cyber Security. You will understand attacker behaviour, convert it into high-fidelity detection logic, and raise the security baseline for the entire organisation.

You will partner closely with Security Operations, GRC and Engineering—setting standards, direction, and expectations—while progressively taking ownership of the most complex and high-value detection and threat engineering work.

What you’ll be responsible for:

• Engineering high-fidelity threat detections across endpoint, identity, cloud, and SaaS
• Defining detection standards, principles, and quality thresholds for Security Operations
• Conducting proactive threat hunting based on attacker behaviour, not vendor alerts
• Translating threat intelligence and incident learnings into durable, reusable detections
• Mapping detections to MITRE ATT&CK and real-world attack paths
• Reducing alert fatigue through logic refinement, correlation, and contextual enrichment
• Advising and supporting during high-severity security incidents; contribute to runbooks and escalation playbooks
• Driving the transition of advanced detection capability into Cyber Security ownership

What we’re looking for:

• Proven experience in detection engineering, threat hunting, or advanced SOC roles
• Deep understanding of modern attacker tradecraft and intrusion techniques across the attack lifecycle
• Hands-on experience building detection logic in modern SIEM platforms (e.g Sentinel)
• Proficiency with scripting and programming (e.g. Python, KQL) to build detection pipelines and automation
• Willingness to challenge bad detections, weak assumptions, and vanity metrics
• Pragmatic mindset: precision and impact beat coverage theatre
• Experience operating beyond traditional SOC or MSSP models
• Hands-on cloud detection experience (identity, control plane, SaaS)
• Familiarity with threat intelligence platforms and frameworks such as PCI DSS, NIST CSF, SOC 2, ISO27001, CIS Benchmarks, and MITRE ATT&CK for Cloud.

Additional Information:

We create the conditions for high performers to thrive, through real ownership, fewer blockers, and work that makes a difference from day one. Here, you’ll move fast, take on meaningful challenges, and be recognised for the impact you deliver. It’s a place where ambition gets met with opportunity, and where your growth is in your hands.

We work as one team, and we back each other to succeed. So whatever your background or identity, if you’re ready to grow and make a difference, you’ll be right at home here.

It’s important we set you up for success and make our process as accessible as possible. So let us know in your application, or tell your recruiter directly, if you need anything to make your experience or working environment more comfortable.

We understand that work is just one part of your life. Our hybrid working model offers flexibility, with three days per week in the office to support collaboration and connection.