
Senior Security Engineering Consultant
- Hybrid
- Basingstoke, Hampshire, United Kingdom
- SOC
Job description
Nomios’ mission is to build a secure and connected future. Organisations across the globe depend on us to help secure and connect their digital infrastructures.
As part of our continued UK growth, we are expanding our Professional Services capability and seeking a Security Engineering Consultant to deliver specialist security engineering and operations consultancy across our customer base.
This is a hands-on technical role within the Security Operations domain, focused on helping customers improve and automate their SOC functions, tooling, and detection capabilities. You will work across a range of technologies and engagements, from SOAR and SIEM implementation through to vulnerability management, exposure management, and process automation.
Your role as Senior Security Engineering Consultant
The Security Engineering Consultant role sits within the Security Operations Team, working directly with the Nomios SOC Engineering team.
This is a senior, customer-facing Professional Services role within our Security Engineering function, focused on detection engineering and automation. You will lead the design and delivery of detection and response capabilities across SIEM, XDR and SOAR platforms. This includes building detection rules, developing automations, and creating operational playbooks that support effective SOC outcomes.
A key aspect of the role is ownership of the detection as code approach, ensuring detections and automations are developed, structured and delivered in a consistent and scalable way. Working directly with customers, you will define detection strategies, design use cases aligned to MITRE ATT&CK, and guide improvements in visibility, coverage and response maturity. You will work closely with platform onboarding and engineering teams, supplementing them with specialist expertise in detection engineering and automation, rather than focusing on platform deployment itself.
The role combines hands-on engineering with advisory responsibilities, with a clear focus on delivering high-quality outcomes and enabling customers to operate and evolve their detection capabilities.
Responsibilities
Key responsibilities of the role include:
Deliver
Design and deliver detection rulesets across SIEM and XDR platforms
Develop and tune detection logic using KQL or equivalent query languages
Design detection use cases aligned to MITRE ATT&CK and real-world attack techniques
Map customer log sources to detection use cases to assess coverage and identify gaps
Design and implement SOAR automations, integrations and response workflows
Develop and document customer incident response playbooks aligned to detection outputs
Translate threat intelligence and operational learnings into improved detections and automations
Deliver detection as code pipelines, including structured use case development and versioning approaches
Produce clear technical and customer-facing deliverables, including detection strategies, use case catalogues and coverage assessments
Collaborate
Work directly with customers as a trusted technical consultant
Lead workshops covering detection engineering, use case design and SOC maturity
Guide customers on improving detection coverage and aligning to MITRE ATT&CK
Clearly explain detection strategies, gaps and recommendations to both technical and non-technical stakeholders
Work closely with platform onboarding and engineering teams to ensure smooth integration of delivered detections and automations
Support SOC teams by ensuring delivered outputs are practical, usable and aligned to operational workflows
Improve
Contribute to the continuous evolution of detection use cases, playbooks and automation patterns
Support development of reusable detection content and delivery standards
Contribute to lab work, testing and validation of detection approaches
Identify gaps in telemetry, logging and enrichment, and provide recommendations to strengthen detection outcomes
Job requirements
Job Requirements
At Nomios, we’re looking for #smartpeople who bring #highenergy, curiosity and a strong desire to learn. If you're someone who enjoys working collaboratively, communicates clearly and thrives in a fast-paced environment, this could be the perfect opportunity for you.
Required Skills and Experience
Strong hands-on experience with SIEM engineering, including developing and tuning detection rules, with Microsoft Sentinel preferred
Experience writing detection logic using KQL or similar query languages
Proven experience designing and implementing SOAR automations and playbooks such as Logic Apps, Cortex XSOAR or similar
Scripting and automation capability using Python, PowerShell or similar, including working with APIs
Experience designing detection use cases aligned to MITRE ATT&CK
Strong understanding of detection coverage and how log sources map to the attack lifecycle
Experience with XDR or EDR platforms such as Microsoft Defender, CrowdStrike or Cortex
Understanding of cloud environments, particularly Azure, and associated security telemetry
Experience working in customer-facing or consultancy roles
Strong communication skills, with the ability to explain technical concepts clearly
Technical Competencies
SIEM and XDR platforms, including Microsoft Sentinel, Microsoft Defender, Palo Alto XSIAM or XDR, CrowdStrike and SentinelOne
SOAR development, including automation and playbook design using platforms such as Palo Alto XSOAR or similar
Scripting and integration using Python, PowerShell or similar, including API-driven automation
Detection engineering aligned to MITRE ATT&CK, including use case design, ruleset development and coverage assessment
Log source mapping and normalisation to support detection use cases
Network Detection and Response technologies such as Vectra AI, Corelight or similar
Cloud security and telemetry, particularly within Azure environments
Threat intelligence integration and enrichment to support detection and response
Development of customer playbooks and response workflows aligned to SOC operations
General awareness of emerging technologies, including AI-driven security tooling and their application within detection and response
Job Specifics
Location: This is a hybrid role, while the role is primarily remote, typically 70% to 80% percent of the time, there will be a requirement to travel to customer sites and attend the Basingstoke office as required to support delivery, workshops and engagements.
(free hot & cold drinks, breakfast items, snacks, lunches, and regular takeaway Fridays are provided to all staff in the office!).
Hours are full-time: Monday - Friday, 9:00am - 5:30pm. There is no on-call requirement for this position.
Why would you choose to come and work with us?
You will be part of a collaborative engineering environment, working across a wide range of customer environments and technologies. The role offers exposure to real-world threats, modern detection approaches, and the opportunity to shape how Security Operations capabilities are designed and delivered.
Nomios offers a competitive salary, performance-based bonuses, and industry-leading benefits, along with the opportunity to make a genuine impact on how we and our customers build and run Security Operations.
Nomios is an equal opportunity employer and is committed to creating and sustaining an environment in which everyone is provided with an equal opportunity to grow and develop, and no individual will be unjustly discriminated against. This includes, but is not limited to, discrimination because of age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion and belief, sex and sexual orientation.
or
All done!
Your application has been successfully submitted!
You've already applied for this job
We appreciate your interest in this position. Unfortunately, you have already applied for this job.
