Technical Specialist - Detection, Engineering and Automation in Lower Kingswood

Department FIL – Global Cybersecurity Operations

Location: Kingswood, Surrey

Reports To: Senior Manager - Detection, Engineering and Automation

Level: 4

Job Type: Permanent

Application Deadline: 31 July 2026

About the Team

Technology function across FIL is responsible for all global aspects of Technology, Digital, Cybersecurity and Innovation. Fidelity is a value‑driven, customer‑obsessed organization and in Technology we play a direct role in helping clients with one of the most important aspects of their lives – their financial well‑being. Within the Technology function is GCIS (Global Cyber & Information Security) that operates enterprise security services and controls. These are designed to mitigate Cyber and Information Security risks ensuring that Fidelity's business operates securely. The Technical Cybersecurity teams monitor both the internal and external threat environment, respond to security alerts and events in close to real time, and provide security assurance and access management services across the enterprise technology and business environment. Our global innovative Cyber Defence Operations team sits within GCIS and provides proactive, cutting‑edge solutions to protect clients’ digital assets and infrastructure against evolving cyber threats.

The Detection Engineering & Automation team within Global Cybersecurity Operations focuses on the development of automated detection capabilities to reduce manual effort of the Global Cybersecurity Operations team, freeing up time to focus on real cyber threats. They ensure that security controls are performing effectively and efficiently, feeding into automation technologies and allowing the organisation to make intelligent correlated decisions.

About Your Role

The Detection Engineering & Automation Specialist plays a critical hands‑on role in strengthening the Global Cybersecurity Operations capability by building, maintaining and enhancing the security tooling that underpins our detection and response functions. The ideal candidate will work deeply across technologies including SIEM, SOAR, EDR, email security and cloud security platforms, contributing engineering expertise to ensure these controls operate effectively and deliver high‑quality telemetry. You will be responsible for developing and improving detections, building CI/CD pipelines, onboarding new log sources, implementing automation and supporting technical investigations during security incidents.

Key Responsibilities

• Build, maintain and enhance security detections using Sentinel‑as‑Code, ensuring accurate and high‑quality analytics.
• Develop and maintain CI/CD pipelines to automate deployment of detections, automation playbooks and configuration updates.
• Engineer and optimise SOAR automation and integrations to reduce manual analyst workload and streamline response processes.
• Onboard high‑value security logs into the SIEM from the backlog, ensuring quality, normalisation and integration into detection logic.
• Support SOC and CIRT during incidents by providing engineering expertise, rapid telemetry onboarding, and timely detection and automation enhancements.
• Maintain and improve security controls across SIEM, SOAR, EDR, email security and network detection tooling.
• Assess and implement tool updates, new features and product enhancements, ensuring their secure and effective adoption across the environment.
• Manage tooling‑related incidents with vendors and internal teams, ensuring business impact is known, communicated and minimised.
• Work with global engineering teams to deliver high‑priority backlog items and operational improvements.
• Collaborate with front‑line analysts to identify quick‑win improvements for detections, automation and tooling integrations.
• Produce clear documentation, reporting and quality checks to support engineering delivery and continuous improvement.

Experience and Skills Required

• At least 4 years of experience working in a Detection Engineering function, or a combination of Detection Engineering and hands‑on engineering responsibilities within a SOC environment.
• Experience focusing on automation, engineering maturity and continuous improvement within security operations.
• Experience managing and maintaining security tools within a global environment, preferably within Financial Services.
• Hands‑on experience developing detections in Microsoft Sentinel, including strong KQL and detection as code practices.
• Proven ability to build and maintain CI/CD pipelines (Azure DevOps, GitHub Actions) for detection, automation and configuration deployments.
• Experience onboarding and operationalising new log sources into a SIEM, ensuring data quality, enrichment and alignment with detection logic.
• Practical experience engineering SIEM, SOAR or EDR platforms and improving their operational effectiveness.
• Experience supporting security incidents from an engineering perspective by enabling telemetry, building detections and enhancing automation under time pressure.
• Strong experience with cloud platforms, particularly AWS and Azure, including their native security telemetry and integrations.
• Experience with email security solutions (such as Proofpoint, Microsoft Defender for Office 365, or equivalent), with a solid understanding of how email telemetry can be used in detection engineering.
• Strong scripting skills (PowerShell, Python, Bash or JavaScript) for automation, integration and tooling improvements.
• Familiarity with YAML/JSON, IaC principles and modern automation frameworks.
• Knowledge of Azure and/or AWS cloud environments and their native security telemetry.
• Strong communication skills with the ability to take technical feedback from SOC/CIRT and translate it into meaningful engineering improvements.
• Analytical mindset with a passion for cybersecurity, process improvement and challenging inefficient workflows.

Preferred Certifications

• Microsoft SC 200
• AZ 500
• AWS Security Specialty
• CySA+
• SSCP
• OSCP

Benefits

We’ll offer a comprehensive benefits package to support your wellbeing and development. We also provide flexible working arrangements to help you find a balance that works for everyone.

Regulatory Information

As an international financial services organisation, we are in‑scope of international regulations in the way that we carry out our work. This position is involved in work that is regulated by the FCA and/or the PRA and their Individual Conduct Rules (COCON) apply to it, along with any other regulation. We provide training on COCON and how it affects our employees. More information about COCON can be found in the Employment Handbook.