Cyber Security - Detection Content Lead
| Posting date: | 28 August 2025 |
|---|---|
| Salary: | £60,300 per year |
| Hours: | Full time |
| Closing date: | 10 September 2025 |
| Location: | Manchester, Greater Manchester |
| Remote working: | Hybrid - work remotely up to 2 days per week |
| Company: | Government Recruitment Service |
| Job type: | Permanent |
| Job reference: | 422793 |
Summary
The Detection Content Lead sets the strategy for developing and maintaining detection rules across security tools. This role blends technical expertise in threats and adversaries with hands-on experience in tooling, data ingestion, and rule deployment. The post holder leads a team of detection engineers and works closely with threat, monitoring, and onboarding teams to deliver high-quality, scalable, and actionable detection content aligned with adversary techniques.
Your day-today responsibilities will be to:
Design, test, and document detection rules to ensure effective coverage with minimal false positives.
Prioritise rule deployment based on threat relevance, data quality, and system performance.
Define and maintain a detection strategy aligned with evolving threats, regularly reviewing coverage and proposing improvements.
Coordinate across threat, monitoring, incident response, onboarding, and engineering teams to align efforts and track progress.
Recommend tooling enhancements, including integrations, technical add-ons, automation, and detection-as-code solutions.
Manage the full content lifecycle—from creation to tuning—ensuring version control and documentation are maintained.
Lead the Detection Content team, aligning work with CSOC operations and supporting the broader Threat Operations strategy.
Due to the requirements of the role, the successful candidates will be required to work full-time (37 hours per week).
Your day-today responsibilities will be to:
Design, test, and document detection rules to ensure effective coverage with minimal false positives.
Prioritise rule deployment based on threat relevance, data quality, and system performance.
Define and maintain a detection strategy aligned with evolving threats, regularly reviewing coverage and proposing improvements.
Coordinate across threat, monitoring, incident response, onboarding, and engineering teams to align efforts and track progress.
Recommend tooling enhancements, including integrations, technical add-ons, automation, and detection-as-code solutions.
Manage the full content lifecycle—from creation to tuning—ensuring version control and documentation are maintained.
Lead the Detection Content team, aligning work with CSOC operations and supporting the broader Threat Operations strategy.
Due to the requirements of the role, the successful candidates will be required to work full-time (37 hours per week).
Proud member of the Disability Confident employer scheme
Disability Confident
About Disability Confident
A Disability Confident employer will generally offer an interview to any applicant that declares they have a disability and meets the minimum criteria for the job as defined by the employer. It is important to note that in certain recruitment situations such as high-volume, seasonal and high-peak times, the employer may wish to limit the overall numbers of interviews offered to both disabled people and non-disabled people. For more details please go to Disability Confident.