Senior SOC Detection Engineer in London

Senior SOC Detection Engineer

📍 London, 4 days per week on site with the end client

Company & role

This role sits with a global IT and cyber security solutions provider supporting a major enterprise customer through a significant Security Operations transformation. The programme is focused on globalising detection capability, bringing regional detection rules into a single, consistent Global SOC and lifting the maturity of how alerts are triaged, investigated and escalated.

You will be the detection authority on the EMEA side of that programme. The work is part engineering, part operational design. You will take existing detection content, validate it properly, map it to recognised threat frameworks, and build the SOPs that allow Tier 1 and Tier 2 analysts in the Global SOC to action it consistently.

Why This Role Stands Out

• Genuine transformation work rather than BAU monitoring and alert triage
• You will own EMEA detection content end to end as it moves into the Global SOC
• Direct exposure across detection engineering, regional SOC teams and global stakeholders
• Opportunity to shape how a major enterprise actually runs its detection and response operation
• Long term scope with real influence over detection content and analyst workflows

Key Responsibilities

• Lead the onboarding of EMEA detection rules into the Global SOC, ensuring completeness and operational readiness
• Review and validate detection logic, thresholds and expected alert behaviour
• Map detection use cases to recognised threat frameworks such as MITRE ATT&CK
• Identify gaps, duplication and tuning opportunities across existing detection content
• Build clear, practical SOPs for Tier 1 and Tier 2 analysts covering triage, investigation, enrichment and decision points
• Define escalation criteria and handover conditions between regional and global teams
• Perform QA on detections and analyst handling to ensure consistent triage outcomes
• Act as the bridge between EMEA knowledge and the Global SOC, supporting walkthroughs and knowledge transfer
• Maintain strong documentation and traceability between detection logic, threat mapping and operational procedures

Ideal Experience

• Minimum four years in a SOC environment at Tier 2 or equivalent, with strong incident investigation and threat analysis experience
• Proven track record reviewing and tuning detection rules within a SIEM or monitoring platform such as Sentinel, Splunk or similar
• Hands on experience designing or documenting SOPs and analyst playbooks
• Strong understanding of attacker TTPs and mapping detections to frameworks such as MITRE ATT&CK
• Experience working across regional and global teams on standardisation or transformation initiatives
• Comfortable writing and interpreting queries for detection validation and simulation
• Financial services or other regulated environment background is desirable but not essential
• Strong communicator able to work across detection engineering, SOC operations and senior stakeholders

If you have built your career in detection and want to step out of pure alert triage into shaping how a Global SOC actually operates, this is a strong move.