The Role
Lead a global team to design, build, and improve high-fidelity detection logic across MXDR technologies (EDR, NDR, SIEM). Set strategy, manage senior and regional detection engineers, collaborate with threat intel, DFIR, red teams, and product leadership, and apply data science to improve detection coverage and SOC efficiency.
Summary Generated by Built In
The purpose of this role is to lead a global team that builds, maintains and continuously improves detection logic across a variety of MXDR technologies, according to a clear strategy that is regularly updated to meet market and client demands. The global team will be made up of regionally located colleagues (UK, NL, AU & PH), that all contribute to a global set of detection logic, custom detections for clients and structural improvement projects around these themes.
The head of global detection engineering will be responsible for ensuring a market leading detection coverage on the technologies we deploy as part of our MXDR services. They ensure that we detect high risk cyber attack techniques, that result in high fidelity detections at our clients, with low false positive ratios.
A key part of the role is engaging and collaborating with other leaders in the GMS and NCC business, to ensure that we achieve the following key ambitions:
- Develop new detection logic to contribute to Detection Engineering content repository.
- Continuously improve existing detection logic.
- Write and maintain detection tests cases.
- Review findings of TI, CERT, and Red Team activities and evaluate from a detection engineering improvement perspective.
Key Responsibilities
• Lead a global implementation team that builds, maintains and continuously improves detection logic across a variety of MXDR technologies
• Be part of the GMS DevSecOps leadership team and actively contribute to setting vision, direction and feature set of our technology platforms
• Ensure that our detection logic is a differentiator in the market, providing extensive and high quality coverage for advanced cyber attacks
• Manage senior detection engineers who each manage a number of detection engineers on a specific technology set (EDR, NDR, SIEM)
• Work pro-actively with wider NCC teams to ensure all relevant inputs are available (TI, DFIR, RTO etc) to build top-notch detection logic and to ensure other teams (like solution architecture and implementations) have the required information to deploy high quality MXDR systems with the best possible coverage
• Ensure that we can always provide transparency to clients about the detection coverage they receive
• Ensure that we develop new ways of applying data science to our vast data sets in order to further improve detection of cyber attacks, correlation of alerts and other efficiencies and improvements that provide improved coverage to clients and improved efficiency to our SOC.
Skills, Knowledge & Expertise
- Experience in detection engineering on a range of technologies (SIEM and EDR, ideally NDR as well)
- Experience in working in a global firm in a multi-cultural context
- Experience in working in a complex international environment, that’s subjected to a significant amount of change
- Excellent oral and written communication skills
- Ability to work with clients and NCC colleagues to continuously improve the service we deliver
- Experience with and knowledge of application of data science within a cyber security context
- Inspiring leader, with ability to communicate effectively at all levels, creating an approachable and supportive environment for colleagues
Desirable skills:
- Have hands-on experience with a variety of technologies we use: Sentinel, Defender for End-point, Carbon Black, Splunk, etc
- Experience with purple teaming and other adjacent cyber security practices/topics that strengthen detection engineering
- Forensics and/or incident response experience
Job Benefits
What do we offer in return?
We have a high-performance culture which is balanced evenly with world-class well-being initiatives and benefits:
- Flexible Working: Balance your work and personal life with our flexible working options.
- Enhanced Holiday Allowance: Enjoy 25 days of holiday, plus bank holidays, with the option to buy up to 5 additional days of annual leave.
- Medicash & Critical Illness Scheme
- Financial & Investment Benefits: Enjoy peace of mind with our Pension, Life Assurance, and Share Save Scheme.
- Community & Volunteering Programmes: Make a difference in your community with our volunteering opportunities.
- Green Car Scheme: Drive green and save money with our eco-friendly car scheme.
- Cycle Scheme: Stay fit and healthy with our cycle-to-work scheme.
- Special Time Off: Take time off for those big moments in life, like getting married/entering into a civil partnership, becoming a grandparent, and welcoming home a new pet.
- Family Planning: Benefit from our generous maternity and paternity leave, as well as time off and support for those undergoing fertility treatments.
About
We assess, develop and manage cyber threats across our increasingly connected society. We advise global technology, manufacturers, financial institutions, critical national infrastructure providers, retailers and governments on the best way to keep businesses, software and personal data safe.With our knowledge, experience and global footprint, we are best placed to help businesses identify, assess, mitigate & respond to the risks they face.We are passionate about making the Internet safer and revolutionising the way in which organisations think about cyber security.Headquartered in Manchester, UK, with over 35 offices across the world, NCC Group employs more than 2,000 people and is a trusted advisor to 15,000 clients worldwide.
Skills Required
- Experience in detection engineering across SIEM and EDR (ideally NDR)
- Proven leadership managing senior detection engineers and distributed global teams
- Experience working in a global, multi-cultural, complex international environment
- Excellent oral and written communication skills
- Ability to collaborate with clients and NCC colleagues to continuously improve service delivery
- Experience applying data science within a cybersecurity/detection engineering context
- Ability to write and maintain detection test cases and review TI/CERT/Red Team findings for detection improvements
- Inspiring leader, able to communicate effectively at all levels and provide supportive environment
- Hands-on experience with Sentinel, Defender for Endpoint, Carbon Black, Splunk
- Experience with purple teaming and adjacent practices strengthening detection engineering
- Forensics and/or incident response experience
Am I A Good Fit?
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.
Success! Refresh the page to see how your skills align with this role.
The Company
What We Do
NCC Group is a global cyber security and resilience company that helps organizations manage risk, strengthen resilience, and build trust. They provide services in cyber security consulting, managed services, technical assurance, and software escrow.
.png)
