Director, Cyber Security Detection Engineering

About The Position

Requirements

• Bachelor's degree in information security, computer science, or related field (or equivalent experience).
• Over 5 years managing detection engineering or security operations in enterprise-sized organisations, commanding capabilities across hybrid cloud, on-premises, and OT environments.
• Experience integrating and working alongside global, 24x7, geographically dispersed teams to deliver detection capabilities and support security operations missions.
• Well-developed skills to explain complex technical concepts in clear business terms; produce concise written material (executive updates, coverage reports); and lead briefings to diverse stakeholders.
• Ability to analyse complex threat landscapes, assess detection gaps, and balance strategic capability development with tactical operational requirements, risk appetite, and resource constraints.
• Demonstrated ability to collaborate across regions and functions (GSOC, IT, Legal, GRC, business units) with a strong service approach and commitment to enabling organisational resilience.
• Detection engineering lifecycle: Proven leadership across detection development, testing, deployment, and tuning at enterprise scale; deep understanding of detection logic design, coverage mapping, and efficacy validation.
• Threat detection frameworks: Extensive knowledge of MITRE ATT&CK, Cyber Kill Chain, and detection engineering methodologies; experience mapping organisational coverage and prioritising development based on threat intelligence.
• Purple team operations: Experienced in designing and accomplishing adversary emulation exercises; skilled in translating purple team findings into actionable detection improvements and coverage enhancements.
• Automation and AI: Experience operationalizing modern detection platforms (SIEM, XDR, SOAR) including integration of artificial intelligence, machine learning models, and agentic features to enable detection at scale.
• Data engineering and platforms: Proficient with data pipeline architecture, log aggregation, normalisation, and query optimisation; solid grasp of data quality requirements for effective detection.
• Cloud, identity, and endpoint detection: Deep understanding of detection approaches across multi-cloud environments, identity systems, endpoints, and network infrastructure; familiar with cloud-native security services and integration patterns.
• Manufacturing Operational Technology/Industrial Control Systems: Coordinating detection engineering in industrial/OT environments with safety, availability, and production continuity considerations; knowledge of industrial protocols and OT-specific threats.

Nice To Haves

• Security certifications preferred (e.g., CISSP, CISM, GIAC such as GCIA/GCDA/GMON; cloud certifications; ITIL).

Responsibilities

• Direct the development and execution of comprehensive detection engineering programmes aligned to interpersonal risk appetite and threat landscape; establish capability roadmaps spanning data engineering, detection development, purple teaming, and automation/AI.
• Ensure robust data pipelines support detection activities through telemetry collection, normalization, and quality assurance across hybrid and OT environments; define data retention, schema standards, and platform configuration to enable effective threat detection.
• Oversee creation, testing, and deployment of detection logic across SIEM, EDR, and cloud-native tooling; enforce detection standards, naming conventions, and MITRE ATT&CK mapping; prioritise coverage based on threat intelligence and risk assessments.
• Oversee purple team operations to validate detection efficacy systematically; orchestrate adversary emulation exercises across technology domains; drive remediation of detection gaps identified through testing and operational feedback.
• Operationalise AI agents, machine learning models, and orchestration workflows to enhance detection accuracy, reduce false positives, and augment GSOC analyst capabilities; oversee development of automated enrichment, triage, and investigation playbooks.
• Own detection engineering targets (e.g., MITRE ATT&CK coverage, mean time to detect, false positive rates, purple team success metrics) and deliver executive-ready briefings, dashboards, and quarterly maturity assessments.
• Develop and enforce detection engineering policies, standards, and quality frameworks; maintain detection content libraries with version control and organizational change field; ensure regulatory compliance in data handling.
• Develop and maintain detection engineering area plans aligned to Cyber Operations strategy; set direction and goals with autonomy across data engineering, detection development, purple teaming, and automation functions.
• Define and review reporting and team targets; align objectives to detection outcomes, coverage improvements, and operational efficiency.
• Lead inclusive recruitment; build career paths and targeted upskilling in detection development, threat hunting, cloud security, OT/ICS detection, and SOAR/AI through multi-functional, regional, and external partnerships.

Benefits

• Short-term incentive bonus opportunity
• Equity-based long-term incentive program
• Retirement contribution
• Commission payment eligibility
• Qualified retirement program [401(k) plan]
• Paid vacation and holidays
• Paid leaves
• Health benefits including medical, prescription drug, dental, and vision coverage