Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Design and build scalable detection and response capabilities in security.
- Company: Join a leading tech firm transforming financial technology globally.
- Benefits: Enjoy competitive pay, remote work options, and growth opportunities.
- Why this job: Make a real impact in cybersecurity with cutting-edge tools and technologies.
- Qualifications: Experience in detection engineering and automation is essential.
- Other info: Be part of a diverse team driving innovation in a dynamic environment.
The predicted salary is between 36000 - 60000 ÂŁ per year.
We are seeking a Security Engineer specialising in Detection Engineering and Security Automation to design, build, and operate scalable detection and response capabilities across cloud and enterprise environments. This role focuses on engineering high‑fidelity detections and automating response workflows across platforms such as Rapid7, SentinelOne, and CrowdStrike, using Azure Logic Apps and API‑driven integrations to reduce manual effort and improve response speed. This is a hands‑on engineering role for someone who thinks in attacker behaviours, builds resilient automation, and prefers engineering solutions over manual SOC processes.
Key Responsibilities
- Detection Engineering
- Design, implement, and continuously improve threat detections across endpoint, identity, vulnerability, and cloud telemetry.
- Engineer detections using data from Rapid7, SentinelOne, and CrowdStrike, including behavioural, anomaly‑based, and contextual detections.
- Translate MITRE ATT&CK techniques and real‑world threat intelligence into actionable detection logic.
- Develop and tune detection logic to reduce false positives while preserving signal quality.
- Validate detections through testing, attack simulation, and post‑incident review.
- Maintain detection coverage mapping across the attack lifecycle.
- Security Automation & SOAR
- Design and implement security automation workflows using Azure Logic Apps to support alert triage, enrichment, containment, and response.
- Automate workflows such as:
- Alert enrichment from asset inventories and vulnerability data
- Risk‑based prioritisation using exploitability and exposure context
- Endpoint containment or isolation actions
- Case creation, updates, and closure across security platforms
- Integrate tools via REST APIs, webhooks, and managed connectors.
- Build modular, reusable automation components with robust error handling and observability.
- Integrate and correlate telemetry across Rapid7, SentinelOne, CrowdStrike, and supporting security systems.
- Work closely with security and cloud teams to onboard new data sources and ensure data quality.
- Apply detection‑as‑code and automation‑as‑code principles using version control and structured deployment processes.
- Build dashboards and metrics to measure detection efficacy, alert quality, and automation impact.
- Support incident response by enhancing detections and automations based on real incidents.
- Feed learnings from investigations back into detection logic and response workflows.
- Maintain documentation, playbooks, and runbooks for detections and automations.
- Contribute to purple‑team activities and detection gap analysis.
Required Skills, Experience and Qualifications
- Core Technical Skills
- Proven experience in detection engineering, security operations engineering, or security automation roles.
- Hands‑on experience with Rapid7, SentinelOne, and/or CrowdStrike in detection or response contexts.
- Strong experience building automation using Azure Logic Apps.
- Proficiency integrating systems using REST APIs, JSON payloads, authentication, and pagination.
- Solid understanding of endpoint security, vulnerability management, and attacker tradecraft.
- Deep familiarity with MITRE ATT&CK and behaviour‑based detection methodologies.
- Engineering & Operational Skills
- Strong scripting or engineering background (e.g. Python, PowerShell).
- Experience working with structured data, event pipelines, and telemetry correlation.
- Understanding of alert lifecycle management and incident response workflows.
- Ability to design automation that is safe, resilient, and auditable.
- Preferred
- Experience correlating endpoint, vulnerability, and asset data for risk‑based detection.
- Familiarity with SOAR design patterns and automation governance.
- Exposure to cloud security telemetry and identity‑based attack detection.
- Experience operating in large‑scale or regulated environments.
- Knowledge of CI/CD or infrastructure‑as‑code approaches for security tooling.
About Us
We’re a diverse group of visionary innovators who provide trading and workflow automation software, high‑value analytics, and strategic consulting to corporations, central banks, financial institutions, and governments. Founded in 1999, we’ve achieved tremendous growth by bringing together some of the best and most successful financial technology companies in the world. Over 2,000 of the world’s leading corporations, including 50% of the Fortune 500 and 30% of the world’s central banks, trust ION solutions to manage their cash, in‑house banking, commodity supply chain, trading and risk. Over 800 of the world’s leading banks and broker‑dealers use our electronic trading platforms to operate the world’s financial market infrastructure. ION is a rapidly expanding and dynamic group with 13,000 employees and offices in more than 40 cities around the globe. Our ever‑expanding global footprint, cutting edge products, and over 40,000 customers worldwide provide an unparalleled career experience for those who share our vision. ION is committed to maintaining a supportive and inclusive environment for people with diverse backgrounds and experiences. We respect the varied identities, abilities, cultures, and traditions of the individuals who comprise our organization and recognize the value that different backgrounds and points of view bring to our business. ION adheres to an equal employment opportunity policy that prohibits discriminatory practices or harassment against applicants or employees based on any legally impermissible factor. We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analysing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgement. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.
Security Engineer - Detection Engineering & Automation employer: ION Group
Contact Detail:
ION Group Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Security Engineer - Detection Engineering & Automation
✨Tip Number 1
Network like a pro! Reach out to folks in the industry, attend meetups, and connect with people on LinkedIn. You never know who might have the inside scoop on job openings or can refer you directly.
✨Tip Number 2
Show off your skills! Create a portfolio or GitHub repository showcasing your projects, especially those related to detection engineering and automation. This gives potential employers a taste of what you can do beyond just a CV.
✨Tip Number 3
Prepare for interviews by practising common technical questions and scenarios related to security automation and detection engineering. Mock interviews with friends or mentors can help you feel more confident and ready to impress.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, it shows you’re genuinely interested in joining our team at ION.
We think you need these skills to ace Security Engineer - Detection Engineering & Automation
Some tips for your application 🫡
Tailor Your CV: Make sure your CV is tailored to the role of Security Engineer. Highlight your experience with detection engineering and automation, especially with tools like Rapid7, SentinelOne, and CrowdStrike. We want to see how your skills align with our needs!
Showcase Your Projects: If you've worked on any relevant projects, don’t hold back! Share specific examples where you designed or implemented detection capabilities or automated workflows. This gives us a clear picture of your hands-on experience.
Be Clear and Concise: When writing your application, keep it clear and to the point. Use bullet points for key achievements and avoid jargon unless it's relevant. We appreciate straightforward communication that gets to the heart of your qualifications.
Apply Through Our Website: We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you’re considered for the role. Plus, it’s super easy to do!
How to prepare for a job interview at ION Group
✨Know Your Tools
Familiarise yourself with Rapid7, SentinelOne, and CrowdStrike. Be ready to discuss how you've used these tools in your previous roles, especially in detection engineering and automation. Highlight specific examples where you’ve designed or improved detection capabilities.
✨Understand MITRE ATT&CK
Brush up on the MITRE ATT&CK framework and be prepared to explain how you would translate its techniques into actionable detection logic. This shows that you think like an attacker and can build resilient detections.
✨Showcase Your Automation Skills
Prepare to discuss your experience with Azure Logic Apps and how you've built automation workflows. Bring examples of how you've reduced manual effort and improved response times through automation, as this is key for the role.
✨Be Ready for Scenario Questions
Expect scenario-based questions that test your incident response skills. Think about past incidents you've handled and how you enhanced detections or automations based on those experiences. This will demonstrate your ability to learn and adapt.