Ion6mo ago

Security Engineer - Detection Engineering & Automation

London,LondonFull-timemid

EngineeringSecuritySecurity EngineerCybersecurity

2 views0 saves0 applied

Apply Now

Quick Summary

Overview

The Role: We are seeking a Security Engineer specialising in Detection Engineering and Security Automation to design, build,

Technical Tools

EngineeringSecuritySecurity EngineerCybersecurity

The Role:

We are seeking a Security Engineer specialising in Detection Engineering and Security Automation to design, build, and operate scalable detection and response capabilities across cloud and enterprise environments.

This role focuses on engineering high-fidelity detections and automating response workflows across platforms such as Rapid7, SentinelOne, and CrowdStrike, using Azure Logic Apps and API-driven integrations to reduce manual effort and improve response speed.

This is a hands-on engineering role for someone who thinks in attacker behaviours, builds resilient automation, and prefers engineering solutions over manual SOC processes.

Detection Engineering

Design, implement, and continuously improve threat detections across endpoint, identity, vulnerability, and cloud telemetry.

Engineer detections using data from Rapid7, SentinelOne, and CrowdStrike, including behavioural, anomaly-based, and contextual detections.

Translate MITRE ATT&CK techniques and real-world threat intelligence into actionable detection logic.

Develop and tune detection logic to reduce false positives while preserving signal quality.

Validate detections through testing, attack simulation, and post-incident review.

Maintain detection coverage mapping across the attack lifecycle.

Security Automation & SOAR

Design and implement security automation workflows using Azure Logic Apps to support alert triage, enrichment, containment, and response.

Automate workflows such as:

Alert enrichment from asset inventories and vulnerability data

Risk-based prioritisation using exploitability and exposure context

Endpoint containment or isolation actions

Case creation, updates, and closure across security platforms

Integrate tools via REST APIs, webhooks, and managed connectors.

Build modular, reusable automation components with robust error handling and observability.

Platform Integration & Engineering

Integrate and correlate telemetry across Rapid7, SentinelOne, CrowdStrike, and supporting security systems.

Work closely with security and cloud teams to onboard new data sources and ensure data quality.

Apply detection-as-code and automation-as-code principles using version control and structured deployment processes.

Build dashboards and metrics to measure detection efficacy, alert quality, and automation impact.

Incident Response & Continuous Improvement

Support incident response by enhancing detections and automations based on real incidents.

Feed learnings from investigations back into detection logic and response workflows.

Maintain documentation, playbooks, and runbooks for detections and automations.

Contribute to purple-team activities and detection gap analysis.

Core Technical Skills

Proven experience in detection engineering, security operations engineering, or security automation roles.

Hands-on experience with Rapid7, SentinelOne, and/or CrowdStrike in detection or response contexts.

Strong experience building automation using Azure Logic Apps.

Proficiency integrating systems using REST APIs, JSON payloads, authentication, and pagination.

Solid understanding of endpoint security, vulnerability management, and attacker tradecraft.

Deep familiarity with MITRE ATT&CK and behaviour-based detection methodologies.

Engineering & Operational Skills

Strong scripting or engineering background (e.g. Python, PowerShell).

Experience working with structured data, event pipelines, and telemetry correlation.

Understanding of alert lifecycle management and incident response workflows.

Ability to design automation that is safe, resilient, and auditable.

Preferred

Experience correlating endpoint, vulnerability, and asset data for risk-based detection.

Familiarity with SOAR design patterns and automation governance.

Exposure to cloud security telemetry and identity-based attack detection.

Experience operating in large-scale or regulated environments.

Knowledge of CI/CD or infrastructure-as-code approaches for security tooling.

Location & Eligibility

Where is the job

London

On-site at the office

Who can apply

Same as job location

Listed under

Worldwide

Listing Details

Posted: October 16, 2025
First seen: March 25, 2026
Last seen: May 4, 2026

Posting Health

Days active: 40
Repost count: 0
Trust Level: 23%
Scored at: May 5, 2026

Signal breakdown

freshnesssource trustcontent trustemployer trust

Apply for this position

Ion

lever

Employees

Founded

2025

Domain

Jobs

External application · ~5 min on Ion's site

Please let Ion know you found this job on Jobera.

4 other jobs at Ion

View all →

Explore open roles at Ion.

Head of Data & AI Practice, New York

Full-time

Lead Product & Engagement Manager

Full-time

Associate Product Manager, London

Full-time

Senior AI Copilot & Agent Platform Engineer, Mexico City

Full-time

Similar Security Engineer jobs

Security Engineer - Offensive Security

Stripe

Security Engineer - Threat Detection

Emburse

Senior security Engineer

Full-Time

Uvcyber

Principal Security Engineer | Zscaler SME

Newsletter

Stay ahead of the market

Get the latest job openings, salary trends, and hiring insights delivered to your inbox every week.

Join 12,000+ marketers

No spam. Unsubscribe at any time.

Security Engineer - Detection Engineering & Automation

Apply Now

Security Engineer - Detection Engineering & Automation

Quick Summary

Location & Eligibility

Listing Details

Posting Health

4 other jobs at Ion

Similar Security Engineer jobs

Browse Similar Jobs

Stay ahead of the market