Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Design and build security detections while improving signal quality and expanding coverage.
- Company: Join a forward-thinking cybersecurity firm focused on innovation and collaboration.
- Benefits: Enjoy remote work, competitive salary, and opportunities for professional growth.
- Why this job: Make a real impact in cybersecurity by creating effective detection solutions.
- Qualifications: Hands-on experience with KQL and SPL, plus a passion for detection engineering.
- Other info: Dynamic role with a focus on continuous improvement and teamwork.
The predicted salary is between 60000 - 80000 £ per year.
This role is for a hands-on detection engineer whose primary job is designing, building and maintaining security detections. You will spend the majority of your time:
- Writing detection logic
- Improving signal quality
- Expanding ATT&CK coverage
- Testing and tuning detections
- Working with threat intel and incident response to convert findings into new detections
This is not a SOC analyst, SIEM administrator, SecOps generalist, cloud security, IAM, or vulnerability management role.
Responsibilities:
- Design and implement behaviour based detections in Microsoft Sentinel (KQL) and Splunk (SPL)
- Own detection logic end-to-end: creation, testing, tuning, false-positive reduction, lifecycle management
- Map detections to MITRE ATT&CK and track coverage gaps
- Maintain and improve a detection library over time
- Validate detections using: threat hunting, incident learnings, testing frameworks (e.g. Atomic Red Team)
- Work closely with IR and SOC teams, but not perform SOC triage
- Treat detections as a product, not one-off alerts
Skills:
- Hands-on experience authoring detections, not just using SIEMs
- Strong KQL experience writing Sentinel analytics rules
- Strong SPL experience writing Splunk correlation searches
- Experience maintaining detections in production environments
- Clear examples of reducing false positives through logic changes
- Ability to explain why a detection exists, not just how it works
Preferred:
- Experience running or contributing to a detection engineering function
- Detection-as-code (Git, CI/CD, IaC)
- ATT&CK-driven detection coverage modelling
- Threat hunting that directly feeds detection creation
- Experience migrating detections between SIEM platforms
Senior Detection Engineer - Remote in City of London employer: RiverSafe
Contact Detail:
RiverSafe Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Senior Detection Engineer - Remote in City of London
✨Tip Number 1
Network, network, network! Reach out to folks in the industry, especially those already working in detection engineering. Use platforms like LinkedIn to connect and engage with them. You never know when a casual chat could lead to a job opportunity!
✨Tip Number 2
Show off your skills! Create a portfolio showcasing your detection logic, KQL, and SPL examples. This will not only demonstrate your hands-on experience but also give you something tangible to discuss during interviews.
✨Tip Number 3
Prepare for technical interviews by brushing up on your knowledge of MITRE ATT&CK and how it relates to detection engineering. Be ready to explain your thought process behind designing detections and how you've improved signal quality in the past.
✨Tip Number 4
Don’t forget to apply through our website! We love seeing candidates who are genuinely interested in joining our team. Plus, it’s a great way to ensure your application gets the attention it deserves.
We think you need these skills to ace Senior Detection Engineer - Remote in City of London
Some tips for your application 🫡
Show Off Your Skills: When you're writing your application, make sure to highlight your hands-on experience with detection logic. We want to see clear examples of how you've designed and implemented detections, especially in Microsoft Sentinel and Splunk. Don't hold back on those KQL and SPL skills!
Be Specific About Your Experience: We love details! Share specific instances where you've reduced false positives or improved signal quality. This helps us understand your thought process and how you tackle challenges in detection engineering.
Connect the Dots with ATT&CK: Make sure to mention how you've mapped detections to MITRE ATT&CK. We’re looking for someone who understands the framework and can track coverage gaps effectively. Show us that you treat detections as a product!
Apply Through Our Website: Don’t forget to apply through our website! It’s the best way for us to keep track of your application and ensure it gets the attention it deserves. We can’t wait to see what you bring to the table!
How to prepare for a job interview at RiverSafe
✨Know Your Detection Logic
Make sure you can confidently discuss your experience with writing detection logic. Be prepared to explain how you've designed, tested, and tuned detections in the past, especially using KQL and SPL. Having specific examples ready will show that you truly understand the intricacies of detection engineering.
✨Showcase Your Problem-Solving Skills
During the interview, highlight instances where you've reduced false positives or improved signal quality. Discuss the methods you used to achieve these results and how you approached challenges. This will demonstrate your hands-on experience and ability to treat detections as a product.
✨Familiarise Yourself with MITRE ATT&CK
Since mapping detections to MITRE ATT&CK is crucial for this role, brush up on your knowledge of the framework. Be ready to discuss how you've tracked coverage gaps in previous roles and how you would approach expanding ATT&CK coverage in this position.
✨Collaborate and Communicate
This role involves working closely with incident response and SOC teams, so be prepared to talk about your collaboration experiences. Share examples of how you've effectively communicated detection findings and worked with other teams to convert insights into actionable detections.