Detection Engineer

Dyddiad hysbysebu:	20 Ionawr 2026
Cyflog:	£47,670 i £51,690 bob blwyddyn
Gwybodaeth ychwanegol am y cyflog:	Our cyber posts attract a skills based DDAT allowance. This post is subject to a DDAT skills assessed non pensionable allowance. In certain circumstances exceptional candidates may be eligible for a higher starting salary.
Oriau:	Llawn Amser
Dyddiad cau:	08 Chwefror 2026
Lleoliad:	London
Cwmni:	Government Recruitment Service
Math o swydd:	Parhaol
Cyfeirnod swydd:	444435/1

Crynodeb

This is an exciting opportunity to work at the heart of Government cyber security, as part of the Government Cyber Coordination Centre (GC3). The GC3 is a joint initiative sponsored by the Government Digital Service (GDS) and the National Cyber Security Centre (NCSC). The GC3 coordinates the cross-Government response to cyber security vulnerabilities, threats, and incidents, enhancing cyber resilience and enabling the Government to more efficiently and effectively protect public services and “defend as one”.

In June 2025, the Government Cyber Unit moved from the Cabinet Office to the Department for Science, Innovation and Technology (DSIT) as part of a machinery of government (MoG) change. This role is in scope to transfer to DSIT in February 2026. We are currently consulting with Trade Unions on which policies, terms and conditions will apply on transfer. The statement of changes applied to all other Cabinet Office staff will also apply to you if you are successful.

Design, implement, and optimize threat detection content across a wide range of platforms and data sources. This role combines advanced query language skills, a deep understanding of system and network logging, and experience with rule-based detection engines and CI/CD pipelines (notably those developed in Python).

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is Security Check (SC) but must be willing to undergo Developed Vetting (DV) clearance whilst in post where necessary.

Key Responsibilities

• Develop and optimize detection rules using query languages such as:
  o KQL (Microsoft Sentinel / Defender XDR)
  o SPL (Splunk)
  o AQL (QRadar)
  o EQL/Lucene (Elastic Security)
  o SQL (across traditional and security data platforms
• Create and manage detection rules using cross-platform languages such as Sigma and YARA
• Build, test, and deploy detection rules using CI/CD tools and principles (e.g., GitHub Actions, GitLab CI, Azure DevOps)
• Tune and validate alerting logic to reduce false positives and optimize signal-to-noise ratio
• Contribute to detection-as-code practices with structured rule repositories (e.g., Sigma, Panther, custom JSON/YAML formats)
• Support threat hunting and incident triage using advanced log queries and packet inspection
• Collaborate with offensive security and threat intelligence teams to translate TTPs into behavioural detections, aligned with industry frameworks such as MITRE ATT&CK

Aelod balch o'r cynllun cyflogwyr Hyderus o ran Anabledd

Gwybodaeth am Hyderus o ran Anabledd

Yn gyffredinol, bydd cyflogwr Hyderus o ran Anabledd yn cynnig cyfweliad i unrhyw ymgeisydd sy'n datgan eu bod yn anabl ac yn bodloni'r meini prawf lleiaf ar gyfer y swydd fel y diffinnir gan y cyflogwr. Mae'n bwysig nodi, mewn rhai sefyllfaoedd recriwtio fel nifer fawr o ymgeiswyr, cyfnod tymhorol ac amseroedd prysur iawn, efallai y bydd y cyflogwr am gyfyngu ar y niferoedd cyffredinol o gyfweliadau a gynigir i bobl anabl a phobl nad ydynt yn anabl. Am fwy o fanylion ewch i Hyderus o ran Anabledd.