Detection Engineering Consultant

One of the most exciting prospects in the UK cyber security sector today, Bridewell is a leading cyber security services company specialising in protecting and transforming critical business functions for some of the world’s most trusted organisations. We are the trusted partner for operators of essential services and provide end-to-end cyber security capabilities that help our clients overcome their security challenges, allowing them to operate safely and securely.

Bridewell holds the Gold level, Investors in People award which we feel solidifies and reflects on the outstanding calibre that makes us truly one team.

We are seeking an experienced Detection Engineering Consultant to join our Detection Engineering team. In this role, you will initially be embedded with one of our clients, supporting and enhancing their cyber detection capability, before going on to work across a range of Bridewell customers.

This is a hands‑on detection engineering role, suited to someone who enjoys working close to operational teams, understands modern attacker behaviours, and is passionate about building high‑quality, threat‑led detections at scale.

For the initial engagement, experience with Microsoft Sentinel detection engineering is highly desirable.

As a Detection Engineering Consultant, you will work closely with client security operations, engineering, and threat intelligence teams to develop, test, and mature detection capabilities across on‑premises and cloud environments.

• Designing, developing, and maintaining high‑fidelity detection logic aligned to real‑world threats.
• Improving existing detection content to reduce alert fatigue and increase signal quality.
• Ensuring detections are robust, well‑tested, and supported by meaningful context and response guidance for SOC analysts and incident responders.
• Translating threat intelligence, attacker TTPs, and research into actionable detection logic.

• Applying threat frameworks such as MITRE ATT&CK and Cyber Kill Chain to guide detection coverage.
• Conducting positive and negative testing of detection logic, including attacker emulation where appropriate.
• Reviewing detection code and processes to identify gaps, weaknesses, or opportunities for improvement.
• Supporting threat hunts and contributing to detection‑led investigations when required.

• Contributing to detection‑as‑code practices, CI/CD pipelines, and validation tooling.
• Developing or maintaining lightweight automation and scripts to improve detection engineering workflows.
• Working with platform and engineering teams to ensure detection content scales reliably across environments.

• Working closely with client stakeholders to understand their environment, risks, and detection priorities.
• Providing clear, practical guidance on detection strategy, coverage, and improvements.
• Communicating technical findings and recommendations in a way that is accessible and actionable.
• Acting as a trusted consultant while representing Bridewell values and best practices.

You’ll have experience of:

• Developing and maintaining detection logic using query languages such as KQL or SPL.
• Working with SIEM and detection platforms such as Microsoft Sentinel, Splunk, or Chronicle.
• Understanding modern attacker techniques, behaviours, and evasion methods.
• Translating threat intelligence into effective detection use cases.
• Working knowledge of Windows, macOS, and/or Linux operating systems.
• Secure, test‑driven engineering practices and detection lifecycle management.
• Writing or maintaining automation scripts (e.g. Python, PowerShell, Bash).
• Working independently while collaborating effectively within multi‑disciplinary teams.
• Operating confidently in production environments at scale.

• Previous experience working as a Detection Engineer within an MSSP or consultancy.
• Strong hands‑on experience with Microsoft Sentinel detection engineering.
• Knowledge of cloud infrastructure and security across Azure, AWS, or GCP.
• Experience developing detections as code and integrating them into CI/CD pipelines.
• Exposure to adversary emulation, purple teaming, or offensive security techniques.
• Familiarity with Infrastructure as Code tools (e.g. Bicep, Terraform).

Our vision is to create a safe, inclusive digital world where people and organisations can thrive. Our values of Do the Right Thing, One Team and Above and Beyond emphasise the importance of the part we play in society, and our commitment to our people and clients. Bridewell will provide a great career opportunity with continual development as well as the following benefits:

• Competitive Salary
• 25 Days Holiday – Plus buy and sell options
• Flexible Working (around core office hours)
• Profit Share Scheme
• Company Pension
• Employee Shareholder Scheme
• Dedicated Training Budget
• Life Assurance
• Cycle to Work Scheme
• Electric Vehicle Scheme
• Private Healthcare (incl. Gym discounts)
• Vision Care
• Birthday off (After 1 year)

One of the most exciting prospects in the UK cyber security sector today, Bridewell is one of the fastest growing cyber security services businesses with a strong track record for delivering complex security projects and providing excellent customer service. Bridewell holds the Gold level Investors in People award which we feel solidifies and reflects on the outstanding calibre that makes us truly one team.

Along with our focus on our people, we also have a big focus on sustainability and recognise the role we play in the fight against climate change. Today, Bridewell is proud to be a carbon negative business.

Bridewell operates a hybrid and flexible working policy; however you will be required to travel to different sites on occasion.

We are committed to creating an equal and inclusive working environment, with the aim that our employees will be truly representative of all sections of society and each person feels respected and able to give their best.