Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Design and build security detections to protect against cyber threats.
- Company: Join a forward-thinking tech company focused on cybersecurity.
- Benefits: Remote work, competitive salary, and opportunities for professional growth.
- Why this job: Make a real difference in cybersecurity by creating impactful detection solutions.
- Qualifications: Experience in detection engineering and strong skills in KQL and SPL.
- Other info: Dynamic role with a focus on innovation and collaboration.
The predicted salary is between 60000 - 80000 £ per year.
This role is for a hands-on detection engineer whose primary job is designing, building and maintaining security detections.
You will spend the majority of your time:
- Writing detection logic
- Improving signal quality
- Expanding ATT&CK coverage
- Testing and tuning detections
- Working with threat intel and incident response to convert findings into new detections
This is not a SOC analyst, SIEM administrator, SecOps generalist, cloud security, IAM, or vulnerability management role.
Responsibilities:
- Design and implement behaviour based detections in Microsoft Sentinel (KQL) and Splunk (SPL)
- Own detection logic end-to-end: creation, testing, tuning, false-positive reduction, lifecycle management
- Map detections to MITRE ATT&CK and track coverage gaps
- Maintain and improve a detection library over time
- Validate detections using: threat hunting, incident learnings, testing frameworks (e.g. Atomic Red Team)
- Work closely with IR and SOC teams, but not perform SOC triage
- Treat detections as a product, not one-off alerts
Skills:
- Hands-on experience authoring detections, not just using SIEMs
- Strong KQL experience writing Sentinel analytics rules
- Strong SPL experience writing Splunk correlation searches
- Experience maintaining detections in production environments
- Clear examples of reducing false positives through logic changes
- Ability to explain why a detection exists, not just how it works
Preferred:
- Experience running or contributing to a detection engineering function
- Detection-as-code (Git, CI/CD, IaC)
- ATT&CK-driven detection coverage modelling
- Threat hunting that directly feeds detection creation
- Experience migrating detections between SIEM platforms
Senior Detection Engineer - Remote in Manchester employer: RiverSafe
Contact Detail:
RiverSafe Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Senior Detection Engineer - Remote in Manchester
✨Tip Number 1
Get your hands dirty with the tools! Familiarise yourself with KQL and SPL by building your own detection logic. The more you practice, the better you'll understand how to improve signal quality and reduce false positives.
✨Tip Number 2
Network like a pro! Connect with other detection engineers and professionals in the field. Join online forums or attend meetups to share insights and learn about the latest trends in detection engineering.
✨Tip Number 3
Showcase your skills! Create a portfolio of your detection projects, including examples of how you've mapped detections to MITRE ATT&CK and improved existing ones. This will make you stand out when applying for roles.
✨Tip Number 4
Apply through our website! We love seeing candidates who are genuinely interested in our roles. Tailor your application to highlight your hands-on experience and passion for detection engineering.
We think you need these skills to ace Senior Detection Engineer - Remote in Manchester
Some tips for your application 🫡
Show Off Your Skills: Make sure to highlight your hands-on experience with detection logic and your expertise in KQL and SPL. We want to see clear examples of how you've reduced false positives and improved signal quality in your previous roles.
Tailor Your Application: Don’t just send a generic application! Take the time to tailor your CV and cover letter to reflect the specific skills and experiences mentioned in the job description. We love seeing candidates who take the extra step to connect their background to what we’re looking for.
Be Clear and Concise: When writing your application, keep it clear and to the point. We appreciate well-structured applications that get straight to the heart of your relevant experience and how it aligns with our needs as a detection engineer.
Apply Through Our Website: We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you’re considered for the role. Plus, it shows us you’re genuinely interested in joining our team!
How to prepare for a job interview at RiverSafe
✨Know Your Detection Logic
Make sure you can confidently discuss your experience with writing detection logic. Be prepared to explain how you've designed, tested, and tuned detections in the past, especially using KQL and SPL. Highlight specific examples where you've reduced false positives.
✨Familiarise Yourself with MITRE ATT&CK
Since this role involves mapping detections to MITRE ATT&CK, brush up on your knowledge of the framework. Be ready to discuss how you've used it to identify coverage gaps and improve detection strategies in your previous roles.
✨Showcase Your Collaboration Skills
This position requires working closely with incident response and SOC teams. Prepare to share examples of how you've collaborated with other teams in the past, particularly in converting threat intel findings into actionable detections.
✨Treat Detections as a Product
Demonstrate your understanding of treating detections as a product rather than just alerts. Discuss how you've managed the lifecycle of detections, including creation, testing, and ongoing improvements, to show that you have a strategic mindset.