Detection Consultant
Fox-IT
Posted on May 30, 2026
Our Global Detection Engineering Team provides detection capabilities for various security products used in our 24/7 managed monitoring service with customers all over the world. This role will be to join our detection engineering team, where you will focus on providing a tailored experience of custom detections to all our customers.
All customers have the benefit of access to NCC’s wide library of detections but there are many cases for exceptions and requirements for custom detections. This role sits at the pivotal point between our customers and the detection engineers. Together with (representatives of our) customers you will focus on assessing the gap and need for custom detections (on top of the deployment of detections from NCC’s detection library) to provide the appropriate level of detection each customer desires.
We're looking for a wide range of backgrounds for potential candidates; the exact responsibilities of any candidate can be tailored given their experience and skillset. Any candidate that only partially matches the skillset is encouraged to apply.
- Department
- Cyber Services and Capabilities
- Employment Type
- Fixed Term Contract
- Location
- NLD Rijswijk
- Workplace type
- Hybrid
Key Responsibilities
- Schedule and host threat workshops utilizing industry-approved methodologies such as DREAD or STRIDE
- Correlate log events in SIEM solutions with activities which have taken place in the (business) application or technology
- Query data ingested into customer SIEM environments to assess the practical feasibility of newly proposed detections.
- Prepare pseudo-logic and work packages for detection engineers who write detections-as-code within the NCC detection repository.
- Derive new generic detection opportunities from Threat Intelligence reports to further expand NCC’s detection library.
- Identify potential abuse patterns in customer applications.
- Query large datasets of data in SIEMs (Sentinel & Splunk).
- Explain (potential) attack paths to customers.
- Write pseudo-logic for the development of new detections.
- Track the status of detections under development and share status updates with the customer.
- Obtain feedback from customers on exceptions and allowed behavior during the testing phase of the development of new analytics.
- Ensure work is up-to-date and tracked in (internal) ticketing system(s).
Skills, Knowledge & Expertise
- Experience in detection engineering on a range of technologies (SIEM and EDR) OR experience in SOC or Managed Detection Services OR experience in Analytically-minded IT Systems administration/Network Administration and looking for a change in career/focus on Security
- Excellent oral and written communication skills.
- Ability to work with client engagement teams and NCC colleagues to continuously improve the service we deliver.
- Good understanding of IT Systems and platforms from a security context.
Desired Requirements:
- A security mindset and demonstrable experience or knowledge of contemporary attack tactics and techniques.
- Forensics or Incident Response competency would be considered valuable.
- Strong knowledge of the latest threats in security.
- The skills to translate technical attacks to effects in the business (and vice versa).
- Experience in simulating attacks is considered an advantageous skill to enhance other skills.
- Experience with SIEM tools, preferably Splunk and Microsoft Sentinel.
And has knowledge of one or more of the below:
- Azure or other cloud technologies,
- Windows Active Directory,
- Windows Operating System fundamentals,
- Networking fundamentals.
- System management technologies
- Identity and access management procedures and technologies
Job Benefits
- A good salary that matches the things you have already done and will do;
- Flexible working hours and flexibility in working from home or at the office, allowing you to optimally combine your private life with your work;
- A favorable pension scheme, 26 vacation days (+4 mandatory days off), and 8% holiday pay with a full-time contract;
- Plenty of development opportunities: you can gain and share knowledge through training, TechTalks, events, and our own Fox Academy;
- A laptop and business phone. If you use your own phone, you will receive a reimbursement of up to €25 per month;
- A remote work allowance (for hybrid working);
- A performance bonus and profit sharing because we value your effort;
- When we work in the office, we gather every day for a delicious lunch.
About NCC Group
We assess, develop and manage cyber threats across our increasingly connected society. We advise global technology, manufacturers, financial institutions, critical national infrastructure providers, retailers and governments on the best way to keep businesses, software and personal data safe.
With our knowledge, experience and global footprint, we are best placed to help businesses identify, assess, mitigate & respond to the risks they face.
We are passionate about making the Internet safer and revolutionising the way in which organisations think about cyber security.
Headquartered in Manchester, UK, with over 35 offices across the world, NCC Group employs more than 2,000 people and is a trusted advisor to 15,000 clients worldwide.
With our knowledge, experience and global footprint, we are best placed to help businesses identify, assess, mitigate & respond to the risks they face.
We are passionate about making the Internet safer and revolutionising the way in which organisations think about cyber security.
Headquartered in Manchester, UK, with over 35 offices across the world, NCC Group employs more than 2,000 people and is a trusted advisor to 15,000 clients worldwide.
We review every application received and will get in touch if your skills and experience match what we’re looking for. If you don’t hear back from us within 10 days, please don’t be too disappointed – we may keep your CV on our database for any future vacancies and we would encourage you to keep an eye on our career opportunities as there may be other suitable roles.
If you do not want us to retain your details, you can utilise the Manage Your Data tool provided by Pinpoint or contact us directly at: global.ta@nccgroup.com. All personal data is held in accordance with the NCC Group Privacy Notice.
We are committed to diversity and flexibility in the workplace. If you require any reasonable adjustments to support you during the application process, please tell us at any stage.
Please note that this role involves mandatory pre-employment background checks due to the nature of the work NCC Group does. To apply, you must be willing and able to undergo the vetting process.
If you do not want us to retain your details, you can utilise the Manage Your Data tool provided by Pinpoint or contact us directly at: global.ta@nccgroup.com. All personal data is held in accordance with the NCC Group Privacy Notice.
We are committed to diversity and flexibility in the workplace. If you require any reasonable adjustments to support you during the application process, please tell us at any stage.
Please note that this role involves mandatory pre-employment background checks due to the nature of the work NCC Group does. To apply, you must be willing and able to undergo the vetting process.
Not quite right? Register your interest to be notified of any roles that come along that meet your criteria.
