Security Content Engineer

Security Content Engineer (SOC)Location: London (Full time - 5 days onsite)Salary: Up to £65,000 + bonusClearance: Must be eligible for UK Developed Vetting (DV) clearanceWe are seeking an experienced Security Content Engineer to join a high-performing Security Operations Centre (SOC) environment. This role is focused on designing, developing, and optimising detection content to strengthen cyber defence capabilities and improve threat visibility across enterprise environments.You will play a critical role in enhancing detection efficacy, reducing false positives, and ensuring robust coverage against evolving threat landscapes.Key ResponsibilitiesDesign and implement detection use cases across SIEM and SOAR platforms using threat intelligence and incident dataDevelop, map, and maintain detection logic aligned to MITRE ATT&CK frameworksContinuously tune and optimise correlation rules to improve signal-to-noise ratioValidate detection logic through simulations, threat emulation, and red team collaborationWork closely with SOC tooling and engineering teams to ensure efficient data ingestion and parsingDocument detection logic, methodologies, and expected outputs for audit and operational useContribute to post-incident reviews, enhancing detection coverage and response effectivenessMaintain and evolve a repository of use cases, KPIs, and SOC performance metricsRequirements6+ years of commercial experience in SOC content engineering, detection engineering, or SIEM administrationStrong hands-on experience with SIEM platforms and query languages (e.g. SPL, KQL)Solid understanding of detection engineering principles, data modelling, and regexProven experience working with MITRE ATT&CK and threat-informed defence strategiesAbility to design scalable and maintainable detection content in complex environmentsStrong documentation and stakeholder communication skillsDesirableRelevant certifications such as Splunk Enterprise Security, GIAC GCDA, or similarExperience with SOAR platforms and automation workflowsBackground in threat hunting or incident responseIf you are a detection-focused cyber security professional who thrives on building high-quality, intelligence-led SOC content, apply today.