Job Description
Welcome to Haleon. We’re a purpose-driven, world-class consumer company putting everyday health in the hands of millions. In just three years since our launch, we’ve grown, evolved and are now entering an exciting new chapter – one filled with bold ambitions and enormous opportunity.
Our trusted portfolio of brands – including Sensodyne®, Panadol®, Advil®, Voltaren®, Theraflu®, Otrivin®, and Centrum® – lead in resilient and growing categories. What sets us apart is our unique blend of deep human understanding and trusted science.
Now it’s time to fully realise the full potential of our business and our people. We do this through our Win as One strategy. It puts our purpose – to deliver better everyday health with humanity – at the heart of everything we do. It unites us, inspires us, and challenges us to be better every day, driven by our agile, performance-focused culture.
About the role
This position is critical to protecting Haleon’s corporate assets and managing its day-to-day operational cyber security defences. It involves the design, development and optimisation of the company’s detection capabilities in order to identify cyber threats at the earliest opportunity. It requires the building of high-quality detection logic and the reduction of false positives to strengthen overall security posture.
Role Responsibilities
Design, develop, and maintain detection rules and use cases across SIEM, EDR, and other security platforms.
Analyse logs and telemetry to identify suspicious activity and detection opportunities.
Continuously improve detection coverage based on emerging threats and intelligence.
Tune and optimise alerts to reduce false positives and improve signal quality.
Collaborate with security operations analysts to validate and refine detection logic.
Translate threat intelligence into actionable detection rules and analytics.
Develop and maintain detection-as-code practices, including version control and testing.
Support incident response by enhancing visibility and creating rapid detections.
Map detections to frameworks such as MITRE ATT&CK to ensure coverage.
Conduct gap analysis and recommend improvements to monitoring capabilities.
Work closely with Security Operations, Threat Intelligence, and Incident Response teams to ensure threats are detected quickly and accurately.
Why you?
Basic Qualifications:
Three years' experience in security operations, detection engineering or threat hunting.
Strong understanding of log sources (e.g., Windows, Linux, network, cloud).
Hands-on experience with SIEM platforms (e.g., Splunk, Sentinel, QRadar).
Familiarity with EDR/XDR tools (e.g., CrowdStrike, Defender, Carbon Black).
Preferred Qualifications:
Bachelor’s degree in Computer Science, Cyber Security or related field (or equivalent experience).
Strong analytical and problem-solving skills.
Knowledge of query languages (e.g., KQL, SPL, SQL).
Understanding of attacker tactics, techniques, and procedures (TTPs).
Experience with MITRE ATT&CK framework.
Attention to detail and quality of detection logic.
Ability to balance detection fidelity with operational efficiency.
Effective communication and collaboration skills.
Experience with scripting or automation (Python, PowerShell, Bash).
Knowledge of cloud security monitoring (AWS, Azure, GCP).
Familiarity with detection engineering methodologies and detection-as-code.
CISSP, GCIA, GCDA, GSOC, GCIH.
Job Posting End Date
2026-06-20
Equal Opportunities
Haleon are committed to mobilising our purpose in a way that represents the diverse consumers and communities who rely on our brands every day. It guides us in creating an inclusive culture, where different backgrounds and views are valued and respected – all in support of understanding and best serving the needs of our consumers and unleashing the full potential of our people. It’s important to us that Haleon is a place where all our employees feel they truly belong.
During the application process, we may ask you to share some personal information, which is entirely voluntary. This information ensures we meet certain regulatory and reporting obligations and supports the development, refinement, and execution of our inclusion and belonging programmes that are open to all Haleon employees.
The personal information you provide will be kept confidential, used only for legitimate business purposes, and will never be used in making any employment decisions, including hiring decisions.
Adjustment or Accommodations Request
If you require a reasonable adjustment or accommodation or other assistance to apply for a job at Haleon at any stage of the application process, please let your recruiter know by providing them with a description of specific adjustments you are requesting. We’ll provide all reasonable adjustments to support you throughout the recruitment process and treat all information you provide us in confidence.
Note to candidates
The Haleon recruitment team will contact you using a Haleon email account (@haleon.com). If you are not sure whether the email you received is from Haleon, please get in touch.