Threat Content Developer

About Us 

Integrity360 is the largest independent cyber security provider in Europe, with a growing international presence spanning the UK, Ireland, mainland Europe, Africa and the Caribbean. With over 700 employees, across 12 locations, and six Security Operations Centres (SOCs)—including locations in Dublin, Sofia, Stockholm, Madrid, Naples and Cape Town—we support more than 2,500 clients across a wide range of industries. 

Over 80% of our team are technical experts, focused on helping clients proactively identify, protect, detect and respond to threats in an ever-evolving cyber landscape. Our security-first approach positions cyber resilience as a business enabler, empowering organisations to operate with confidence.

At Integrity360, people come first. We invest heavily in learning, development and progression, fostering a dynamic culture where innovation, collaboration and continuous growth are at the heart of what we do. If you're ready to take your cyber security career to the next level, we’d love to hear from you.

Job Role

The role of Threat Content Developer provides the successful candidate with an opportunity to develop & enhance Integrity360’s threat detection capabilities across Managed Detection & Response (MDR) service lines.

Tracking adversary activity across a range of industries, the successful applicant will help to ensure Integrity360-managed products are positioned to detect the latest tactics, techniques, and procedures employed by attackers.

Working alongside teams including Incident Response, Cyber Threat Intelligence, and Integrity360’s Cyber Security Operations Centre (CSOC), the successful applicant will translate intelligence concerning adversary activity into detection capabilities which guide actionable investigations of real time threats.

You will bring your knowledge & expertise of security operations, threat detection and security platforms, and threat intelligence review to technically assess and prioritize evolving threats. Considering Integrity360’s existing use case catalogue, you will help to identify and close gaps in coverage, continually improving detective capabilities with proactive and reactive additions to Integrity360’s overall threat content roadmap.

If security is something that is not just your career but your passion – you spend endless hours researching and reading about what is happening in the world and where/how the latest hacks or vulnerabilities exploits are happening….we want to hear from you!

Key Areas / Responsibilities

• Continual assessment of the Integrity360 detection portfolio, considering strengths and weaknesses and translating them into roadmap items and priorities.
• Ongoing analysis of various threat intelligence forms, tracking adversary activity in the context of adversary groups, campaigns, and software.
• Tracking emerging threats, such as 0-day exploits published for popular software used across the Integrity360 customer base.
• Continuous deployment of detection analytics (predominantly to SIEM), designed to detect any threats or risks identified during threat intelligence reviews.
• Engage with colleagues, from teams such as Incident Response, to identify indicators which may precede successful attacks, operationalizing those indicators into new detections.
• Contribute to the development of new tools used within the Threat Content Development team, typically leveraging automation to minimize delivery times and maximize intelligence integrations.
• Author technical documentation, with high-level explanations and low-level details of new detections and/or systems.
  

Qualifications / Qualities:

Basic:

• 3+ years hands-on technical experience within an IT security related position, such as Detection Engineer, DevSecOps Engineer, Network Security Engineer, Cyber Security Engineer, Information Security Engineer, etc.
• Demonstrable experience implementing threat detection capabilities in security tooling such as SIEM, EDR, XDR, or SOAR.
• Deep understanding of security frameworks such as Mitre ATT&CK, OWASP, NIST, and/or CIS.
• Strong, low-level understanding of networking principles, operating systems, and software design practices.
• Familiar with commonly adopted cloud technologies across different vendors (e.g. Azure, AWS, GCP).
• Genuinely passionate about security, with a curious and analytical approach to problem solving.

Preferred:

• A working knowledge of incident response and investigation best practices, capable of identifying avenues of investigation for new detections.
• Capable of working with one or more programming/ scripting language, e.g. Python, PowerShell, Bash, etc.
• Experience working with one or more popular CI/CD tool, such as Azure DevOps or GitLab Runner, familiar with tools such as git.