Senior Threat Detection & Response Engineer

Posted 13 days 16 hours ago by McNally Recruitment Ltd

Permanent
Full Time
Other
Lanarkshire, Bellshill, United Kingdom, ML4 1
Job Description
Overview

Our client is seeking a curious and motivated Senior Threat Detection & Response Engineer to build state-of-the-art threat detection, investigation and response (TDIR) capabilities.

This role will work with enterprise clients, and internally, to perform threat-informed detection engineering and threat research, implement security data lakes, SIEM and data pipelines strategies and transform response with SOAR and AI-SOC tooling.

You will have the opportunity to shape everything from our technical architecture and services to our company culture, while working on innovative detection engineering challenges.

Core Requirements
  • 5+ years in cybersecurity, 3+ years focused on detection engineering
  • Proven ability to operationalize threat intelligence into actionable, high-fidelity detections
  • Demonstrable experience with detection-as-code using multiple detection languages - SPL, KQL, YARA-L, Sigma, CoreTIDE, YAML
  • Proficient with Python, Git / GitHub and developing security tooling integrations and automations
  • Hands-on experience of Splunk Cloud, Enterprise Security and SOAR
  • Deep understanding of MITRE ATT&CK and how to apply it practically
  • Familiarity with offensive security concepts, attacker tradecraft or incident response
  • Excellent technical writing and documentation skills
  • Comfortable presenting to technical and non-technical audiences
Preferred Requirements
  • Experience architecting TDIR platforms or leading detection engineering initiatives
  • Expertise with multiple SIEM platforms such as Google SecOps and MS Sentinel
  • Experience using security data lakes and pipelines such as Cribl, Snowflake, Databricks
  • Splunk Certified Architect (or Enterprise Security Admin)
Bonus Points
  • Track record of thought leadership and infosec community contributions (conference talks, blog posts, open source)
  • Red team/penetration testing experience
  • Deep cloud security knowledge (AWS/Azure/GCP)
  • Kubernetes/container security knowledge
  • Other security certifications (GIAC, HTB CAPE, PNPT, GCP/WS/Azure Security)