Senior Threat Detection Engineer

watchTowr is the Preemptive Exposure Management capability trusted by Fortune 500 companies and critical infrastructure providers. By combining proactive threat intelligence, real attacker telemetry, and automated red teaming, watchTowr continuously identifies and validates real exposure so security teams can outrun real‑world threats. When exploitation happens in hours, watchTowr delivers what no one else can: time to respond. We are a global team of operators, researchers, and engineers who have spent years thinking like attackers, and we are building the technology to stop them. Our work is recognised across the industry, with original vulnerability research from watchTowr Labs and innovations like Instinct and Attacker Eye shaping the future of cybersecurity. Backed by $29M in funding, recognised by Gartner, and scaling fast across the globe, we are in a high‑growth phase of our journey and want exceptional people to join us.

Role Overview

We are looking for an ambitious Senior Threat Detection Engineer to join us and work with the watchTowr Labs to expand our offensive security capabilities around threat detection engineering. The role is ideally based in the UK, with exceptions for the right candidate.

Responsibilities

• Engineer high‑fidelity detections for both N‑day and true 0‑day exploitation by translating attacker trade‑craft, payloads, and kill‑chain behaviours into durable detection logic.
• Continuously improve signal quality by reducing noise, validating detections against live attacker activity, and tuning for scale across millions of events per day.
• Build and operate detection pipelines that ingest, normalise, enrich, and correlate honeypot telemetry, vulnerability intelligence, and external threat data in near real time.
• Lead rapid‑reaction detection efforts for emerging threats, working cross‑functionally with Engineering, Research, and Go‑to‑Market teams to turn exploitation into actionable customer insight quickly.
• Operationalise threat intelligence by converting external research, advisories, and PoCs into production‑grade detections and internal knowledge artefacts.
• Author original detection research and threat reports, documenting adversary behaviours, exploitation trends, and detection methodology for both internal stakeholders and external publication.
• Mentor and influence others by setting detection standards, reviewing logic, and helping shape how the organisation approaches threat detection at scale.

Ideal Experience

• 8+ years working with security telemetry at scale, including detection engineering, threat research, SOC, IR, or offensive security roles.
• 3+ years in a threat detection, threat research, or threat intelligence engineering role, with demonstrable ownership of production detections.
• Experience working in an early‑stage B2B startup focusing on enterprise clients.
• Proven experience designing detections from attacker behaviour, not just indicators.
• Strong background in Threat & Vulnerability Intelligence, including vulnerability lifecycles, exploitation timelines, threat actor trade‑craft, and frameworks such as MITRE ATT&CK.
• Hands‑on experience working with honeypot or deception data, internet‑scale telemetry, or high‑noise datasets.
• Deep familiarity with OpenSearch / ELK‑style stacks, including querying, aggregations, pipelines, and detection tuning.
• Strong Python skills, with experience building detection tooling, parsers, enrichment pipelines, or internal analysis frameworks.
• Experience collaborating with product, engineering, and go‑to‑market teams to operationalise detections into customer‑facing outcomes.
• Background in Incident Response, SOC, red teaming, or exploit development is a strong plus.

Benefits

• Competitive compensation – we believe that hard work, skills and ambition should be fairly compensated.
• Meaningful role in a company – you will be a key and early contributor to a fast‑growing cybersecurity business that helps protect some of the world’s largest enterprises.
• The best tools and powerful kit – we enable you with the tools to effectively fulfil your role.
• Endless opportunities – we are in a high‑growth phase of our journey, and plan to promote from within as we scale.
• Work with cyber security experts – we are solving cutting‑edge industry‑wide cyber security challenges with some of the world’s most advanced organisations.

watchTowr is proud to be an Equal Opportunity Employer

At watchTowr, we’re dedicated to fostering an inclusive, respectful, and diverse environment where every individual is recognised for their talent and potential. Our hiring decisions are guided by your capabilities, experience, and what you bring to the role – not by unrelated personal attributes.

We have a zero‑tolerance approach to any form of discrimination or harassment. This includes – but isn’t limited to – discrimination based on race, ethnicity, religion, colour, nationality, sex, sexual orientation, gender identity or expression, age, disability, pregnancy or parental status, veteran status, or any other characteristic protected by law.

We actively encourage people from all backgrounds to apply. Even if you don’t tick every box in the job description, we’d still love to hear from you.