Lead Detection Engineer - UEBA, Chronicle

LeadDetectionEngineer-Soar&UEBA

Outside IR35
Location: Hybrid - Remote with travel to York or London (2 days every 2 weeks)
Contract Length: 6 months
Start Date: ASAP

Overview

About the Role: Join the new Cyber Fusion Centre as a Detection Engineer focused on enabling and enhancing UEBA capabilities within Google Chronicle. This is a hands-on, delivery-focused role where you'll lead the implementation of high-fidelity behavioural detections, support incident response, and uplift internal cyber operations.

Responsibilities

• Implement and tune UEBA rules in Chronicle SIEM based on threat models and detection frameworks.
• Validate detections for scenarios like impossible travel, privilege escalation, lateral movement, and VIP monitoring.
• Collaborate with internal teams and MSSP to enrich log sources and reduce alert noise.
• Support incident triage and response, particularly for UEBA-triggered alerts.
• Deliver engineering enhancements (e.g., parsing, enrichment, integration) to improve detection fidelity.
• Conduct knowledge transfer sessions and uplift internal SOC capabilities.

Deliverables Include

• UEBA use case inventory and rule map
• 10+ validated UEBA rules
• Baseline behaviour models for high-risk user/entity categories
• Knowledge base documentation and final recommendations

Required Skills & Experience

• Strong hands-on experience with Chronicle SIEM and UEBA tooling
• Deep understanding of Windows Event Logs and identity telemetry
• Incident response experience and detection engineering expertise
• Scripting and tuning skills (e.g., YARA-L, UDM)
• Ability to mentor and collaborate with junior analysts
• Bonus: Experience with Google Cloud Platform or SOAR playbooks

Please note this requirement does not support overseas working and will be Outside IR35.