Job Description

Vacancy Name

SOC Detection Engineer

Req Number

VN282

Employment Type

Full-Time

Location

Leeds/Hybrid

Position Summary

About Claranet

Founded at the beginning of the dot.com bubble in 1996, our CEO Charles Nasser had a light bulb moment to develop a truly customer-focused IT business. Since then, Claranet has grown from an Internet Service Provider (ISP) in the UK to being one of the leading business modernisation experts, who deliver solutions across 11+ countries.



At Claranet, we're experienced in implementing progressive technology solutions which help our customers solve their epic business challenges. We're committed to understanding their problems, delivering answers quickly, and making a lasting impact to their business.



We are agile, focused and experienced in business modernisation. Our approach helps customers make genuine, significant shifts in their business strategy, to deliver financial savings, boost innovation, and create a resilient business. We continually invest in our people and the latest technologies, so our customers get peace of mind knowing that they have access to the best talent and services.



In the UK we have over 500 staff working in London, Gloucester, Warrington, Leeds or as homeworkers.

Working for Claranet

Here at Claranet we pride ourselves on going the extra mile for and with our employees (yes, we really mean with). We offer an extensive benefits package that you can tailor to your needs, inclusive of a matching contribution pension scheme, healthcare, insurance, dental, discounted gyms and app supported benefit access.



But what we think makes us different is 'Team Claranet,' our dedicated internal part of the business that supports you with matters close to your heart. We proudly support local charities in each of our office locations, support employees with paid charity leave, organise key charity fundraising event per year and have a dedicated committee responsible for supporting employee's fundraising efforts.



Claranet are one of the 10 founding members of TC4RE (Technology Community for Racial Equality.) Being a part of a group of leading UK technology organisations, we are dedicated to building a more diverse and inclusive workforce.

Our Vision

Our vision is to become the most trusted technology solutions partner; renowned for being the best and brightest, having lasting impact with our customers and delivering exceptional returns to our stakeholders.

Duties and Responsibilities

Essential Roles & Responsibilities

As a SOC Detection Engineer, you design, develop, and maintain high-quality detection content to improve threat visibility and reduce risk across customer environments. You apply expert knowledge of attacker tactics and telemetry sources to create and manage scalable, accurate, and resilient detection rules across SOC platforms. Operating as part of the SOC team, you support operations by expanding detection coverage, improving rule performance, and collaborating with threat intelligence, incident response, and platform engineering teams to operationalise threat insights. You also contribute to internal process improvement, customer-facing engagements, and knowledge sharing across the wider SOC team.

Key Responsibilities

Detection Engineering and Delivery - You develop, test, and deploy detection rules across SIEM, XDR, and other SOC platforms, supporting comprehensive, customer-aligned threat coverage Lifecycle Management and Optimisation - You monitor detection performance, tune rules to reduce false positives, and remediate logic or configuration issues caused by changing environments Post-Incident Gap Analysis - You perform detection reviews following incidents to identify missed coverage, determine root causes, and improve detection logic or supporting telemetry Telemetry and Pipeline Management - You manage data baselines and support log pipeline processes such as transformation, filtering, secondary storage, and rehydration Threat Alignment and Use Case Development - You participate in threat modelling, align detection content with frameworks such as MITRE ATT&CK, and support purple team initiatives by analysing and developing detections for red team TTPs Documentation and Process Improvement - You maintain detection coverage matrices, document engineering procedures, and contribute to the ongoing development of detection engineering standards Pre-Sales Support and Collaboration - You assist with scoping and demonstration of detection capabilities for prospective customers and share knowledge across the detection engineering team

Essential Duties

Detection Rule Development

Write and deploy detection rules using structured formats and query languages appropriate to SIEM, endpoint, and extended detection platforms Support detection development using pattern-based, behavioural, and contextual approaches across varied telemetry types Test and validate detection logic in lab or production environments prior to deployment

Rule Tuning and Maintenance

Continuously monitor existing detection content to assess performance, accuracy, and stability Tune rules to reduce false positives, improve alert fidelity, and adapt to evolving threats Investigate detection failures due to environmental changes, misconfigurations, or telemetry gaps

Post-Incident Review and Improvement

Participate in incident retrospectives to identify missed detection opportunities and coverage gaps Develop and deploy new or updated detection content to address root causes Track and record changes in detection artefacts to support transparency and version control

Telemetry & Pipeline Management

Create and maintain log baselines for critical customer log sources Support log pipeline processes, including data transformation, filtering, enrichment, rehydration, and routing to secondary storage Collaborate with platform and automation engineers to align data readiness with detection needs

Threat Alignment & Purple Team Support

Participate in threat modelling exercises based on customer verticals and risk profiles Map detection rules and coverage to frameworks such as MITRE ATT&CK Support red and purple team activities by creating and validating detections for simulated or observed attacker behaviour

Documentation & Knowledge Sharing

Maintain and update detection coverage matrices for each supported environment Document detection engineering processes, tuning procedures, and knowledge artefacts to support repeatability and internal enablement Educate and mentor other team members through peer reviews and shared learning

Pre-Sales Support

Contribute to pre-sales engagements focused on detection engineering, including technical scoping, proof-of-concept design, demos, and webinars Participate in customer-facing workshops, design reviews, integration planning, testing, and documentation activities

Collaboration with Other Teams

SOC Operations

- You collaborate with analysts to ensure that detections generate actionable, triage-ready alerts. You align detection content with emerging threats and operationalise threat intel into actionable rules. You work closely with responders to validate detection outcomes and improve incident-handling efficiency

Offensive Security

-You develop and refine detection logic in response to simulated attacker techniques

Sales and Pre-Sales

- You provide detection engineering insight to support service demonstrations, bid responses, and scoping sessions

Position Specifications

Required Qualifications & Experience

You may be required to hold or obtain UK Non-Police Personnel Vetting (NPPV) and/or a Security Check (SC) clearance as part of this role A minimum of 2+ years of experience in a SOC, threat detection, or security engineering role Proficiency in writing detection rules for structured or platform-specific formats (e.g., behavioural or pattern-based detection languages) Familiarity with threat hunting and log analysis techniques across system, network, and endpoint data sources Understanding of attacker tactics, techniques, and procedures (TTPs) and how they translate into detection logic Practical experience applying the MITRE ATT&CK framework to detection engineering Strong scripting or query language knowledge (e.g., Python, PowerShell, KQL, or equivalents) Solid understanding of security operations tooling including SIEM, EDR/XDR, SOAR, and threat intelligence platforms Experience supporting pre-sales or customer onboarding from a technical perspective Excellent written and verbal communication skills, with a detail-oriented and analytical mindset

You are expected to support and help deliver the platform-specific capabilities outlined in the applicable Technology Profile(s), while collaborating with others to ensure delivery at scale

Technical Knowledge

Detection Engineering Frameworks

- Skilled in rule design, testing, and lifecycle management across diverse detection platforms

Threat Hunting & Log Analysis

- Able to analyse system, endpoint, and network telemetry to identify suspicious patterns and validate detection coverage

Threat Modelling & Framework Alignment

- Experienced in mapping detection content to frameworks such as MITRE ATT&CK and supporting vertical-specific use cases

Scripting & Querying

- Competent in writing scripts and queries to support rule logic, data validation, and detection enrichment

Security Operations Tooling

- Familiar with core SOC toolsets across detection, response, orchestration, and threat intelligence domains

Data Pipeline& Telemetry Management

- Understanding of data flows, transformation, and enrichment processes that affect detection fidelity

Tooling names, query languages, and stack-specific skills are specified in the applicable Technology Profile(s)

Behavioural & Professional Competencies

Communication

- Able to clearly explain detection logic and rule intent to analysts, engineers, and non-technical stakeholders

Problem Solving

- Uses structured investigation and iterative testing to resolve false positives, rule failures, or telemetry issues

Collaboration

- Works effectively across SOC, engineering, threat intel, and customer teams to build detection coverage aligned with service needs

Analytical Thinking

- Brings a disciplined, data-driven approach to detection tuning, gap identification, and use case development

Adaptability

- Comfortable adjusting detection logic and engineering processes to reflect new tools, threats, or customer environments

Customer Empathy and Commercial Awareness

- Understands how detection accuracy and stability contribute to operational value

Continuous Learning

- Maintains familiarity with current threat trends, attacker tradecraft, and tooling advancements

Knowledge Sharing

- Contributes to team growth through documentation, process improvement, and mentoring of other engineers

Professional Development & Career Progression

Claranet supports structured career development for engineering staff. As a SOC Detection Engineer, you will have opportunities to build platform expertise, contribute to internal capability development, and support pre-sales and service optimisation initiatives. This role provides a foundation for progression into senior engineering roles, or technical leadership positions. Professional development is supported through hands-on project involvement, internal mentoring, and recognised certification pathways aligned to detection engineering.

Salary

Competitive