Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Design and build security detections to protect against cyber threats.
- Company: Join a leading cybersecurity firm with a focus on innovation.
- Benefits: Enjoy remote work, competitive salary, and opportunities for professional growth.
- Why this job: Make a real difference in cybersecurity by creating impactful detection solutions.
- Qualifications: Hands-on experience in detection engineering and strong skills in KQL and SPL.
- Other info: Dynamic team environment with a focus on continuous learning and development.
The predicted salary is between 60000 - 80000 £ per year.
This role is for a hands-on detection engineer whose primary job is designing, building and maintaining security detections. You will spend the majority of your time:
- Writing detection logic
- Improving signal quality
- Expanding ATT&CK coverage
- Testing and tuning detections
- Working with threat intel and incident response to convert findings into new detections
This is not a SOC analyst, SIEM administrator, SecOps generalist, cloud security, IAM, or vulnerability management role.
Responsibilities:
- Design and implement behaviour based detections in Microsoft Sentinel (KQL) and Splunk (SPL)
- Own detection logic end-to-end: creation, testing, tuning, false-positive reduction, lifecycle management
- Map detections to MITRE ATT&CK and track coverage gaps
- Maintain and improve a detection library over time
- Validate detections using: threat hunting, incident learnings, testing frameworks (e.g. Atomic Red Team)
- Work closely with IR and SOC teams, but not perform SOC triage
- Treat detections as a product, not one-off alerts
Skills:
- Hands-on experience authoring detections, not just using SIEMs
- Strong KQL experience writing Sentinel analytics rules
- Strong SPL experience writing Splunk correlation searches
- Experience maintaining detections in production environments
- Clear examples of reducing false positives through logic changes
- Ability to explain why a detection exists, not just how it works
Preferred:
- Experience running or contributing to a detection engineering function
- Detection-as-code (Git, CI/CD, IaC)
- ATT&CK-driven detection coverage modelling
- Threat hunting that directly feeds detection creation
- Experience migrating detections between SIEM platforms
Senior Detection Engineer - Remote in Bradford employer: RiverSafe
Contact Detail:
RiverSafe Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Senior Detection Engineer - Remote in Bradford
✨Tip Number 1
Network, network, network! Reach out to folks in the industry, especially those already working in detection engineering. Use platforms like LinkedIn to connect and engage with them. You never know when a casual chat could lead to a job opportunity!
✨Tip Number 2
Show off your skills! Create a portfolio showcasing your detection logic, KQL queries, and any projects you've worked on. This gives potential employers a tangible look at what you can do and sets you apart from the crowd.
✨Tip Number 3
Prepare for interviews by brushing up on your knowledge of MITRE ATT&CK and how it relates to detection engineering. Be ready to discuss specific examples of how you've improved signal quality or reduced false positives in your previous roles.
✨Tip Number 4
Don't forget to apply through our website! We love seeing candidates who are genuinely interested in joining our team. Plus, it makes it easier for us to track your application and get back to you quickly.
We think you need these skills to ace Senior Detection Engineer - Remote in Bradford
Some tips for your application 🫡
Show Off Your Skills: Make sure to highlight your hands-on experience with detection logic and your expertise in KQL and SPL. We want to see clear examples of how you've reduced false positives and improved signal quality in your previous roles.
Tailor Your Application: Don’t just send a generic CV! Tailor your application to reflect the specific responsibilities and skills mentioned in the job description. We love seeing candidates who take the time to connect their experience with what we’re looking for.
Explain Your Thought Process: When discussing your past projects, explain not just how you built detections but also why they were necessary. We appreciate candidates who can treat detections as a product and understand the bigger picture.
Apply Through Our Website: We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you don’t miss out on any important updates during the process!
How to prepare for a job interview at RiverSafe
✨Know Your Detection Logic
Make sure you can confidently discuss your experience with writing detection logic, especially in KQL and SPL. Be prepared to share specific examples of how you've designed, tested, and tuned detections in the past.
✨Understand MITRE ATT&CK Framework
Familiarise yourself with the MITRE ATT&CK framework and be ready to explain how you've mapped detections to it. Highlight any gaps you've identified and how you've worked to improve coverage.
✨Showcase Your Problem-Solving Skills
Prepare to discuss instances where you've reduced false positives through logic changes. This is a key part of the role, so having clear examples will demonstrate your hands-on experience and analytical skills.
✨Collaboration is Key
Since you'll be working closely with incident response and SOC teams, be ready to talk about your collaborative experiences. Share how you've treated detections as a product and how you've communicated effectively with other teams.