Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Design and optimise detection logic across Microsoft security platforms.
- Company: Join a leading tech firm focused on enhancing cybersecurity.
- Benefits: Remote work, competitive salary, and opportunities for professional growth.
- Why this job: Make a real impact in cybersecurity while developing your technical skills.
- Qualifications: Experience in SOC environments and knowledge of KQL or similar.
- Other info: Gain hands-on experience with cutting-edge security technologies.
The predicted salary is between 36000 - 60000 £ per year.
Location: UK (remote/hybrid)
Stack:
- Microsoft Security: Defender XDR, Sentinel, Entra ID
- SIEM/XDR: Microsoft Sentinel (KQL), SentinelOne (S1QL)
- Exposure to other platforms such as CrowdStrike, or Elastic a plus
- Threat intelligence integration and detection tuning
- Tooling: KQL, S1QL, PowerShell, API usage
Join us and help strengthen the defensive capability of the organisations we support. You will focus on building, tuning, and improving detection logic across Microsoft and modern XDR platforms. This role sits at the centre of threat detection, platform optimisation, and continuous improvement. You’ll work closely with SOC analysts, engineers, and threat intelligence practitioners to build high-quality detections.
Technical responsibilities
- Design, build, and tune detection logic across Sentinel and XDR platforms.
- Write and optimise KQL and S1QL queries for detection and hunting scenarios.
- Improve signal quality through tuning, suppression logic, and data validation.
- Review and enhance existing analytic rules for coverage, performance, and operational effectiveness.
- Develop threat hunting queries and support proactive detection improvement initiatives.
- Assist with detection testing and validation across endpoint, identity, and cloud telemetry.
Platform & engineering responsibilities
- Understand how telemetry from endpoints, identity, cloud, and network sources feeds into SIEM/XDR platforms.
- Support optimisation of logging pipelines and signal ingestion where required.
- Contribute to detection-as-code, structured rule development, and repeatable deployment practices.
Customer & collaboration
- Work closely with SOC teams to refine detections based on operational feedback.
- Liaise with threat intelligence contributors to align detections with emerging attacker techniques.
- Support customer discussions around detection coverage, tuning, and maturity improvements.
- Contribute to internal documentation, detection standards, and knowledge sharing.
- Collaborate with engineering and architecture teams to improve overall security posture.
What we’re looking for
Must have:
- Practical experience working in a SOC or security operations environment.
- Knowledge of KQL, or equivalent, and some experience writing or tuning detections.
- Solid understanding of common attack techniques across identity, endpoint, and cloud.
- Experience working with Microsoft security tooling, ideally Sentinel or Defender XDR.
- Ability to think analytically about signal quality, false positives, and detection gaps.
- Comfortable working independently and taking ownership of technical outcomes.
Nice to have:
- Experience with SentinelOne and S1QL.
- Exposure to threat intelligence workflows and mapping detections to MITRE ATT&CK.
- Familiarity with automation or scripting (PowerShell, Python).
- Understanding of logging pipelines and data onboarding (AMA, Syslog, etc.).
- Exposure to detection-as-code or CI/CD workflows.
- Experience working in an MSSP or consultancy environment.
What this role gives you
- A path into engineering-led detection design.
- Deep, hands-on experience across modern SIEM and XDR platforms.
- Exposure to real-world attacker behaviours and evolving threat patterns.
- The opportunity to directly improve the effectiveness of security teams.
- A stepping stone toward senior engineering or architecture roles.
Detection Engineer in London employer: Cybanetix
Contact Detail:
Cybanetix Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Detection Engineer in London
✨Tip Number 1
Network, network, network! Get out there and connect with folks in the industry. Attend meetups, webinars, or even online forums related to detection engineering. You never know who might have a lead on your dream job!
✨Tip Number 2
Show off your skills! Create a portfolio showcasing your KQL and S1QL queries, detection logic, or any projects you've worked on. This gives potential employers a taste of what you can do and sets you apart from the crowd.
✨Tip Number 3
Don’t just apply blindly! Tailor your approach for each application. Highlight your experience with Microsoft security tools and how you’ve improved detection logic in past roles. Make it clear why you’re the perfect fit for their team.
✨Tip Number 4
Keep learning and stay updated! The world of threat detection is always evolving. Follow industry news, take online courses, and get familiar with the latest tools and techniques. This shows employers that you’re proactive and passionate about your field.
We think you need these skills to ace Detection Engineer in London
Some tips for your application 🫡
Tailor Your CV: Make sure your CV reflects the skills and experiences that match the Detection Engineer role. Highlight your experience with KQL, Microsoft security tools, and any relevant SOC work. We want to see how you can contribute to our mission!
Craft a Compelling Cover Letter: Your cover letter is your chance to shine! Use it to explain why you're passionate about threat detection and how your background aligns with our needs. Be sure to mention any specific projects or achievements that showcase your expertise.
Showcase Your Technical Skills: When applying, don’t forget to highlight your technical skills, especially in KQL, S1QL, and PowerShell. We love seeing examples of how you've used these tools to improve detection logic or signal quality in past roles.
Apply Through Our Website: We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you’re considered for the role. Plus, it shows you’re keen on joining our team at StudySmarter!
How to prepare for a job interview at Cybanetix
✨Know Your Tech Stack
Familiarise yourself with Microsoft Security tools like Defender XDR and Sentinel. Brush up on KQL and S1QL, as you'll likely be asked to demonstrate your understanding of these during the interview. Being able to discuss how you've used these tools in past roles will show you're ready to hit the ground running.
✨Showcase Your Analytical Skills
Prepare to talk about your experience with threat detection and tuning. Think of specific examples where you improved signal quality or reduced false positives. This will highlight your analytical thinking and problem-solving skills, which are crucial for a Detection Engineer.
✨Understand the Bigger Picture
Be ready to discuss how detection logic fits into the overall security posture of an organisation. Show that you understand the importance of collaboration with SOC teams and threat intelligence contributors. This will demonstrate your ability to work well in a team and contribute to continuous improvement.
✨Ask Insightful Questions
Prepare some thoughtful questions about the company's approach to threat detection and their current challenges. This not only shows your interest in the role but also gives you a chance to assess if the company aligns with your career goals. Plus, it can spark a great conversation!