Detection Engineer

We currently have an exciting opportunity for a Detection Engineer to join our existing experienced team.

• Design, implement, and optimise detection logic, rules, and use cases in SIEM, EDR, and related platforms.
• Tune existing alerts and rules to reduce false positives and enhance detection fidelity.
• Monitor, analyse, and investigate security alerts to identify potential threats and malicious activity.
• Conduct threat hunting activities to proactively discover hidden or advanced threats.
• Collaborate with Incident Response teams to provide detection insights and support investigations.
• Maintain and improve detection coverage based on emerging threats, adversary tactics (MITRE ATT&CK), and threat intelligence.
• Develop automation scripts and playbooks to streamline detection and alert triage processes.
• Document detection processes, use cases, and provide knowledge transfer to SOC analysts.

• Relevant qualification(s) in Cyber Security, or other related technical roles
• Examples:
  • Degree in Cyber Security, Computer Science, Networks etc.
  • Professional Qualifications from organisations such as CompTIA, ISACA etc.
  • Technical qualifications in security and technology such as (but not limited to) cloud computing, SIEM, Vulnerability Scanning/Management etc.

• Strong experience with Security Information and Event Management (SIEM) tools, in order of preference:
• Elastic Security (Mandatory)
• Sentinel (Optional)
• Splunk (Optional)
• Hands‑on knowledge of Endpoint Detection & Response (EDR) solutions (e.g., Elastic XDR, Microsoft Defender, CrowdStrike, Carbon Black, SentinelOne).
• Practical understanding of log sources across network, endpoint, cloud, and identity platforms.
• Solid knowledge of MITRE ATT&CK framework and application in detection engineering.
• Proficiency in detection rule development using query languages (e.g., ESQL, KQL, Lucene).
• Experience in incident detection, triage, and analysis in SOC or related environments.
• Understanding of malware techniques, lateral movement, persistence mechanisms, and threat actor TTPs.

• Exposure to cloud security monitoring (AWS, Azure, GCP logging and detections).
• Knowledge of SOAR platforms and automation playbook creation.
• Experience with YARA, Sigma, or Snort/Suricata rule writing.
• Familiarity with container and Kubernetes security monitoring.
• Threat intelligence analysis and integrating threat intel into detection workflows.
• Knowledge of offensive security/red teaming methodologies to improve detection coverage.
• Familiarity with scripting/programming (Python, PowerShell, or similar) for automation and detection enrichment.

SiXworks is a leading provider of secure digital solutions, specialising in digital experimentation and focused on fail‑safe‑fast cutting‑edge technology solutions deployed in highly secure environments. We are unified in our mission to accelerate innovation and adoption of secure, digital technology to improve the operational agility of Defence and National Security. This is an exciting time for us, we have ambitious plans for continued growth and development, and we are seeking to add brilliant, experienced, motivated, and passionate people to our team to work with us on this journey.

Our team is a fusion of brilliance, featuring senior operational, technical, and business leaders from various industries and the armed forces. We're also powered by a league of extraordinary IT engineers, architects, developers, and project managers. Together, we're an unstoppable force of digital innovation!

SiXworks offers a unique work culture around our core principles Agility, Security, Innovation, Quality, Collaboration and Inclusivity. Together, these six principles form SiXworks'NORTH STAR, guiding the organisation towards success. This is reflected in the raft of benefits available to all our employees.

• 25 days annual leave + bank holidays
• Private Medical Insurance
• Life Assurance Scheme
• Pension scheme
• Professional Development opportunities
• Cycle to Work scheme
• Perks at Work scheme
• Discretionary Bonus scheme

Due to the secure nature of the position and working environment, you must have, or be eligible to obtain Security Clearance.

United Kingdom Security Vetting: clearance levels - GOV.UK (www.gov.uk)