Threat Detection Engineer - 2
Remote · United Kingdom
Job Summary
Threat Detection Engineer - 2 responsible for building detection rules and supporting the response life cycle; hands-on with SIEM and security infrastructure (log parsers, IaC, detection rules, automation scripts); create automations and lambda functions for data enrichment and phishing remediation; support threat hunting across AWS, GCP, internal apps, and employee endpoints (Windows and macOS); collaborate with the Threat Detection & Response team to build detections and improve tooling; identify opportunities to enhance internal tools and improve response efficiency; contribute to complex incident investigations coordinating with security, IT, and engineering teams; require strong knowledge of Splunk/Chronicle/Panther and cloud/Desktop security concepts; communicate effectively and share knowledge to colleagues.
Required Qualifications
- Strong knowledge with one of the following: Splunk, Chronicle, Panther
- Strong understanding of modern attack and defence techniques applicable to Cloud (AWS, GCP), SaaS (Google Workspace, Okta) and desktop (Windows, macOS) environments
- Hands-on with security automation; scripting and end-to-end automated workflows
- Experience with writing automation and scripts; familiarity with SOAR platforms
- Excellent spoken and written communication skills
- Experience with threat hunting and incident response across AWS, GCP, internal apps, and endpoints
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.