NMC Cyber Security Detection Engineer

Join Police Digital Service as NMC Cyber Security Detection Engineer x 2 Full time Permanent. Salary starting at £50,000.

About Police Digital Service

To protect people from harm in our rapidly changing world, police services must not only keep up with technology and business changes but develop capabilities and ways of working that will enable them to adapt to and deal with the complexity of modern criminality. Police Digital Service strives to be the go-to partner for technology developments and programmes across UK policing. Our team provides technical advice and delivers services to help policing and law enforcement organisations across the UK prioritise and focus on technology efforts. Our vision is to support UK policing to keep people safe, get more from technology investments and make better use of public money, and we’re always on the lookout for great talent to help us achieve this.

The National Management Centre (NMC) is part of Police Digital Service and provides visibility and control of information risks for policing. It supports the 24x7x365 nature of police operations, providing a threat detection and response capability for digital services before, during and after cyber‑attacks, enabling stakeholders to understand and proactively manage risk across the technology estate at both the national and force level.

Key Responsibilities

• Development, maintenance, and deployment of SIEM detection rules for complex technical environments.
• Working alongside wider NMC functions, maintain knowledge of the threat landscape and TTPs employed by threat actors.
• Work across wider NMC functions to ensure detections are relevant and effective.
• Creation of custom solutions using both low‑code and traditional development approaches.
• Optimization of log collection to align with detection requirements.
• Maintain documentation for detection rules to be used by analysts.
• Scoping, testing and implementing new SIEM data connectors.
• Working with wider NMC teams, contributing to Continual Service Improvement and innovations.
• Support with the creation of automation and analyst playbooks.

Essential Skills & Experience

• Experience with log analysis and correlation of large datasets from multiple data sources to identify and investigate attack patterns.
• Experience of supporting and developing SIEM platforms in the context of a Security Operations Centre.
• Experience of log source configuration and parsing, as part of a SIEM implementation, including experience of data normalisation using RegEx.
• Practical experience in the creation, testing, implementation, and support of custom tooling to support Security Operations.
• Experience working with APIs.
• Practical experience in software development and scripting, preferably PowerShell and Python.
• Initiative and the ability to produce quality work without close supervision.
• Good written and verbal communication skills, particularly in relation to technical subjects.
• Attention to detail and genuine passion for maintaining high quality software configuration.
• Broad cyber security awareness and practical experience.
• Experience working with code repositories and CI/CD.
• Ability to acquire SC and NPPV3 level clearances.

Desirable

• Certifications that demonstrate a combination of offensive and defensive knowledge - PNPT / OSCP / BTL2 / GCFA.
• Practical experience in software development and scripting, preferably PowerShell and Python.
• Previous public sector experience.
• Previous SOC or security engineering experience.
• Previous experience monitoring the security of cloud technologies.
• Experience with Microsoft Power Apps / Power Automate and Azure Logic Apps.

Why Join Us?

• Balance is important and we offer 28 days’ annual leave plus bank holidays, rising to 30 days after 5 years of service. Holiday purchase also available.
• Flexible working hours – core hours 8:00–18:00, Monday to Friday (37‑hr week).
• We care about your well‑being – EAP offering welfare benefits and retail discounts.
• Excellent pension scheme and life assurance cover.
• Remote GP, mental health and physiotherapy appointments via video consultation.
• Enhanced maternity and paternity pay with flexible return to work.
• One paid day off per year for volunteering.

Benefits

Police Digital Service (pds.police.uk)

Diversity, equity and inclusion

We are committed to equal opportunity for all and will not discriminate on any grounds. We encourage applications from people from the widest possible span of experience. We particularly welcome applications from Black, Asian and Minority Ethnic (BAME) candidates and people with disabilities.

Working Arrangements

At the NMC, you will benefit from hybrid working, getting the advantages of both face‑to‑face team engagement and home working. NMC employees have the opportunity to work in our modern office environment for in‑person collaboration, however you will also get the opportunity to work from home 2 days a week. All applicants must be eligible for NPPV3 and SC clearances. Successful applicants will require NPPV3 clearance to have been approved before starting with PDS.