Back to jobs
Desirable Experience:
Detection Engineer
GBR Manchester Hardman BoulevardPosted Yesterday
Full-timeonsite
Job Description
Detection Engineer
Department: Cyber Services and Capabilities
Employment Type: Full Time
Location: GBR Manchester Hardman Boulevard
Description
NCC Group is looking for a Detection Engineer to join the Detection Engineering team. The role will focus on developing, maintaining, and improving Splunk-based security detections across cloud, infrastructure, and custom log sources.
The successful candidate will help turn security risks, threat models, assurance requirements, and log sources into practical detections that can be deployed, tuned, and documented.
The successful candidate will help turn security risks, threat models, assurance requirements, and log sources into practical detections that can be deployed, tuned, and documented.
Key Responsibilities
- Develop and maintain detections using Splunk SPL.
- Analyse logs from cloud, infrastructure, application, gateway, Linux, SSH, CDN, vulnerability management, and audit sources.
- Create detections for areas such as:
- cloud security monitoring and cloud control-plane activity,
- infrastructure, platform, and access-related security events,
- bespoke assurance use cases based on customer-specific log sources,
- suspicious or anomalous activity identified through threat models, security testing.
- Review existing detection coverage and identify gaps.
- Assess new log sources and define detection use cases.
- Map detections to MITRE ATT&CK, risk scenarios, and assurance requirements where relevant.
- Tune detections to reduce false positives and improve analyst usability.
- Document detection purpose, logic, alerting criteria, data source, MITRE mapping, false positives, and investigation guidance.
- Support SOC analysts with alert context and investigation advice.
Skills, Knowledge & Expertise
Candidates do not need to meet every requirement, but should have experience in some of the following:
- Splunk SPL or similar query language.
- Security detection engineering, SIEM engineering, threat hunting, or security monitoring.
- Cloud audit logs, especially AWS; GCP or OCI experience is also useful.
- MITRE ATT&CK and common attacker behaviours.
- Kubernetes or container security monitoring.
- Cloud security concepts such as IAM, KMS, security groups, route tables, ACLs, object storage, and service accounts.
- Use of allowlists, thresholds, baselines, aggregation, and anomaly-style detection logic.
- Regex and basic scripting, e.g. Python, Bash, or PowerShell.
- Documentation using Jira, JSM, Confluence, or similar tools.
Desirable Experience:
- Experience with Splunk Enterprise Security and Splunk Security Essentials.
- Experience writing or tuning scheduled alerts..
- Experience reviewing threat models, security testing outputs, or assurance requirements.
- Experience using a detection as code deployment pipeline.
Job Benefits
- Flexible Working: Balance your work and personal life with our flexible working options.
- Generous Holiday Allowance: Enjoy 25 days of holiday, plus bank holidays, with the option to buy up to 5 additional days of annual leave.
- Medicash & Critical Illness Scheme
- Financial & Investment Benefits: Enjoy peace of mind with our Pension, Life Assurance, and Share Save Scheme.
- Community & Volunteering Programmes: Make a difference in your community with our volunteering opportunities.
- Green Car Scheme: Drive green and save money with our eco-friendly car scheme.
- Cycle Scheme: Stay fit and healthy with our cycle-to-work scheme.
- Special Time Off: Take time off for those big moments in life, like getting married/entering into a civil partnership, becoming a grandparent, and welcoming home a new pet.
- Family Planning: Benefit from our generous maternity and paternity leave, as well as time off and support for those undergoing fertility treatments.