Detection Engineering Consultant

One of the most exciting prospects in the UK cyber security sector today, Bridewell is a leading cyber security services company specialising in protecting and transforming critical business functions for some of the world’s most trusted organisations. We are the trusted partner for operators of essential services and provide end-to-end cyber security capabilities that help our clients overcome their security challenges, allowing them to operate safely and securely.

Bridewell holds the Gold level, Investors in People award which we feel solidifies and reflects on the outstanding calibre that makes us truly one team.

We are seeking an experienced Detection Engineering Consultant to join our Detection Engineering team. In this role, you will initially be embedded with one of our clients, supporting and enhancing their cyber detection capability, before going on to work across a range of Bridewell customers.

This is a hands‑on detection engineering role, suited to someone who enjoys working close to operational teams, understands modern attacker behaviours, and is passionate about building high‑quality, threat‑led detections at scale.

For the initial engagement, experience with Microsoft Sentinel detection engineering is highly desirable.

As a Detection Engineering Consultant, you will work closely with client security operations, engineering, and threat intelligence teams to develop, test, and mature detection capabilities across on‑premises and cloud environments.

• Designing, developing, and maintaining high‑fidelity detection logic aligned to real‑world threats.
• Improving existing detection content to reduce alert fatigue and increase signal quality.
• Ensuring detections are robust, well‑tested, and supported by meaningful context and response guidance for SOC analysts and incident responders.
• Translating threat intelligence, attacker TTPs, and research into actionable detection logic.

• Applying threat frameworks such as MITRE ATT&CK and Cyber Kill Chain to guide detection coverage.
• Conducting positive and negative testing of detection logic, including attacker emulation where appropriate.
• Reviewing detection code and processes to identify gaps, weaknesses, or opportunities for improvement.
• Supporting threat hunts and contributing to detection‑led investigations when required.

• Contributing to detection‑as‑code practices, CI/CD pipelines, and validation tooling.
• Developing or maintaining lightweight automation and scripts to improve detection engineering workflows.
• Working with platform and engineering teams to ensure detection content scales reliably across environments.

• Working closely with client stakeholders to understand their environment, risks, and detection priorities.
• Providing clear, practical guidance on detection strategy, coverage, and improvements.
• Communicating technical findings and recommendations in a way that is accessible and actionable.
• Acting as a trusted consultant while representing Bridewell values and best practices.

You’ll have experience of:

• Developing and maintaining detection logic using query languages such as KQL or SPL.
• Working with SIEM and detection platforms such as Microsoft Sentinel, Splunk, or Chronicle.
• Understanding modern attacker techniques, behaviours, and evasion methods.
• Translating threat intelligence into effective detection use cases.
• Working knowledge of Windows, macOS, and/or Linux operating systems.
• Secure, test‑driven engineering practices and detection lifecycle management.
• Writing or maintaining automation scripts (e.g. Python, Power Shell, Bash).
• Working independently while collaborating effectively within multi‑disciplinary teams.
• Operating confidently in production environments at scale.

• Previous experience working as a Detection Engineer within an MSSP or consultancy.
• Strong hands‑on experience with Microsoft Sentinel detection engineering.
• Knowledge of cloud infrastructure and security across Azure, AWS,…