Technical Specialist - Detection, Engineering and Automation

About the Opportunity

Job Type: Permanent

Application Deadline: 31 July 2026

Department: FIL – Global Cybersecurity Operations

Location: Kingswood, Surrey

Reports To: Senior Manager - Detection, Engineering and Automation

Level: 4

We share a commitment to making things better for clients and each other. We continually explore new technology and different ways of working to put our clients first. So bring your boldest ideas to our Cyber Defense Operations team and feel like you’re making progress.

About your team

The Technology function across FIL is responsible for all global aspects of Technology, Digital, Cybersecurity, and Innovation. Fidelity is a value-driven, customer-obsessed organization and in Technology we are fortunate to play a direct role in helping our clients with one of the most important aspects of their lives – their financial well-being.

Within the Technology function is our Global Cyber & Information Security (GCIS) that operates enterprise security services and controls. These are designed to mitigate Cyber and Information Security risks ensuring that Fidelity's business operates securely. The Technical Cybersecurity teams monitor both the internal and external threat environment, responding to security alerts and events in close to real time, as well as providing security assurance and access management services across the enterprise technology and business environment. Our global innovative Cyber Defence Operations team sits within GCIS and provides proactive, cutting-edge solutions to protect clients’ digital assets and infrastructure against evolving cyber threats.

The Detection Engineering & Automation team within our Global Cybersecurity Operations focuses on the development of automated detection capabilities to reduce manual effort of the Global Cybersecurity Operations team freeing up time to focus on real cyber threats. They ensure that security controls are performing effectively and efficiently and that they are feeding into automation technologies allowing the organisation to make intelligent correlated decisions.

About your role

The Detection Engineering & Automation Specialist plays a critical hands-on role in strengthening the Global Cybersecurity Operations capability by building, maintaining and enhancing the security tooling that underpins our detection and response functions. The ideal candidate will work deeply across technologies including SIEM, SOAR, EDR, email security and cloud security platforms, contributing engineering expertise to ensure these controls operate effectively and deliver high-quality telemetry.

You will be responsible for developing and improving detections, building CI/CD pipelines, onboarding new log sources, implementing automation and supporting technical investigations during security incidents. The ideal candidate has experience using a wide range of security technologies to enhance detection coverage, streamline analyst workflows and support the ongoing maintenance and optimisation of critical security controls. This role is essential in supporting engineering maturity and ensuring our cyber defence capabilities remain modern, integrated and responsive to evolving threats.

About you

Key Responsibilities

• Build, maintain and enhance security detections using Sentinel-as-Code, ensuring accurate and high-quality analytics.
• Develop and maintain CI/CD pipelines to automate deployment of detections, automation playbooks and configuration updates.
• Engineer and optimise SOAR automation and integrations to reduce manual analyst workload and streamline response processes.
• Onboard high-value security logs into the SIEM from the backlog, ensuring quality, normalisation and integration into detection logic.
• Support SOC and CIRT during incidents by providing engineering expertise, rapid telemetry onboarding, and timely detection and automation enhancements.
• Maintain and improve security controls across SIEM, SOAR, EDR, email security and network detection tooling.
• Assess and implement tool updates, new features and product enhancements, ensuring their secure and effective adoption across the environment.
• Manage tooling-related incidents with vendors and internal teams, ensuring business impact is known, communicated and minimised.
• Work with global engineering teams to deliver high-priority backlog items and operational improvements.
• Collaborate with front-line analysts to identify quick-win improvements for detections, automation and tooling integrations.
• Produce clear documentation, reporting and quality checks to support engineering delivery and continuous improvement.

Experience and Skills Required

• At least 4 years of experience working in a Detection Engineering function, or a combination of Detection Engineering and hands-on engineering responsibilities within a SOC environment.
• Experience focusing on automation, engineering maturity and continuous improvement within security operations.
• Experience managing and maintaining security tools within a global environment, preferably within Financial Services.
• Hands-on experience developing detections in Microsoft Sentinel, including strong KQL and detection as code practices.
• Proven ability to build and maintain CI/CD pipelines (Azure DevOps, GitHub Actions) for detection, automation and configuration deployments.
• Experience onboarding and operationalising new log sources into a SIEM, ensuring data quality, enrichment and alignment with detection logic.
• Practical experience engineering SIEM, SOAR or EDR platforms and improving their operational effectiveness.
• Experience supporting security incidents from an engineering perspective by enabling telemetry, building detections and enhancing automation under time pressure.
• Strong experience with cloud platforms, particularly AWS and Azure, including their native security telemetry and integrations.
• Experience with email security solutions (such as Proofpoint, Microsoft Defender for Office 365, or equivalent), with a solid understanding of how email telemetry can be used in detection engineering.
• Strong scripting skills (PowerShell, Python, Bash or JavaScript) for automation, integration and tooling improvements.
• Familiarity with YAML/JSON, IaC principles and modern automation frameworks.
• Knowledge of Azure and/or AWS cloud environments and their native security telemetry.
• Strong communication skills with the ability to take technical feedback from SOC/CIRT and translate it into meaningful engineering improvements.
• Analytical mindset with a passion for cybersecurity, process improvement and challenging inefficient workflows.

Preferred Certifications: Microsoft SC 200, AZ 500, AWS Security Specialty, CySA+, SSCP, OSCP.

Feel rewarded

For starters, we’ll offer you a comprehensive benefits package. We’ll value your wellbeing and support your development. And we’ll be as flexible as we can about where and when you work – finding a balance that works for all of us. It’s all part of our commitment to making you feel motivated by the work you do and happy to be part of our team.

As an international financial services organisation, we are in-scope of international regulations in the way that we carry out our work. This position is involved in work that is regulated by the FCA and/or the PRA and their Individual Conduct Rules (COCON) apply to it, along with any other regulation. We provide training on COCON and how it affects our employees. More information about COCON can be found in the Employment Handbook.