Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Design and build security detections to protect against cyber threats.
- Company: Join a leading cybersecurity firm with a focus on innovation.
- Benefits: Enjoy remote work, competitive salary, and opportunities for professional growth.
- Why this job: Make a real difference in cybersecurity by creating impactful detection solutions.
- Qualifications: Hands-on experience in detection engineering and strong skills in KQL and SPL.
- Other info: Dynamic team environment with a focus on continuous learning and development.
The predicted salary is between 60000 - 80000 £ per year.
This role is for a hands-on detection engineer whose primary job is designing, building and maintaining security detections. You will spend the majority of your time:
- Writing detection logic
- Improving signal quality
- Expanding ATT&CK coverage
- Testing and tuning detections
- Working with threat intel and incident response to convert findings into new detections
This is not a SOC analyst, SIEM administrator, SecOps generalist, cloud security, IAM, or vulnerability management role.
Responsibilities:
- Design and implement behaviour based detections in Microsoft Sentinel (KQL) and Splunk (SPL)
- Own detection logic end-to-end: creation, testing, tuning, false-positive reduction, lifecycle management
- Map detections to MITRE ATT&CK and track coverage gaps
- Maintain and improve a detection library over time
- Validate detections using: threat hunting, incident learnings, testing frameworks (e.g. Atomic Red Team)
- Work closely with IR and SOC teams, but not perform SOC triage
- Treat detections as a product, not one-off alerts
Skills:
- Hands-on experience authoring detections, not just using SIEMs
- Strong KQL experience writing Sentinel analytics rules
- Strong SPL experience writing Splunk correlation searches
- Experience maintaining detections in production environments
- Clear examples of reducing false positives through logic changes
- Ability to explain why a detection exists, not just how it works
Preferred:
- Experience running or contributing to a detection engineering function
- Detection-as-code (Git, CI/CD, IaC)
- ATT&CK-driven detection coverage modelling
- Threat hunting that directly feeds detection creation
- Experience migrating detections between SIEM platforms
Senior Detection Engineer - Remote in Slough employer: RiverSafe
Contact Detail:
RiverSafe Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Senior Detection Engineer - Remote in Slough
✨Tip Number 1
Network, network, network! Reach out to folks in the industry, especially those already working in detection engineering. Use platforms like LinkedIn to connect and engage with them. You never know when a casual chat could lead to a job opportunity!
✨Tip Number 2
Show off your skills! Create a portfolio showcasing your detection logic, KQL queries, and any projects you've worked on. This gives potential employers a tangible look at what you can do and sets you apart from the crowd.
✨Tip Number 3
Prepare for interviews by brushing up on your knowledge of MITRE ATT&CK and how it relates to detection engineering. Be ready to discuss your experience with reducing false positives and improving signal quality. We want to see your thought process!
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, we love seeing candidates who are proactive about their job search!
We think you need these skills to ace Senior Detection Engineer - Remote in Slough
Some tips for your application 🫡
Show Off Your Skills: Make sure to highlight your hands-on experience with detection logic and your expertise in KQL and SPL. We want to see clear examples of how you've reduced false positives and improved signal quality in your previous roles.
Tailor Your Application: Don’t just send a generic application! Take the time to tailor your CV and cover letter to reflect the specific skills and experiences mentioned in the job description. We love seeing candidates who take the extra step to connect their background with what we’re looking for.
Be Clear and Concise: When writing your application, keep it clear and to the point. We appreciate well-structured applications that get straight to the heart of your relevant experience and how it aligns with our needs as a detection engineer.
Apply Through Our Website: We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you’re considered for the role. Plus, it shows us you’re keen on joining the StudySmarter team!
How to prepare for a job interview at RiverSafe
✨Know Your Detection Logic
Make sure you can confidently discuss your experience with writing detection logic, especially in KQL and SPL. Be prepared to share specific examples of how you've designed, tested, and tuned detections in the past.
✨Understand MITRE ATT&CK
Familiarise yourself with the MITRE ATT&CK framework and be ready to explain how you've mapped detections to it. Highlight any gaps you've identified and how you've worked to improve coverage in your previous roles.
✨Showcase Your Problem-Solving Skills
Prepare to discuss instances where you've reduced false positives through logic changes. This is a key part of the role, so having clear examples will demonstrate your hands-on experience and analytical thinking.
✨Collaboration is Key
Since you'll be working closely with incident response and SOC teams, be ready to talk about your collaborative experiences. Share how you've communicated detection findings and contributed to team efforts in threat hunting or incident learnings.