Senior SIEM Content Developer

2 weeks ago Be among the first 25 applicants

Direct message the job poster from ECS Resource Group

Senior SIEM Content Developer – Detection Engineering | Cyber Security

Location: Newbury - Remote Working - Outside IR35

Team: Cyber Defence Ops

Experience Level: Mid–Senior

The Role

We’re on the hunt for a Senior SIEM Content Developer who lives and breathes detection logic. If you enjoy diving deep into attacker behaviors, writing detection rules that actually catch things (not just flag every login attempt), and helping drive threat visibility across modern tech stacks — this might be for you! You'll be part of a global cyber defence team building and refining detections across SIEM, EDR, and ELK stacks, and collaborating with security analysts, threat hunters, and incident responders to stop threats faster and smarter.

What You'll Be Doing

• Writing & tuning detection rules across SIEM/EDR/ELK to surface real attacker behaviors (not noise)
• Analyzing TTPs, threat intel, and real-world incidents to build behavior-based detections (beyond IOC chasing)
• Rapid-prototyping searches mid-incident to surface lateral movement, C2, or privilege escalation attempts
• Creating and maintaining detection logic documentation + MITRE ATT&CK coverage mapping
• Supporting blue team investigations with deep log analysis and quick-turnaround queries
• Working with multiple data sources: firewalls, EDR, proxy, VPN, NetFlow, etc.
• 1–3 years writing SIEM/EDR detection content
• 1+ year in a SOC environment (Tier 2+ preferred)
• Strong grasp of detection engineering and attacker methodology
• Solid experience with ELK, Splunk, or similar SIEM platforms
• Comfort pivoting through logs under pressure and building fast, accurate queries
• Experience with threat modeling and mapping detections to MITRE ATT&CK
• Bonus: You've worked with version control for detection rules, or done some detection-as-code
• Certs like GCIA, GCIH, CEH, GNFA, GCFA
• Familiarity with frameworks like Sigma or KQL
• A side interest in threat hunting or malware behavior

What You’ll Impact

• How quickly we detect and respond to real threats
• The signal-to-noise ratio of our security stack
• Our ability to spot emerging TTPs and adapt quickly
• Work with a smart, collaborative cyber team that values creativity and curiosity
• Make real contributions to global security operations
• Flexible hybrid setup, no micromanaging — just impact
• Opportunity to own detection content and make your mark in a high-impact space

• Seniority level
  Mid-Senior level

• Employment type
  Contract

• Job function
  Information Technology
• Industries
  Telecommunications

Referrals increase your chances of interviewing at ECS Resource Group by 2x

Get notified about new Content Developer jobs in United Kingdom.

Greater London, England, United Kingdom 5 days ago

London, England, United Kingdom 1 week ago

London, England, United Kingdom 2 weeks ago

London, England, United Kingdom 18 hours ago

Leeds, England, United Kingdom 18 hours ago

Greater London, England, United Kingdom 23 hours ago

Oxford, England, United Kingdom 4 weeks ago

Birmingham, England, United Kingdom 18 hours ago

Glasgow, Scotland, United Kingdom 18 hours ago

London, England, United Kingdom 5 months ago

London, England, United Kingdom 5 days ago

London, England, United Kingdom 1 day ago

Leeds, England, United Kingdom 5 days ago

London, England, United Kingdom 4 days ago

Birmingham, England, United Kingdom 2 days ago

Birmingham, England, United Kingdom 5 days ago

London, England, United Kingdom 5 days ago

London, England, United Kingdom 2 days ago

Birmingham, England, United Kingdom 1 day ago

Manchester, England, United Kingdom 2 days ago

London, England, United Kingdom 2 weeks ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.