Lead Detection Engineer - Soar & UEBA
Outside IR35
Location: Hybrid – Remote with travel to York or London(2 days every 2 weeks)
Contract Length: 6 months
Start Date: ASAP
About the Role:
Join the new Cyber Fusion Centre as a Detection Engineer focused on enabling and enhancing UEBA capabilities within Google Chronicle. This is a hands-on, delivery-focused role where you’ll lead the implementation of high-fidelity behavioural detections, support incident response, and uplift internal cyber operations.
Key Responsibilities:
-
Implement and tune UEBA rules in Chronicle SIEM based on threat models and detection frameworks.
-
Validate detections for scenarios like impossible travel, privilege escalation, lateral movement, and VIP monitoring.
-
Collaborate with internal teams and MSSP to enrich log sources and reduce alert noise.
-
Support incident triage and response, particularly for UEBA-triggered alerts.
-
Deliver engineering enhancements (e.g., parsing, enrichment, integration) to improve detection fidelity.
-
Conduct knowledge transfer sessions and uplift internal SOC capabilities.
Deliverables Include:
-
UEBA use case inventory and rule map
-
10+ validated UEBA rules
-
Baseline behaviour models for high-risk user/entity categories
-
Knowledge base documentation and final recommendations
Required Skills & Experience:
-
Strong hands-on experience with Chronicle SIEM and UEBA tooling
-
Deep understanding of Windows Event Logs and identity telemetry
-
Incident response experience and detection engineering expertise
-
Scripting and tuning skills (e.g., YARA-L, UDM)
-
Ability to mentor and collaborate with junior analysts
-
Bonus: Experience with Google Cloud Platform or SOAR playbooks
Please note this requirement does not support overseas working and will be Outside IR35
#LI-DNI