£50,000 to 65,000 GBP
Bonus
Hybrid WORKING
Location: Leeds, Yorkshire and the Humber - United Kingdom Type: Permanent

Lead Content Detection Engineer - Leeds
Up to £65,000 + Bonus | SC Clearance Required to Start | DV Sponsorship Available

We are seeking a highly experienced Lead Content Detection Engineer to join a national security-focused Security Operations Centre (SOC) in Leeds. This is a strategic, hands-on role combining technical expertise, leadership, and operational ownership, supporting critical national infrastructure (CNI).

The Role:
As the Detection Engineering Lead, you will define and deliver the strategic direction for content detection across the SOC. You will manage a small team of skilled detection engineers, fostering a culture of technical excellence, knowledge sharing, and continuous improvement. This role requires balancing operational accountability with forward-looking innovation, ensuring the delivery of world-class security detection capabilities.

Key Responsibilities:

• Lead and mentor a team of detection engineers, supporting professional development and workload management.
• Own the detection strategy and roadmap, aligning initiatives with KPIs and contractual requirements.
• Develop, optimise, and maintain high-fidelity detections using Splunk, Microsoft Sentinel, KQL, SPL, and Python for automation and Detection as Code.
• Work closely with cloud platforms (AWS and Azure) to enhance detection capabilities in hybrid environments.
• Monitor networks and leverage threat intelligence to improve detection coverage, incorporating frameworks such as MITRE ATT&CK.
• Drive service improvements and efficiency through automation, tooling, and operational innovation.
• Engage with senior stakeholders, presenting detection effectiveness, KPIs, and continuous improvement initiatives.
• Ensure operational ownership of the SOC’s detection function, balancing strategic planning with day-to-day responsibilities.

Essential Skills and Experience:

• SC clearance required to start; DV sponsorship available.
• Proven expertise with Splunk and Microsoft Sentinel SIEM platforms.
• Strong programming skills in Python, with experience developing automation and Detection as Code pipelines.
• Proficiency in KQL and SPL for creating efficient, high-fidelity detections.
• Solid understanding of security detection methodologies, threat intelligence, and cloud security environments.
• Strong communication and stakeholder management skills.
• Experience in operational leadership, strategy definition, and team management.

Desirable Skills:

• Experience with Detection as Code frameworks.
• Knowledge of React or JavaScript for tooling development.
• Security certifications such as SANS, GIAC, CISSP, CCSP, or vendor-specific certifications (Splunk, AWS, Microsoft).

Work Arrangements:

• Initially 5 days per week onsite in Leeds.
• Once DV clearance is obtained, hybrid working with up to 2 days from home is possible.

Salary & Benefits:

• Competitive base salary up to £65,000 plus performance-based bonus.
• Opportunity to work on high-impact national security projects.
• Professional development and certification support.
• Chance to lead and shape the future of content detection engineering.

This is an exciting opportunity for a proactive, strategic thinker with a passion for security detection and team leadership. You will be at the forefront of protecting critical infrastructure while building a high-performing, technically excellent team.

Reference: AMC-AQU-LCEDB

Postcode: LS1

#adqu