Cyber Security - Detection Content Lead

The Detection Content Lead sets the strategy for developing and maintaining detection rules across security tools. This role blends technical expertise in threats and adversaries with hands-on experience in tooling, data ingestion, and rule deployment. The post holder leads a team of detection engineers and works closely with threat, monitoring, and onboarding teams to deliver high-quality, scalable, and actionable detection content aligned with adversary techniques.

• Design, test, and document detection rules to ensure effective coverage with minimal false positives.
• Prioritise rule deployment based on threat relevance, data quality, and system performance.
• Define and maintain a detection strategy aligned with evolving threats, regularly reviewing coverage and proposing improvements.
• Coordinate across threat, monitoring, incident response, onboarding, and engineering teams to align efforts and track progress.
• Recommend tooling enhancements, including integrations, technical add-ons, automation, and detection-as-code solutions.
• Manage the full content lifecycle—from creation to tuning—ensuring version control and documentation are maintained.
• Lead the Detection Content team, aligning work with CSOC operations and supporting the broader Threat Operations strategy.

Due to the requirements of the role, the successful candidates will be required to work full-time (37 hours per week).

You’ll bring a strong interest in threat intelligence and demonstrate experience in:

• Experience in a Security Operations Centre (SOC), including threat and risk analysis, ideally in a large government, enterprise, or managed service environment.
• Familiarity with security platforms such as SIEM, EDR, and threat intelligence tools.
• Proven ability to manage the full lifecycle of detection content—developing, documenting, and maintaining rules.
• Skilled in detection methodologies including modelling, configuration analysis, behavioural patterns, and indicators of compromise.
• Ability to analyse and present complex threat and risk information clearly, tailored to different audiences.
• Experience operating at tactical, operational, and strategic levels, translating technical insights for non-technical stakeholders.
• Experience leading and coaching diverse, distributed teams, ideally in cyber security.

• Exceptional pension
  :
  Employer contribution of 28.97%.
• Generous leave
  : 25 days annual leave (rising to 30 with service), 8 public holidays, and 1 day for the King’s Birthday.
• Flexible working
  :
  Options include full-time, part-time, compressed hours, job sharing, and a hybrid model (minimum 60% on-site).
• Learning and development
  :
  Access to training, technical accreditations, and funded qualifications (subject to approval).
• Inclusion and recognition
  : A culture that champions diversity, enhanced parental leave schemes, annual bonuses, and recognition awards.

Note:

This role requires SC clearance
. To meet national security vetting requirements, you must typically have been resident in the UK for at least five years.

• Seniority level:
  Mid-Senior level
• Employment type:
  
  Full-time
• Job function:
  Information Technology, Consulting, and Strategy/Planning
• Industries: IT Services and IT Consulting and Government Relations Services