×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Security Manager

Security Engineer - Detection Engineering & Automation

Job in Greater London, London, Greater London, W1B, England, UK
Listing for: ION
Full Time position
Listed on 2026-02-15
Job specializations:
  • IT/Tech
    Cybersecurity, Security Manager
Salary/Wage Range or Industry Benchmark: 100000 - 125000 GBP Yearly GBP 100000.00 125000.00 YEAR
Job Description & How to Apply Below
Location: Greater London

The Role:

We are seeking a Security Engineer specialising in Detection Engineering and Security Automationto design, build, and operate scalable detection and response capabilities across cloud and enterprise environments.

This role focuses on engineering high-fidelity detections and automating response workflowsacross platforms such as Rapid7, Sentinel One, and Crowd Strike, using Azure Logic Appsand API-driven integrations to reduce manual effort and improve response speed.

This is a hands‑on engineering role for someone who thinks in attacker behaviours, builds resilient automation, and prefers engineering solutions over manual SOC processes.

Key Responsibilities
  • Detection Engineering
  • Design, implement, and continuously improve threat detections across endpoint, identity, vulnerability, and cloud telemetry.
  • Engineer detections using data from Rapid7, Sentinel One, and Crowd Strike, including behavioural, anomaly-based, and contextual detections.
  • Translate MITRE ATT&CK techniques and real‑world threat intelligence into actionable detection logic.
  • Develop and tune detection logic to reduce false positives while preserving signal quality.
  • Validate detections through testing, attack simulation, and post‑incident review.
  • Maintain detection coverage mapping across the attack lifecycle.
  • Security Automation & SOAR
  • Design and implement security automation workflows using Azure Logic Apps to support alert triage, enrichment, containment, and response.
  • Automate workflows such as:
  • Alert enrichment from asset inventories and vulnerability data
  • Risk‑based prioritisation using exploitability and exposure context
  • Endpoint containment or isolation actions
  • Case creation, updates, and closure across security platforms
  • Integrate tools via REST APIs, webhooks, and managed connectors.
  • Build modular, reusable automation components with robust error handling and observability.
  • Platform Integration & Engineering
  • Integrate and correlate telemetry across Rapid7, Sentinel One, Crowd Strike, and supporting security systems.
  • Work closely with security and cloud teams to onboard new data sources and ensure data quality.
  • Apply detection‑as‑code and automation‑as‑code principles using version control and structured deployment processes.
  • Build dashboards and metrics to measure detection efficacy, alert quality, and automation impact.
  • Incident Response & Continuous Improvement
  • Support incident response by enhancing detections and automations based on real incidents.
  • Feed learnings from investigations back into detection logic and response workflows.
  • Maintain documentation, playbooks, and runbooks for detections and automations.
  • Contribute to purple‑team activities and detection gap analysis.
Required Skills, Experience and Qualifications
  • Core Technical Skills
  • Proven experience in detection engineering, security operations engineering, or security automation roles.
  • Hands‑on experience with Rapid7, Sentinel One, and/or Crowd Strike in detection or response contexts.
  • Strong experience building automation using Azure Logic Apps.
  • Proficiency integrating systems using REST APIs, JSON payloads, authentication, and pagination.
  • Solid understanding of endpoint security, vulnerability management, and attacker tradecraft.
  • Deep familiarity with MITRE ATT&CK and behaviour‑based detection methodologies.
  • Engineering & Operational Skills
  • Strong scripting or engineering background (e.g. Python, Power Shell).
  • Experience working with structured data, event pipelines, and telemetry correlation.
  • Understanding of alert lifecycle management and incident response workflows.
  • Ability to design automation that is safe, resilient, and auditable.
  • Preferred
  • Experience correlating endpoint, vulnerability, and asset data for risk‑based detection.
  • Familiarity with SOAR design patterns and automation governance.
  • Exposure to cloud security telemetry and identity‑based attack detection.
  • Experience operating in large‑scale or regulated environments.
  • Knowledge of CI/CD or infrastructure‑as‑code approaches for security tooling.
About us

We’re a diverse group of visionary innovators who provide trading and workflow automation software, high‑value analytics, and strategic consulting to corporations, central…

Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search