National AI Awards 2025Discover AI's trailblazers! Join us to celebrate innovation and nominate industry leaders.

Nominate & Attend

Senior SIEM Content Developer

Newbury
3 months ago
Applications closed

Related Jobs

View all jobs

Senior Security Engineer

Senior Security Engineer

Cloud Security Consultant, Google Cloud Professional Services

DevSecOps Engineer - ONSITE

Firewall Security Engineer

NMC Cyber Security Engineer

Senior SIEM Content Developer - Detection Engineering | Cyber Security

Location: Newbury - Remote Working - Outside IR35

Team: Cyber Defence Ops

Experience Level: Mid-Senior

The Role

We're on the hunt for a Senior SIEM Content Developer who lives and breathes detection logic. If you enjoy diving deep into attacker behaviors, writing detection rules that actually catch things (not just flag every login attempt), and helping drive threat visibility across modern tech stacks - this might be for you! You'll be part of a global cyber defence team building and refining detections across SIEM, EDR, and ELK stacks, and collaborating with security analysts, threat hunters, and incident responders to stop threats faster and smarter.

🔧 What You'll Be Doing

Writing & tuning detection rules across SIEM/EDR/ELK to surface real attacker behaviors (not noise)
Analyzing TTPs, threat intel, and real-world incidents to build behavior-based detections (beyond IOC chasing)
Rapid-prototyping searches mid-incident to surface lateral movement, C2, or privilege escalation attempts
Creating and maintaining detection logic documentation + MITRE ATT&CK coverage mapping
Supporting blue team investigations with deep log analysis and quick-turnaround queries
Working with multiple data sources: firewalls, EDR, proxy, VPN, NetFlow, etc.

🧩 You'll Fit If You Have

1-3 years writing SIEM/EDR detection content
1+ year in a SOC environment (Tier 2+ preferred)
Strong grasp of detection engineering and attacker methodology
Solid experience with ELK, Splunk, or similar SIEM platforms
Comfort pivoting through logs under pressure and building fast, accurate queries
Experience with threat modeling and mapping detections to MITRE ATT&CK
Bonus: You've worked with version control for detection rules, or done some detection-as-code

✅ Nice-to-Haves

Certs like GCIA, GCIH, CEH, GNFA, GCFA
Familiarity with frameworks like Sigma or KQL
A side interest in threat hunting or malware behavior

📈 What You'll Impact

How quickly we detect and respond to real threats
The signal-to-noise ratio of our security stack
Our ability to spot emerging TTPs and adapt quickly

💬 Why Join?

Work with a smart, collaborative cyber team that values creativity and curiosity
Make real contributions to global security operations
Flexible hybrid setup, no micromanaging - just impact
Opportunity to own detection content and make your mark in a high-impact spaceECS Recruitment Group Ltd is acting as an Employment Business in relation to this vacancy

National AI Awards 2025

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Cyber Security Jobs Skills Radar 2026: Emerging Frameworks, Tools & Certifications to Learn Now

Cyber threats are evolving—and so must the people defending against them. As ransomware, AI-enhanced phishing, and supply chain attacks grow more advanced, UK employers are urgently hiring cyber security professionals with the right mix of strategic and hands-on skills. Welcome to the Cyber Security Jobs Skills Radar 2026, your go-to guide for the most in-demand tools, frameworks, certifications, and technologies shaping the UK's cyber workforce. Whether you're a SOC analyst, penetration tester, or cloud security architect, this annual radar is designed to help you stay ahead of the market.

How to Find Hidden Cyber Security Jobs in the UK Using Professional Bodies like BCS, CIISec & More

The demand for skilled cyber security professionals in the UK has never been higher. With threats increasing in sophistication and frequency, organisations are urgently hiring ethical hackers, threat analysts, GRC specialists, and security architects. But many of the most valuable roles—particularly in government, defence, and critical infrastructure—are never publicly advertised. Instead, these jobs are shared behind the scenes through trusted networks, private communities, and professional bodies. In this article, we explore how to uncover hidden cyber security jobs in the UK using organisations like the BCS (The Chartered Institute for IT), CIISec (The Chartered Institute of Information Security), ISACA, and ISC² UK Chapter. We’ll show you how to use membership directories, special interest groups, CPD events and informal networks to gain early access to roles most people never see.

How to Get a Better Cyber Security Job After a Lay-Off or Redundancy

Redundancy is never easy—especially in a fast-moving field like cyber security, where your skills and experience are constantly evolving. But if you’ve recently been made redundant from a cyber security role, know this: the UK cyber workforce remains in high demand, and your expertise is more valuable than ever. Whether you’re a SOC analyst, penetration tester, incident responder, security architect or GRC specialist, there are still thousands of opportunities across sectors including finance, defence, government, retail, and critical infrastructure. This guide will help you turn redundancy into a career relaunch, with a clear action plan tailored to the UK cyber security job market.