Detection Content Lead

Posting date:	02 July 2025
Salary:	£60,700 to £66,330 per year
Additional salary information:	New entrants to the Civil Service will start their role on the salary band minimum: £60,300 for National Roles. You may be eligible for an additional non-pensionable allowance, pending a Capability and Skills assessment, with a value of up to £20,100 (l
Hours:	Full time
Closing date:	16 July 2025
Location:	Manchester
Company:	Government Recruitment Service
Job type:	Permanent
Job reference:	414513/1

Summary

The Detection Content Lead sets the strategy for developing and maintaining detection rules across security tools. This role blends technical expertise in threats and adversaries with hands-on experience in tooling, data ingestion, and rule deployment. The post holder leads a team of detection engineers and works closely with threat, monitoring, and onboarding teams to deliver high-quality, scalable, and actionable detection content aligned with adversary techniques.

Your day-today responsibilities will be to:

• Design, test, and document detection rules to ensure effective coverage with minimal false positives.

• Prioritise rule deployment based on threat relevance, data quality, and system performance.

• Define and maintain a detection strategy aligned with evolving threats, regularly reviewing coverage and proposing improvements.

• Coordinate across threat, monitoring, incident response, onboarding, and engineering teams to align efforts and track progress.

• Recommend tooling enhancements, including integrations, technical add-ons, automation, and detection-as-code solutions.

• Manage the full content lifecycle—from creation to tuning—ensuring version control and documentation are maintained.

• Lead the Detection Content team, aligning work with CSOC operations and supporting the broader Threat Operations strategy. 

Due to the requirements of the role, the successful candidates will be required to work full-time (37 hours per week).

Hybrid Working

DDaT is geographically spread across multiple locations with most staff working in line with the Department’s hybrid working arrangements (a minimum of 60% of time in an office location, with the remainder working from home). The successful candidate will be based at Manchester Soapworks and there may be a requirement for occasional travel to other locations.

We are holding a Home Office Cyber Security candidate information event on 14th July 2025; please use the following link to register. Digital, Data and Tech Event: Cyber Security

Proud member of the Disability Confident employer scheme

About Disability Confident

A Disability Confident employer will generally offer an interview to any applicant that declares they have a disability and meets the minimum criteria for the job as defined by the employer. It is important to note that in certain recruitment situations such as high-volume, seasonal and high-peak times, the employer may wish to limit the overall numbers of interviews offered to both disabled people and non-disabled people. For more details please go to Disability Confident.