Senior SIEM Content Developer

Senior SIEM Content Developer - Detection Engineering | Cyber Security

Location: Newbury - Remote Working - Outside IR35

Team: Cyber Defence Ops

Experience Level: Mid-Senior

The Role

We're on the hunt for a Senior SIEM Content Developer who lives and breathes detection logic. If you enjoy diving deep into attacker behaviors, writing detection rules that actually catch things (not just flag every login attempt), and helping drive threat visibility across modern tech stacks - this might be for you! You'll be part of a global cyber defence team building and refining detections across SIEM, EDR, and ELK stacks, and collaborating with security analysts, threat hunters, and incident responders to stop threats faster and smarter.

🔧 What You'll Be Doing

Writing & tuning detection rules across SIEM/EDR/ELK to surface real attacker behaviors (not noise)
Analyzing TTPs, threat intel, and real-world incidents to build behavior-based detections (beyond IOC chasing)
Rapid-prototyping searches mid-incident to surface lateral movement, C2, or privilege escalation attempts
Creating and maintaining detection logic documentation + MITRE ATT&CK coverage mapping
Supporting blue team investigations with deep log analysis and quick-turnaround queries
Working with multiple data sources: firewalls, EDR, proxy, VPN, NetFlow, etc.

🧩 You'll Fit If You Have

1-3 years writing SIEM/EDR detection content
1+ year in a SOC environment (Tier 2+ preferred)
Strong grasp of detection engineering and attacker methodology
Solid experience with ELK, Splunk, or similar SIEM platforms
Comfort pivoting through logs under pressure and building fast, accurate queries
Experience with threat modeling and mapping detections to MITRE ATT&CK
Bonus: You've worked with version control for detection rules, or done some detection-as-code

✅ Nice-to-Haves

Certs like GCIA, GCIH, CEH, GNFA, GCFA
Familiarity with frameworks like Sigma or KQL
A side interest in threat hunting or malware behavior

📈 What You'll Impact

How quickly we detect and respond to real threats
The signal-to-noise ratio of our security stack
Our ability to spot emerging TTPs and adapt quickly

💬 Why Join?

Work with a smart, collaborative cyber team that values creativity and curiosity
Make real contributions to global security operations
Flexible hybrid setup, no micromanaging - just impact
Opportunity to own detection content and make your mark in a high-impact spaceECS Recruitment Group Ltd is acting as an Employment Business in relation to this vacancy