ABOUT US
We’re the world’s leading provider of secure financial messaging services, headquartered in Belgium. We are the way the world moves value – across borders, through cities and overseas. No other organisation can address the scale, precision, pace and trust that this demands, and we’re proud to support the global economy.
We’re unique too. We were established to find a better way for the global financial community to move value – a reliable, safe and secure approach that the community can trust, completely. We’re always striving to be better and are constantly evolving in an ever-changing landscape, without undermining that trust. Five decades on, our vibrant community reflects the complexity and diversity of the financial ecosystem. We innovate diligently, test exhaustively, then implement fast. In a connected and exciting era, our mission has never been more relevant. Swift now has a presence in 200+ countries and legal territories to serve a community of more than 12,000 banks and financial institutions.
For nearly five decades, Swift has been a trusted partner to the global financial ecosystem, enabling secure and seamless financial flows across the world. As the cyber threat landscape continues to evolve, protecting the systems that underpin global finance has never been more critical.
Our Cyber Threat Management team is looking for an experienced and highly technical Senior Detection Engineer to help strengthen and advance our threat detection capabilities. This is an opportunity to work at the forefront of cybersecurity, developing high-fidelity detections that identify sophisticated adversary activity across enterprise, cloud and hybrid environments.
This role is ideal for someone who is passionate about detection engineering, threat hunting and adversary-focused defence. You will play a key role in transforming threat intelligence and attacker behaviours into actionable detection content that helps protect one of the world's most critical financial infrastructures.
In this role, you will:
Design, develop and continuously improve detection logic across SIEM, EDR/XDR and cloud security platforms.
Translate threat intelligence, threat hunting findings and emerging adversary techniques into effective, measurable detections.
Develop and maintain detection content aligned to frameworks such as MITRE ATT&CK.
Measure and improve detection coverage, effectiveness and fidelity across the organisation.
Partner closely with Threat Intelligence, Incident Response and Security Operations teams to identify and close detection gaps.
Validate detections through purple team exercises, adversary emulation and attack simulations.
Optimise existing detections to reduce false positives and improve analyst experience.
Contribute to the development of detection engineering standards, tooling and best practices.
Support the integration and enhancement of SIEM, EDR/XDR and cloud-native security technologies.
Mentor junior engineers and help raise the technical capability of the wider Cyber Threat Management team.
Stay current with emerging threats, attacker tradecraft and detection engineering techniques.
Within your first year, you will:
Expand detection coverage across key attack techniques and adversary behaviours.
Improve detection fidelity while reducing operational noise.
Develop new detections that address emerging threats relevant to Swift's environment.
Help mature our detection engineering lifecycle, testing practices and content management processes.
Become a trusted technical advisor on threat detection and detection engineering across the organisation.
You may currently be working as a:
Detection Engineer
Threat Hunter
Detection Content Engineer
Purple Team Engineer
Senior Security Detection Engineer
Senior SOC Engineer with significant detection development responsibilities
Security Engineer focused on detection content and adversary detection
If the majority of your time is spent building, validating and improving detections rather than monitoring alerts, this role is likely a strong fit.
We are looking for professionals with:
5+ years of cybersecurity experience, including significant hands-on experience in threat detection engineering, threat hunting or closely related disciplines.
Experience designing, implementing and maintaining detection content within SIEM platforms such as Splunk, Microsoft Sentinel, Elastic, Chronicle or similar technologies.
Strong understanding of attacker tactics, techniques and procedures (TTPs) and the MITRE ATT&CK framework.
Experience developing detections using endpoint, network, identity, cloud and application telemetry.
Hands-on experience with EDR/XDR platforms and endpoint detection methodologies.
Experience translating threat intelligence and threat hunting outcomes into operational detection content.
Knowledge of detection-as-code principles, content lifecycle management and automated testing approaches.
Familiarity with cloud security monitoring and detection use cases across modern cloud environments.
Strong analytical, investigative and problem-solving skills.
Excellent communication and stakeholder management skills.
Experience mentoring and developing junior engineers.
Experience with adversary emulation, purple teaming or red team collaboration.
Experience using automation to improve detection engineering workflows.
Familiarity with UEBA and behavioural detection approaches.
Relevant certifications such as GIAC, SANS, GCDA, GCTI, GMON, MAD20 or similar.
As part of the interview process, candidates will participate in a practical detection engineering exercise focused on analysing attacker behaviour, identifying relevant telemetry and developing effective detection logic. The assessment is designed to reflect the day-to-day responsibilities of the role and provides an opportunity to demonstrate hands-on technical expertise.
What we offer
We give you the freedom to be yourself. We are creating an environment of unique individuals – like you – with different perspectives on the financial industry and the world. A diverse and inclusive environment in which everyone’s voice counts and where you can reach your full potential.
We are committed to an inclusive and accessible recruitment process. If you require a reasonable accommodation related to accessibility during your application or interview, please contact [email protected] or indicate this in your application.
Please note that this mailbox is not monitored for general recruitment enquiries and should only be used for accessibility or accommodation-related requests (for example related to vision, hearing or neurodiversity).
All requests are confidential and will not affect your candidacy.
Don’t meet every single requirement? At Swift, we are dedicated to building a workplace where people can bring their full selves and ideas to the team, so if you are excited about this role, we encourage you to apply even if you do not meet every single qualification.
