Job Specifications
We're looking for a Detection Engineer to join our expanding Information Security team who thrives on innovation, loves working across disciplines, and brings new ideas to the team. This is your chance to take ownership, experiment, and grow into a role with the opportunity to make a real impact.
This isn't your average SOC role. At Our Future Health, the "boring bits" of the SOC are outsourced, leaving you with the exciting, high‑impact work that shapes how we detect and respond to threats at scale. You'll collaborate closely with our inhouse Threat team and our outsourced SOC partner, building unique detection capabilities that go beyond just SIEM detections. Think KQL scripting, Microsoft Sentinel, Azure, Kubernetes, and cloud‑native log sources, all while applying MITRE frameworks and helping to configure and tune other core security controls like DLP to keep us ahead of the threat landscape.
If you want to design detections that matter, and be part of something unique that is the first of it's kind at this scale, then this is the role for you.
At Our Future Health, our mission is to transform the prevention, detection and treatment of conditions such as dementia, cancer, diabetes, heart disease and stroke. We're looking for people to join us on our journey. If you're looking for a new challenge where you can contribute to helping future generations live in good health for longer, then we're keen to speak with you.
What You'll Be Doing
Developing new threat-led detections in collaboration with our threat team based on both threat intelligence and the results of threat hunts
Creating novel analytic methods and techniques for incident detection
Working with our MSP provided SOC to maintain our detection catalogue and tune existing rules
Developing and tuning Data Loss Prevention, Insider Risk Management and other types of security rules within Microsoft Purview and other key security monitoring tools
Alongside our Head of Cyber Defence, supervising the MSP SOC to ensure a high-quality service is provided, detections and other types of engineering work are delivered to the appropriate standard and that the maturity (inc. efficiency) of our security monitoring is continually improving
Supporting the development of automated custom reports on security operational performance and broader security topics (using Sentinel workbooks)
Collaborating with wider tech and security teams on the appropriate security monitoring for our various systems, including cloud platforms, SaaS applications and inhouse developed systems.
Documenting security processes and security tool low-level design/configuration
Contributing to the development of security service delivery and operation documentation
Supporting the security engineers, threat analysts and wider security team with their various responsibilities, including achieving and maintaining ISO 27001 certification and anything that involves KQL
What You Won't Be Doing
Working in a siloed environment with no freedom to make decisions.
Working in a place where you can't see the impact your expertise makes.
Requirements
To succeed in this role you will be able to demonstrate some of the following skills and experience:
Highly proficient in writing KQL and ideally some level of proficiency in Python and Terraform
Significant hands-on experience with Microsoft Sentinel
Experience with Microsoft's Defender suite, in particular Defender for Endpoints and Defender for O365
Experience with Microsoft Entra ID (previously AAD), including the Identity Governance capabilities
Experience with Microsoft Purview tooling, in particular MPIP and Purview Data Loss Prevention
Experience with cloud-native logging (in particular Azure and Kubernetes)
Experience of an ‘everything-as-code', or at least a ‘detection-as-code' approach, including CI/CD pipelines
Exposure to working with/inside an MSP SOC
Exposure to Agile working
Knowledge of attacker Tactics, Techniques and Procedures (TTPs)
Knowledge of statistics, data science and AI/ML, in particular when applied to cyber security
Knowledge of ISO 27001
Desire to be part of a small fast-paced team
Relevant certifications, such as: Microsoft certifications (MS-500, AZ-500, SC-200, SC-300, SC-400), CompTIA Security+, GIAC Security Operations Certified (GSOC), Cloud Security Alliance CCSK
Benefits
Salary from £55,000 per annum
Generous Pension Scheme - We invest in your future with employer contributions of up to 12%
30 Days Holiday + Bank Holidays - Enjoy a generous holiday allowance with the flexibility to take bank holidays when it suits you
Enhanced Parental Leave - Supporting you during life's biggest moments
Cycle to Work Scheme - Save 25-39% on a new bike and accessories through salary sacrifice
Home & Tech Savings - Get up to 8% off on IKEA and Currys products, spreading the cost over 12 months through salary sacrifice
£1,000 Employee Referral Bonus - Know someone amazing? Get rewarded for bringing them on board!
Wellbeing Suppo
About the Company
Our Future Health is the UK’s largest ever health research programme, bringing people together to develop new ways to prevent, detect and treat diseases.
Our mission is to create an incredibly detailed picture of the UK population’s health, by recruiting up to five million adult volunteers from across the UK. Each volunteer will be asked to fill out a questionnaire and provide a blood sample that can be linked to their health records. Taken together, the data will present health researchers with a powerful tool to identify ...
Know more