Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Design and build security detections while improving signal quality and expanding coverage.
- Company: Join a forward-thinking cybersecurity firm focused on innovation and collaboration.
- Benefits: Enjoy remote work, competitive salary, and opportunities for professional growth.
- Why this job: Make a real impact in cybersecurity by creating effective detection solutions.
- Qualifications: Hands-on experience with detection logic and strong skills in KQL and SPL.
- Other info: Dynamic role with excellent career advancement potential in a supportive environment.
The predicted salary is between 60000 - 80000 £ per year.
This role is for a hands-on detection engineer whose primary job is designing, building and maintaining security detections. You will spend the majority of your time:
- Writing detection logic
- Improving signal quality
- Expanding ATT&CK coverage
- Testing and tuning detections
- Working with threat intel and incident response to convert findings into new detections
This is not a SOC analyst, SIEM administrator, SecOps generalist, cloud security, IAM, or vulnerability management role.
Responsibilities:
- Design and implement behaviour based detections in Microsoft Sentinel (KQL) and Splunk (SPL)
- Own detection logic end-to-end: creation, testing, tuning, false-positive reduction, lifecycle management
- Map detections to MITRE ATT&CK and track coverage gaps
- Maintain and improve a detection library over time
- Validate detections using: threat hunting, incident learnings, testing frameworks (e.g. Atomic Red Team)
- Work closely with IR and SOC teams, but not perform SOC triage
- Treat detections as a product, not one-off alerts
Skills:
- Hands-on experience authoring detections, not just using SIEMs
- Strong KQL experience writing Sentinel analytics rules
- Strong SPL experience writing Splunk correlation searches
- Experience maintaining detections in production environments
- Clear examples of reducing false positives through logic changes
- Ability to explain why a detection exists, not just how it works
Preferred:
- Experience running or contributing to a detection engineering function
- Detection-as-code (Git, CI/CD, IaC)
- ATT&CK-driven detection coverage modelling
- Threat hunting that directly feeds detection creation
- Experience migrating detections between SIEM platforms
Senior Detection Engineer - Remote in Bury employer: RiverSafe
Contact Detail:
RiverSafe Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Senior Detection Engineer - Remote in Bury
✨Tip Number 1
Network, network, network! Reach out to folks in the industry, especially those already working as detection engineers. Use platforms like LinkedIn to connect and engage with them. You never know when a casual chat could lead to a job opportunity!
✨Tip Number 2
Show off your skills! Create a portfolio showcasing your detection logic, KQL, and SPL examples. This will not only demonstrate your hands-on experience but also give you something tangible to discuss during interviews.
✨Tip Number 3
Prepare for technical interviews by brushing up on your knowledge of MITRE ATT&CK and how it relates to detection engineering. Be ready to explain your thought process behind designing detections and how you've improved signal quality in the past.
✨Tip Number 4
Don’t forget to apply through our website! We love seeing candidates who are genuinely interested in joining our team. Plus, it’s a great way to ensure your application gets the attention it deserves.
We think you need these skills to ace Senior Detection Engineer - Remote in Bury
Some tips for your application 🫡
Show Off Your Skills: Make sure to highlight your hands-on experience with detection logic and your expertise in KQL and SPL. We want to see clear examples of how you've reduced false positives and improved signal quality in your previous roles.
Tailor Your Application: Don’t just send a generic application! Take the time to tailor your CV and cover letter to reflect the specific skills and experiences mentioned in the job description. We love seeing candidates who understand what we’re looking for.
Explain Your Thought Process: When discussing your past projects, explain not just how you built detections but also why they were necessary. We appreciate candidates who can articulate their thought process and the impact of their work on security outcomes.
Apply Through Our Website: We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you don’t miss out on any important updates during the process!
How to prepare for a job interview at RiverSafe
✨Know Your Detection Logic
Make sure you can confidently discuss your experience with writing detection logic. Be prepared to share specific examples of how you've designed, tested, and tuned detections in Microsoft Sentinel and Splunk. This will show that you understand the end-to-end process and can own detection logic.
✨Showcase Your Problem-Solving Skills
Be ready to explain how you've reduced false positives in your previous roles. Use clear examples to illustrate your thought process and the logic changes you implemented. This demonstrates your ability to improve signal quality and treat detections as a product.
✨Familiarise Yourself with MITRE ATT&CK
Since mapping detections to MITRE ATT&CK is crucial for this role, brush up on your knowledge of the framework. Be prepared to discuss how you've tracked coverage gaps and expanded ATT&CK coverage in your past work. This shows that you can think strategically about detection engineering.
✨Collaborate and Communicate
Highlight your experience working closely with incident response and SOC teams. Share examples of how you've converted findings into new detections and validated them using threat hunting or testing frameworks. This will demonstrate your collaborative approach and understanding of the broader security landscape.