Cyber Security - Detection Content Lead

Overview

The Detection Content Lead sets the strategy for developing and maintaining detection rules across security tools. This role blends technical expertise in threats and adversaries with hands-on experience in tooling, data ingestion, and rule deployment. The post holder leads a team of detection engineers and works closely with threat, monitoring, and onboarding teams to deliver high-quality, scalable, and actionable detection content aligned with adversary techniques.Responsibilities

Design, test, and document detection rules to ensure effective coverage with minimal false positives.Prioritise rule deployment based on threat relevance, data quality, and system performance.Define and maintain a detection strategy aligned with evolving threats, regularly reviewing coverage and proposing improvements.Coordinate across threat, monitoring, incident response, onboarding, and engineering teams to align efforts and track progress.Recommend tooling enhancements, including integrations, technical add-ons, automation, and detection-as-code solutions.Manage the full content lifecycle from creation to tuning, ensuring version control and documentation are maintained.Lead the Detection Content team, aligning work with CSOC operations and supporting the broader Threat Operations strategy.Qualifications and skills

You will bring a strong interest in threat intelligence and demonstrate experience in:Experience in a Security Operations Centre SOC, including threat and risk analysis, ideally in a large government, enterprise, or managed service environment.Familiarity with security platforms such as SIEM, EDR, and threat intelligence tools.Proven ability to manage the full lifecycle of detection content including developing, documenting, and maintaining rules.Skilled in detection methodologies including modelling, configuration analysis, behavioural patterns, and indicators of compromise.Ability to analyse and present complex threat and risk information clearly, tailored to different audiences.Experience operating at tactical, operational, and strategic levels, translating technical insights for non-technical stakeholders.Experience leading and coaching diverse distributed teams, ideally in cyber security.Benefits

Exceptional pension : Employer contribution of 28.97%Generous leave : 25 days annual leave (rising to 30 with service), 8 public holidays, and 1 day for the King’s BirthdayFlexible working : Options include full-time, part-time, compressed hours, job sharing, and a hybrid model (minimum 60% on-site)Learning and development : Access to training, technical accreditations, and funded qualifications (subject to approval)Inclusion and recognition : A culture that champions diversity, enhanced parental leave schemes, annual bonuses, and recognition awardsRequirements

Please note

This role requires SC clearance. To meet national security vetting requirements, you must typically have been resident in the UK for at least five years.Details

Seniority level: Mid-Senior levelEmployment type: Full-timeJob function: Information Technology, Consulting, and Strategy/PlanningIndustries: IT Services and IT Consulting and Government Relations ..... full job details .....