Overslaan naar content

Senior Security Engineering Consultant

  • Hybrid
    • Basingstoke, Hampshire, United Kingdom
  • SOC

Job description

Nomios’ mission is to build a secure and connected future. Organisations across the globe depend on us to help secure and connect their digital infrastructures.

As part of our continued UK growth, we are expanding our Professional Services capability and seeking a Security Engineering Consultant to deliver specialist security engineering and operations consultancy across our customer base.

This is a hands-on technical role within the Security Operations domain, focused on helping customers improve and automate their SOC functions, tooling, and detection capabilities. You will work across a range of technologies and engagements, from SOAR and SIEM implementation through to vulnerability management, exposure management, and process automation.

Your role as Senior Security Engineering Consultant

The Security Engineering Consultant role sits within the Security Operations Team, working directly with the Nomios SOC Engineering team.

This is a senior, customer-facing Professional Services role within our Security Engineering function, focused on detection engineering and automation. You will lead the design and delivery of detection and response capabilities across SIEM, XDR and SOAR platforms. This includes building detection rules, developing automations, and creating operational playbooks that support effective SOC outcomes.

A key aspect of the role is ownership of the detection as code approach, ensuring detections and automations are developed, structured and delivered in a consistent and scalable way. Working directly with customers, you will define detection strategies, design use cases aligned to MITRE ATT&CK, and guide improvements in visibility, coverage and response maturity. You will work closely with platform onboarding and engineering teams, supplementing them with specialist expertise in detection engineering and automation, rather than focusing on platform deployment itself. 

The role combines hands-on engineering with advisory responsibilities, with a clear focus on delivering high-quality outcomes and enabling customers to operate and evolve their detection capabilities.

Responsibilities

Key responsibilities of the role include:

Deliver

  • Design and deliver detection rulesets across SIEM and XDR platforms

  • Develop and tune detection logic using KQL or equivalent query languages

  • Design detection use cases aligned to MITRE ATT&CK and real-world attack techniques

  • Map customer log sources to detection use cases to assess coverage and identify gaps

  • Design and implement SOAR automations, integrations and response workflows

  • Develop and document customer incident response playbooks aligned to detection outputs

  • Translate threat intelligence and operational learnings into improved detections and automations

  • Deliver detection as code pipelines, including structured use case development and versioning approaches

  • Produce clear technical and customer-facing deliverables, including detection strategies, use case catalogues and coverage assessments

Collaborate

  • Work directly with customers as a trusted technical consultant

  • Lead workshops covering detection engineering, use case design and SOC maturity

  • Guide customers on improving detection coverage and aligning to MITRE ATT&CK

  • Clearly explain detection strategies, gaps and recommendations to both technical and non-technical stakeholders

  • Work closely with platform onboarding and engineering teams to ensure smooth integration of delivered detections and automations

  • Support SOC teams by ensuring delivered outputs are practical, usable and aligned to operational workflows

Improve

  • Contribute to the continuous evolution of detection use cases, playbooks and automation patterns

  • Support development of reusable detection content and delivery standards

  • Contribute to lab work, testing and validation of detection approaches

  • Identify gaps in telemetry, logging and enrichment, and provide recommendations to strengthen detection outcomes

Job requirements

Job Requirements
 

At Nomios, we’re looking for #smartpeople who bring #highenergy, curiosity and a strong desire to learn. If you're someone who enjoys working collaboratively, communicates clearly and thrives in a fast-paced environment, this could be the perfect opportunity for you.

Required Skills and Experience

  • Strong hands-on experience with SIEM engineering, including developing and tuning detection rules, with Microsoft Sentinel preferred 

  • Experience writing detection logic using KQL or similar query languages 

  • Proven experience designing and implementing SOAR automations and playbooks such as Logic Apps, Cortex XSOAR or similar 

  • Scripting and automation capability using Python, PowerShell or similar, including working with APIs 

  • Experience designing detection use cases aligned to MITRE ATT&CK 

  • Strong understanding of detection coverage and how log sources map to the attack lifecycle

  • Experience with XDR or EDR platforms such as Microsoft Defender, CrowdStrike or Cortex 

  • Understanding of cloud environments, particularly Azure, and associated security telemetry 

  • Experience working in customer-facing or consultancy roles 

  • Strong communication skills, with the ability to explain technical concepts clearly

Technical Competencies

  • SIEM and XDR platforms, including Microsoft Sentinel, Microsoft Defender, Palo Alto XSIAM or XDR, CrowdStrike and SentinelOne 

  • SOAR development, including automation and playbook design using platforms such as Palo Alto XSOAR or similar 

  • Scripting and integration using Python, PowerShell or similar, including API-driven automation 

  • Detection engineering aligned to MITRE ATT&CK, including use case design, ruleset development and coverage assessment 

  • Log source mapping and normalisation to support detection use cases 

  • Network Detection and Response technologies such as Vectra AI, Corelight or similar 

  • Cloud security and telemetry, particularly within Azure environments 

  • Threat intelligence integration and enrichment to support detection and response 

  • Development of customer playbooks and response workflows aligned to SOC operations 

  • General awareness of emerging technologies, including AI-driven security tooling and their application within detection and response

Job Specifics

  • Location: This is a hybrid role, while the role is primarily remote, typically 70% to 80% percent of the time, there will be a requirement to travel to customer sites and attend the Basingstoke office as required to support delivery, workshops and engagements.

    (free hot & cold drinks, breakfast items, snacks, lunches, and regular takeaway Fridays are provided to all staff in the office!).

  • Hours are full-time: Monday - Friday, 9:00am - 5:30pm. There is no on-call requirement for this position.

Why would you choose to come and work with us?

You will be part of a collaborative engineering environment, working across a wide range of customer environments and technologies. The role offers exposure to real-world threats, modern detection approaches, and the opportunity to shape how Security Operations capabilities are designed and delivered.

Nomios offers a competitive salary, performance-based bonuses, and industry-leading benefits, along with the opportunity to make a genuine impact on how we and our customers build and run Security Operations.

Nomios is an equal opportunity employer and is committed to creating and sustaining an environment in which everyone is provided with an equal opportunity to grow and develop, and no individual will be unjustly discriminated against. This includes, but is not limited to, discrimination because of age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion and belief, sex and sexual orientation.

or

Apply with Linkedin unavailable
Apply with Indeed unavailable