NCC Group is looking for a Detection Engineer to join the Detection Engineering team. The role will focus on developing, maintaining, and improving Splunk-based security detections across cloud, infrastructure, and custom log sources.
The successful candidate will help turn security risks, threat models, assurance requirements, and log sources into practical detections that can be deployed, tuned, and documented.
-
Develop and maintain detections using Splunk SPL.
- Analyse logs from cloud, infrastructure, application, gateway, Linux, SSH, CDN, vulnerability management, and audit sources.
- Create detections for areas such as:
- cloud security monitoring and cloud control-plane activity,
- infrastructure, platform, and access-related security events,
- bespoke assurance use cases based on customer-specific log sources,
- suspicious or anomalous activity identified through threat models, security testing.
- Review existing detection coverage and identify gaps.
- Assess new log sources and define detection use cases.
- Map detections to MITRE ATT&CK, risk scenarios, and assurance requirements where relevant.
- Tune detections to reduce false positives and improve analyst usability.
- Document detection purpose, logic, alerting criteria, data source, MITRE mapping, false positives, and investigation guidance.
- Support SOC analysts with alert context and investigation advice.
Candidates do not need to meet every requirement, but should have experience in some of the following:
- Splunk SPL or similar query language.
- Security detection engineering, SIEM engineering, threat hunting, or security monitoring.
- Cloud audit logs, especially AWS; GCP or OCI experience is also useful.
- MITRE ATT&CK and common attacker behaviours.
- Kubernetes or container security monitoring.
- Cloud security concepts such as IAM, KMS, security groups, route tables, ACLs, object storage, and service accounts.
- Use of allowlists, thresholds, baselines, aggregation, and anomaly-style detection logic.
- Regex and basic scripting, e.g. Python, Bash, or PowerShell.
- Documentation using Jira, JSM, Confluence, or similar tools.
Desirable Experience:
- Experience with Splunk Enterprise Security and Splunk Security Essentials.
- Experience writing or tuning scheduled alerts..
- Experience reviewing threat models, security testing outputs, or assurance requirements.
- Experience using a detection as code deployment pipeline.
-
Flexible Working: Balance your work and personal life with our flexible working options.
- Generous Holiday Allowance: Enjoy 25 days of holiday, plus bank holidays, with the option to buy up to 5 additional days of annual leave.
- Medicash & Critical Illness Scheme
- Financial & Investment Benefits: Enjoy peace of mind with our Pension, Life Assurance, and Share Save Scheme.
- Community & Volunteering Programmes: Make a difference in your community with our volunteering opportunities.
- Green Car Scheme: Drive green and save money with our eco-friendly car scheme.
- Cycle Scheme: Stay fit and healthy with our cycle-to-work scheme.
- Special Time Off: Take time off for those big moments in life, like getting married/entering into a civil partnership, becoming a grandparent, and welcoming home a new pet.
- Family Planning: Benefit from our generous maternity and paternity leave, as well as time off and support for those undergoing fertility treatments.
We assess, develop and manage cyber threats across our increasingly connected society. We advise global technology, manufacturers, financial institutions, critical national infrastructure providers, retailers and governments on the best way to keep businesses, software and personal data safe.
With our knowledge, experience and global footprint, we are best placed to help businesses identify, assess, mitigate & respond to the risks they face.
We are passionate about making the Internet safer and revolutionising the way in which organisations think about cyber security.
Headquartered in Manchester, UK, with over 35 offices across the world, NCC Group employs more than 2,000 people and is a trusted advisor to 15,000 clients worldwide.
We review every application received and will get in touch if your skills and experience match what we’re looking for. If you don’t hear back from us within 10 days, please don’t be too disappointed – we may keep your CV on our database for any future vacancies and we would encourage you to keep an eye on our career opportunities as there may be other suitable roles.
If you do not want us to retain your details, you can utilise the Manage Your Data tool provided by Pinpoint or contact us directly at:
[email protected]. All personal data is held in accordance with the NCC Group Privacy Notice.
We are committed to diversity and flexibility in the workplace. If you require any reasonable adjustments to support you during the application process, please tell us at any stage.
Please note that this role involves mandatory pre-employment background checks due to the nature of the work NCC Group does. To apply, you must be willing and able to undergo the vetting process.