Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Design and build security detections to protect against cyber threats.
- Company: Join a leading cybersecurity firm with a focus on innovation.
- Benefits: Remote work, competitive salary, and opportunities for professional growth.
- Why this job: Make a real difference in cybersecurity by creating impactful detection solutions.
- Qualifications: Experience in detection engineering and strong skills in KQL and SPL.
- Other info: Dynamic team environment with a focus on continuous improvement and learning.
The predicted salary is between 60000 - 80000 £ per year.
This role is for a hands-on detection engineer whose primary job is designing, building and maintaining security detections.
You will spend the majority of your time:
- Writing detection logic
- Improving signal quality
- Expanding ATT&CK coverage
- Testing and tuning detections
- Working with threat intel and incident response to convert findings into new detections
This is not a SOC analyst, SIEM administrator, SecOps generalist, cloud security, IAM, or vulnerability management role.
Responsibilities:
- Design and implement behaviour based detections in Microsoft Sentinel (KQL) and Splunk (SPL)
- Own detection logic end-to-end: creation, testing, tuning, false-positive reduction, lifecycle management
- Map detections to MITRE ATT&CK and track coverage gaps
- Maintain and improve a detection library over time
- Validate detections using: threat hunting, incident learnings, testing frameworks (e.g. Atomic Red Team)
- Work closely with IR and SOC teams, but not perform SOC triage
- Treat detections as a product, not one-off alerts
Skills:
- Hands-on experience authoring detections, not just using SIEMs
- Strong KQL experience writing Sentinel analytics rules
- Strong SPL experience writing Splunk correlation searches
- Experience maintaining detections in production environments
- Clear examples of reducing false positives through logic changes
- Ability to explain why a detection exists, not just how it works
Preferred:
- Experience running or contributing to a detection engineering function
- Detection-as-code (Git, CI/CD, IaC)
- ATT&CK-driven detection coverage modelling
- Threat hunting that directly feeds detection creation
- Experience migrating detections between SIEM platforms
Senior Detection Engineer - Remote in Ashton-under-Lyne employer: RiverSafe
Contact Detail:
RiverSafe Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Senior Detection Engineer - Remote in Ashton-under-Lyne
✨Tip Number 1
Get your hands dirty with the tools! Familiarise yourself with KQL and SPL by building your own detection logic. The more you play around, the better you'll understand how to improve signal quality and reduce false positives.
✨Tip Number 2
Network like a pro! Connect with other detection engineers and professionals in the field. Join forums, attend webinars, or even reach out on LinkedIn. You never know who might have the inside scoop on job openings or valuable insights.
✨Tip Number 3
Show off your skills! Create a portfolio showcasing your detection logic and any improvements you've made. This will not only demonstrate your expertise but also give potential employers a clear view of what you can bring to the table.
✨Tip Number 4
Apply through our website! We love seeing passionate candidates who are eager to join our team. Make sure to tailor your application to highlight your experience with detection engineering and how you can contribute to our mission.
We think you need these skills to ace Senior Detection Engineer - Remote in Ashton-under-Lyne
Some tips for your application 🫡
Show Off Your Skills: Make sure to highlight your hands-on experience with detection logic and your expertise in KQL and SPL. We want to see clear examples of how you've reduced false positives and improved signal quality in your previous roles.
Tailor Your Application: Don’t just send a generic CV! Tailor your application to reflect the specific responsibilities and skills mentioned in the job description. We love seeing candidates who take the time to connect their experience with what we’re looking for.
Explain Your Thought Process: When discussing your past projects, explain not just how you built detections but also why they were necessary. We’re interested in your thought process and how you approach detection engineering as a product.
Apply Through Our Website: We encourage you to apply through our website for the best chance of getting noticed. It’s the easiest way for us to keep track of your application and ensure it reaches the right people!
How to prepare for a job interview at RiverSafe
✨Know Your Detection Logic
Make sure you can confidently discuss your experience with writing detection logic. Be prepared to explain how you've designed, tested, and tuned detections in the past, especially using KQL and SPL. Highlight specific examples where you've reduced false positives.
✨Familiarise Yourself with MITRE ATT&CK
Since this role involves mapping detections to MITRE ATT&CK, brush up on the framework. Be ready to discuss how you've used it to identify coverage gaps and improve detection strategies. Showing a solid understanding of ATT&CK will impress the interviewers.
✨Demonstrate Your Hands-On Experience
This isn't just about theory; they want to see your practical skills. Prepare to share clear examples of your hands-on experience in maintaining detections in production environments. Talk about any challenges you faced and how you overcame them.
✨Collaboration is Key
Even though this role isn't SOC triage, you'll be working closely with IR and SOC teams. Be ready to discuss how you've collaborated with other teams in the past, particularly in converting threat intel into actionable detections. Show that you can treat detections as a product and not just one-off alerts.