Contract Threat Detection Engineer (Delivery Focused)

Our client is seeking a contract Threat Detection Engineer to support the ongoing delivery of detection engineering activities within a busy SOC environment. This role is centred on hands-on engineering and execution, ensuring detection content, automations, and integrations are delivered effectively and aligned to operational priorities.

Working closely with threat hunting and SOC teams, you will translate detection requirements into practical outcomes, contributing directly to sprint-based delivery and continuous service improvement. This is a highly technical role suited to someone who enjoys building, tuning, and optimising detection capabilities across modern security platforms.

Key Responsibilities

• Develop and deliver detection content in line with sprint priorities and operational requirements
• Create and refine SIEM correlation rules, dashboards, and reports to enhance proactive threat detection and monitoring
• Build, deploy, and maintain automated playbooks across SOAR and related security platforms
• Integrate threat intelligence sources, security tools, and custom logic into automated workflows
• Continuously tune and optimise SIEM rules and SOAR playbooks to improve detection accuracy and reduce false positives
• Integrate internal and third-party systems with SIEM and SOAR platforms using APIs and custom connectors
• Support ongoing sprint activities, daily progress updates, and ad-hoc engineering tasks to improve SOC service delivery
• Contribute to post-incident reviews by developing new detections and response automations
• Develop and maintain log parsers for a variety of data sources
• Produce clear documentation for processes, workflows, and integrations to support knowledge sharing and customer onboarding

About You

• Strong background in security operations, detection engineering, or security content development
• Hands-on experience working with enterprise SIEM platforms and detection rule tuning
• Proven experience delivering work within agile or sprint-based environments
• Practical experience building and maintaining SOAR playbooks and automations
• Good understanding of common attack techniques, TTPs, and frameworks such as MITRE ATT&CK
• Scripting or automation capability (e.g., Python, PowerShell, JSON, REST APIs)
• Strong analytical and problem-solving skills with a methodical approach to engineering delivery
• Experience working in a SOC or MSSP environment
• Familiarity with EDR/XDR platforms and threat hunting methodologies
• Exposure to CI/CD pipelines for deploying detection content is advantageous

This contract role is ideal for a hands-on detection engineer who enjoys delivering high-quality security content, improving automation, and enhancing SOC detection capabilities in a fast-paced operational environment.