Job Description
Welcome to Haleon. We’re a purpose-driven, world-class consumer company putting everyday health in the hands of millions. In just three years since our launch, we’ve grown, evolved and are now entering an exciting new chapter – one filled with bold ambitions and enormous opportunity.
Our trusted portfolio of brands – including Sensodyne®, Panadol®, Advil®, Voltaren®, Theraflu®, Otrivin®, and Centrum® – lead in resilient and growing categories. What sets us apart is our unique blend of deep human understanding and trusted science.
Now it’s time to fully realise the full potential of our business and our people. We do this through our Win as One strategy. It puts our purpose – to deliver better everyday health with humanity – at the heart of everything we do. It unites us, inspires us, and challenges us to be better every day, driven by our agile, performance-focused culture.
About the role
This position is critical to protecting Haleon’s corporate assets and managing its day-to-day operational cyber security defences. It involves leading a team responsible for the design, development and maintenance of automation workflows and detection capabilities to identify cyber threats at the earliest opportunity and enhance the company’s cyber security response.
Responsibilities:
The post holder will overall responsibility within the company for:
Designing, developing and maintaining SOAR playbooks to automate security incident detection and response.
Designing, developing and maintaining detection rules and use cases across SIEM, EDR, and other security platforms.
Integrating various security tools (SIEM, EDR, threat intelligence platforms, ticketing systems) into SOAR platforms.
Collaborating with SOC analysts and incident responders to identify automation opportunities.
Developing and maintaining APIs, scripts, and connectors for system integration.
Continuously optimising and improving existing playbooks for performance and accuracy.
Monitoring the health of automation pipelines and troubleshoot failed executions or API connectivity issues
Troubleshooting and resolving issues related to automation workflows and integrations.
Documenting workflows, processes and technical configurations.
Ensuring security best practices are followed in all automation and development activities.
Staying up to date with emerging threats, technologies, and automation techniques.
Analysing logs and telemetry to identify suspicious activity and detection opportunities.
Continuously improving detection coverage based on emerging threats and intelligence.
Tuning and optimising alerts to reduce false positives and improve signal quality.
Collaborating with security operations analysts to validate and refine detection logic.
Translating threat intelligence into actionable detection rules and analytics.
Developing and maintaining detection-as-code practices, including version control and testing.
Supporting incident response by enhancing visibility and creating rapid detections.
Maping detections to frameworks such as MITRE ATT&CK to ensure coverage.
Conducting gap analysis and recommend improvements to monitoring capabilities.
Working closely with Security Operations, Threat Intelligence, and Incident Response teams to ensure threats are detected quickly and accurately.
Why you?
Basic Qualifications:
Three years experience in security operations, detection engineering or SOAR develepment.
Strong understanding of log sources (e.g., Windows, Linux, network, cloud).
Hands-on experience with SIEM platforms (e.g., Splunk, Sentinel, QRadar).
Familiarity with EDR/XDR tools (e.g., CrowdStrike, Defender, Carbon Black).
Strong programming / scripting skills (Python, PowerShell, JavaScript).
Experience of SOAR platforms such as Palo Alto Cortex XSOAR, Splunk SOAR, IBM Resilient.
Experience with REST APIs and system integrations.
Preferred Skills and Experience:
Bachelor’s degree in Computer Science, Cyber Security or related field (or equivalent experience).
Knowledge of DevOps practices and CI/CD pipelines.
Familiarity with MITRE ATT&CK framework.
Experience with containerisation (Docker, Kubernetes).
Ability to communicate complex problems succinctly.
Knowledge of query languages (e.g., KQL, SPL, SQL).
Understanding of attacker tactics, techniques, and procedures (TTPs).
Attention to detail and quality of detection logic.
Ability to balance detection fidelity with operational efficiency.
Experience with scripting or automation (Python, PowerShell, Bash).
Knowledge of cloud security monitoring (AWS, Azure, GCP).
Familiarity with detection engineering methodologies and detection-as-code.
Ability to work within a team environment, sharing workload and responsibility.
Strong analytical and problem-solving skills.
CISSP, GCIA, GCDA, GSOC, GCIH.
Job Posting End Date
2026-06-26
Equal Opportunities
Haleon are committed to mobilising our purpose in a way that represents the diverse consumers and communities who rely on our brands every day. It guides us in creating an inclusive culture, where different backgrounds and views are valued and respected – all in support of understanding and best serving the needs of our consumers and unleashing the full potential of our people. It’s important to us that Haleon is a place where all our employees feel they truly belong.
During the application process, we may ask you to share some personal information, which is entirely voluntary. This information ensures we meet certain regulatory and reporting obligations and supports the development, refinement, and execution of our inclusion and belonging programmes that are open to all Haleon employees.
The personal information you provide will be kept confidential, used only for legitimate business purposes, and will never be used in making any employment decisions, including hiring decisions.
Adjustment or Accommodations Request
If you require a reasonable adjustment or accommodation or other assistance to apply for a job at Haleon at any stage of the application process, please let your recruiter know by providing them with a description of specific adjustments you are requesting. We’ll provide all reasonable adjustments to support you throughout the recruitment process and treat all information you provide us in confidence.
Note to candidates
The Haleon recruitment team will contact you using a Haleon email account (@haleon.com). If you are not sure whether the email you received is from Haleon, please get in touch.