At a Glance
- Tasks: Lead the onboarding of detection rules and enhance global SOC operations.
- Company: Global IT and cyber security solutions provider with a focus on transformation.
- Benefits: Competitive salary, professional development, and the chance to shape security operations.
- Other info: Collaborative environment with opportunities for career growth and influence.
- Why this job: Make a real impact in transforming how a major enterprise handles security detection.
- Qualifications: 4+ years in SOC, strong incident investigation skills, and experience with detection tools.
The predicted salary is between 60000 - 80000 Β£ per year.
This role sits with a global IT and cyber security solutions provider supporting a major enterprise customer through a significant Security Operations transformation. The programme is focused on globalising detection capability, bringing regional detection rules into a single, consistent Global SOC and lifting the maturity of how alerts are triaged, investigated and escalated.
Why This Role Stands Out
- Genuine transformation work rather than BAU monitoring and alert triage
- You will own EMEA detection content end to end as it moves into the Global SOC
- Direct exposure across detection engineering, regional SOC teams and global stakeholders
- Opportunity to shape how a major enterprise actually runs its detection and response operation
- Long term scope with real influence over detection content and analyst workflows
Key Responsibilities
- Lead the onboarding of EMEA detection rules into the Global SOC, ensuring completeness and operational readiness
- Review and validate detection logic, thresholds and expected alert behaviour
- Map detection use cases to recognised threat frameworks such as MITRE ATT&CK
- Identify gaps, duplication and tuning opportunities across existing detection content
- Build clear, practical SOPs for Tier 1 and Tier 2 analysts covering triage, investigation, enrichment and decision points
- Define escalation criteria and handover conditions between regional and global teams
- Perform QA on detections and analyst handling to ensure consistent triage outcomes
- Act as the bridge between EMEA knowledge and the Global SOC, supporting walkthroughs and knowledge transfer
- Maintain strong documentation and traceability between detection logic, threat mapping and operational procedures
Ideal Experience
- Minimum four years in a SOC environment at Tier 2 or equivalent, with strong incident investigation and threat analysis experience
- Proven track record reviewing and tuning detection rules within a SIEM or monitoring platform such as Sentinel, Splunk or similar
- Hands on experience designing or documenting SOPs and analyst playbooks
- Strong understanding of attacker TTPs and mapping detections to frameworks such as MITRE ATT&CK
- Experience working across regional and global teams on standardisation or transformation initiatives
- Comfortable writing and interpreting queries for detection validation and simulation
- Financial services or other regulated environment background is desirable but not essential
- Strong communicator able to work across detection engineering, SOC operations and senior stakeholders
If you have built your career in detection and want to step out of pure alert triage into shaping how a Global SOC actually operates, this is a strong move.
We think you need these skills to ace Senior SOC Detection Engineer
Detection Engineering
Incident Investigation
Threat Analysis
SIEM Proficiency
Sentinel
Splunk
SOP Documentation