Detection Engineer

Detection Engineer \| UK Remote \| Permanent \| £50,000 - £55,000

Peaple Talent have partnered with a client in the UK who are hiring for a remote Detection Engineer, our client is a MSSP and are seeking a passionate individual to join their CSOC function, with a shared goal of becoming a world-class, next-generation MXDR provider delivering real value and protection to their clients.

This role is ideal for a proactive and technically skilled professional with a strong interest in threat detection, attacker methodologies, incident response, and scalable security solutions. It offers the opportunity to make a meaningful impact while working in a collaborative and forward-thinking environment.

Our client supports the digital infrastructure of hundreds of organisations globally. The successful candidate will enjoy tacking complex security challenges, working extensively with Microsoft technologies such as Sentinel, KQL, and Defender XDR, and contributing to innovative security operations.

This role focuses on applying expertise in detection engineering and security operations to design and implement advanced integrations, detections, and automations within the Microsoft security ecosystem. Responsibilities include developing scalable solutions using Microsoft Sentinel, Microsoft Defender XDR, and KQL, while integration various security tools such as firewalls, email filtering platforms, and web proxies.

Strong scripting ability (Python, PowerShell, KQL) and hands-on experience with APIs and case management systems will be key to enhancing threat detection and response capabilities.

Key Responsibilities:

• Develop, manage, and optimise scripts, functions, and Logic Apps that integrate with our client’s CSOC platform
• Lead the technical migration of log sources into Microsoft Sentinel (SIEM)
• Monitor the performance and impact of newly deployed detection content within the SIEM
• Configure and onboard new customers into Microsoft Sentinel
• Identify opportunities to streamline analyst workflows through automation and build end-to-end solutions
• Integrate security tools and platforms using APIs across our client and customer environments
• Configure and utilise SOAR capabilities, including Azure Logic Apps and Azure Functions (Python)
• Ensure adherence to internal policies, processes, and procedures
• Provide coaching and mentorship to team members where appropriate
• Develop and maintain playbooks and runbooks aligned to new detections and content
• Create and document operational processes and procedures
• Proactively utilise available toolsets to identify potential compromises within customer environments
• Communicate effectively with both technical and non-technical stakeholders in a collaborative manner
• Work cross-functionally within our client, acting as a subject matter expert in security
• Analyse emerging threats and develop detection logic for new rules and use cases
• Stay current with the evolving threat landscape
• Design and refine security alerts and incident detection strategies

Key Experience Required:

• Strong curiosity and a willingness to challenge conventional approaches
• Solid technical knowledge of Microsoft Threat Protection and Azure Security
• Experience with SIEM platforms, particularly Microsoft Sentinel
• Familiarity with query languages, ideally KQL
• Programming or scripting experience (Python, JavaScript)
• Degree in Computer Science or equivalent practical experience
• Understanding of the MITRE ATT\&CK framework or similar security models
• Relevant Microsoft certifications (e.g. MS-500, AZ-500, SC-100, SC-200, SC-300, SC-401

If you are interested in this position, please apply directly on LinkedIn with an up to date copy of your CV.