Senior SIEM Content Developer - #1677508

ECS Resource Group


Date: 6 hours ago
City: Edinburgh
Contract type: Full time
Work schedule: Full day
ECS Resource Group

Senior SIEM Content Developer – Detection Engineering | Cyber Security


Location: Newbury - Remote Working - Outside IR35


Team: Cyber Defence Ops


Experience Level: Mid–Senior


The Role


We’re on the hunt for a Senior SIEM Content Developer who lives and breathes detection logic. If you enjoy diving deep into attacker behaviors, writing detection rules that actually catch things (not just flag every login attempt), and helping drive threat visibility across modern tech stacks — this might be for you! You'll be part of a global cyber defence team building and refining detections across SIEM, EDR, and ELK stacks, and collaborating with security analysts, threat hunters, and incident responders to stop threats faster and smarter.


What You'll Be Doing



  • Writing & tuning detection rules across SIEM/EDR/ELK to surface real attacker behaviors (not noise)

  • Analyzing TTPs, threat intel, and real-world incidents to build behavior-based detections (beyond IOC chasing)

  • Rapid-prototyping searches mid-incident to surface lateral movement, C2, or privilege escalation attempts

  • Creating and maintaining detection logic documentation + MITRE ATT&CK coverage mapping

  • Supporting blue team investigations with deep log analysis and quick-turnaround queries

  • Working with multiple data sources: firewalls, EDR, proxy, VPN, NetFlow, etc.


You’ll Fit If You Have



  • 1–3 years writing SIEM/EDR detection content

  • 1+ year in a SOC environment (Tier 2+ preferred)

  • Strong grasp of detection engineering and attacker methodology

  • Solid experience with ELK, Splunk, or similar SIEM platforms

  • Comfort pivoting through logs under pressure and building fast, accurate queries

  • Experience with threat modeling and mapping detections to MITRE ATT&CK

  • Bonus: You've worked with version control for detection rules, or done some detection-as-code


Nice-to-Haves



  • Certs like GCIA, GCIH, CEH, GNFA, GCFA

  • Familiarity with frameworks like Sigma or KQL

  • A side interest in threat hunting or malware behavior


What You’ll Impact



  • How quickly we detect and respond to real threats

  • The signal-to-noise ratio of our security stack

  • Our ability to spot emerging TTPs and adapt quickly


Why Join?



  • Work with a smart, collaborative cyber team that values creativity and curiosity

  • Make real contributions to global security operations

  • Flexible hybrid setup, no micromanaging — just impact

  • Opportunity to own detection content and make your mark in a high-impact space

How to apply

To apply for this job you need to authorize on our website. If you don't have an account yet, please register.

Post a resume

Similar jobs

Senior Corporate Account Handler

Stride Resource Management,
4 hours ago
Working with some of the largest and most complex cases in the region, and indeed the UK insurance market - this is an outstanding career opportunity to join a specialist team at a global insurance broking giant. The role is...

Principal - Control Systems Engineering

ENODA Ltd,
5 hours ago
Job Description Principal - Control Systems Engineering Location Edinburgh EH EG : Description We have a fantastic opportunity for an expert in Control Systems Engineering to lead our Control team in Edinburgh. This role is pivotal to the continued development...

Implementation Lead – UK Market

MEG | Healthcare Quality Management Software,
7 hours ago
Role Overview : At MEG we are looking for an Implementation Lead with 2 to 3 years’ experience of project managing the localisation and configuration of digital workflow solutions within UK Healthcare. The role will normally involve remote client-facing engagements...