Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Design and build security detections to protect against cyber threats.
- Company: Join a leading cybersecurity firm with a focus on innovation.
- Benefits: Enjoy remote work, competitive salary, and opportunities for professional growth.
- Why this job: Make a real difference in cybersecurity by creating impactful detection solutions.
- Qualifications: Hands-on experience in detection engineering and strong skills in KQL and SPL.
- Other info: Dynamic team environment with a focus on continuous learning and development.
The predicted salary is between 60000 - 80000 £ per year.
This role is for a hands-on detection engineer whose primary job is designing, building and maintaining security detections. You will spend the majority of your time:
- Writing detection logic
- Improving signal quality
- Expanding ATT&CK coverage
- Testing and tuning detections
- Working with threat intel and incident response to convert findings into new detections
This is not a SOC analyst, SIEM administrator, SecOps generalist, cloud security, IAM, or vulnerability management role.
Responsibilities:
- Design and implement behaviour based detections in Microsoft Sentinel (KQL) and Splunk (SPL)
- Own detection logic end-to-end: creation, testing, tuning, false-positive reduction, lifecycle management
- Map detections to MITRE ATT&CK and track coverage gaps
- Maintain and improve a detection library over time
- Validate detections using: threat hunting, incident learnings, testing frameworks (e.g. Atomic Red Team)
- Work closely with IR and SOC teams, but not perform SOC triage
- Treat detections as a product, not one-off alerts
Skills:
- Hands-on experience authoring detections, not just using SIEMs
- Strong KQL experience writing Sentinel analytics rules
- Strong SPL experience writing Splunk correlation searches
- Experience maintaining detections in production environments
- Clear examples of reducing false positives through logic changes
- Ability to explain why a detection exists, not just how it works
Preferred:
- Experience running or contributing to a detection engineering function
- Detection-as-code (Git, CI/CD, IaC)
- ATT&CK-driven detection coverage modelling
- Threat hunting that directly feeds detection creation
- Experience migrating detections between SIEM platforms
Senior Detection Engineer - Remote in England employer: RiverSafe
Contact Detail:
RiverSafe Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Senior Detection Engineer - Remote in England
✨Tip Number 1
Network, network, network! Reach out to folks in the industry, especially those already working in detection engineering. Use platforms like LinkedIn to connect and engage with them. You never know when a casual chat could lead to a job opportunity!
✨Tip Number 2
Show off your skills! Create a portfolio showcasing your detection logic, KQL queries, and any projects you've worked on. This will give potential employers a clear view of what you can bring to the table. Plus, it’s a great conversation starter during interviews!
✨Tip Number 3
Prepare for technical interviews by brushing up on your knowledge of MITRE ATT&CK and detection methodologies. Be ready to discuss how you've improved signal quality or reduced false positives in past roles. We want to see your thought process and problem-solving skills in action!
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, we love seeing candidates who are proactive about their job search. So, get your application in and let’s get the ball rolling!
We think you need these skills to ace Senior Detection Engineer - Remote in England
Some tips for your application 🫡
Show Off Your Skills: Make sure to highlight your hands-on experience with detection logic and your expertise in KQL and SPL. We want to see clear examples of how you've reduced false positives and improved signal quality in your previous roles.
Tailor Your Application: Don’t just send a generic CV! Tailor your application to reflect the specific responsibilities and skills mentioned in the job description. We love seeing candidates who take the time to connect their experience with what we’re looking for.
Explain Your Thought Process: When discussing your past projects, explain not just how you implemented detections but also why they were necessary. This shows us that you understand the bigger picture and can treat detections as a product, not just one-off alerts.
Apply Through Our Website: We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you’re considered for the role. Plus, it gives you a chance to explore more about us and what we do!
How to prepare for a job interview at RiverSafe
✨Know Your Detection Logic
Make sure you can confidently discuss your experience with writing detection logic. Be prepared to explain how you've designed, tested, and tuned detections in the past, especially using KQL and SPL. Highlight specific examples where you've reduced false positives or improved signal quality.
✨Familiarise Yourself with MITRE ATT&CK
Since mapping detections to MITRE ATT&CK is crucial for this role, brush up on the framework. Be ready to discuss how you've used it to identify coverage gaps and improve detection strategies. Showing that you understand its application will set you apart.
✨Demonstrate Your Hands-On Experience
This isn't just about theory; they want to see your practical skills. Prepare to talk about your hands-on experience in maintaining detections in production environments. Share specific instances where your contributions made a tangible impact on detection capabilities.
✨Engage with Threat Intelligence
Since you'll be working closely with threat intel and incident response teams, be ready to discuss how you've converted findings into new detections. Show that you can treat detections as a product and not just one-off alerts, emphasising your collaborative approach.