About the Business
Quilter plc is a leading wealth management business, helping to enable brighter financial futures for every generation.
Quilter oversees £126.3 billion in customer investments (as of August 2025). It has an adviser and customer offering spanning financial advice, investment platforms, multi-asset investment solutions, and discretionary fund management. The business is comprised of two segments: Affluent and High Net Worth.
Affluent encompasses the financial planning business, Quilter Financial Planning, the Quilter Investment Platform and Quilter Investors, the multi-asset investment solutions business.
High Net Worth includes the discretionary fund management business, Quilter Cheviot, together with Quilter Cheviot Financial Planning – offering a highly personalised service to private clients, charities, trustees, and professional partners. Quilter Cheviot has presence throughout the UK, Ireland and Channel Islands.
At Quilter we never stand still. Our foundations are rooted in our extraordinary expertise, which is trusted by hundreds of thousands of customers, but we have great ambitions to stay one step ahead and make an even greater difference to the people and communities we serve, including our colleagues.
Our business is transforming, continually modernising, and becoming even more customer centric. So, if you want to be bold in the pursuit of your ambitions, bring new ideas, and challenge and evolve what we do, it’s the perfect time to join us!
About the Role
Level:4
Department: Information Security Operations
Location: Southampton| London| Home Based
Contract type: Permanent
We are seeking a skilled and motivated SIEM Detection Engineer to join our
Security Operations team at Quilter. This role will focus on enhancing our existing threat detection capabilities using Google Security Operations (Chronicle SIEM) and supporting the broader security automation and monitoring strategy across our cloud and hybrid environments.
You will play a pivotal role in designing, implementing, and maintaining detection logic, log ingestion pipelines, and automation playbooks, ensuring our security posture remains robust and responsive to evolving threats.
Key Responsibilities
- Log Ingestion & Parsing
- Support onboarding and parsing of logs from diverse sources including cloud platforms (Azure, AWS), infrastructure, third-party SaaS, and security tooling.
- Develop and maintain custom parsers and UDM extensions for Google SecOps to ensure accurate and enriched telemetry ingestion.
- Detection Engineering
- Design, implement, and tune detection rules using YARA-L and other relevant languages to identify malicious behaviours and anomalies.
- Continuously validate and refine detection logic through simulations, real-world threat scenarios and in response to business stakeholder requirements.
- Automation & SOAR Integration
- Develop and maintain automation playbooks for complex workflows, integrating with Microsoft 365 Defender, Entra ID, CrowdStrike, and collaboration tools.
- Collaborate with SOC partner to ensure streamlined incident response and case management maturity objectives are met.
- Operational Dashboards
- Create and maintain operational SIEM dashboards to provide real-time visibility into detection metrics, alert trends, system health and operational performance.
- Collaboration & Continuous Improvement
- Work closely with third party SOC, threat intelligence, purple and red team and Infrastructure engineering teams to align detection strategies with business risks and threat intelligence remits.
- Participate in incident response exercises and contribute to lessons learned and playbook maturity with a particular focus on enhancing existing SIEM detection and prevention controls.
About You
Required Skills & Experience
- 5+ years in cybersecurity roles (SOC, detection engineering, incident response).
- 3+ years of hands-on experience with Google SecOps (Chronicle SIEM) or similar.
- Proficiency in YARA-L, SPL, KQL, or similar query languages.
- Experience with log ingestion pipelines, custom parser development, and UDM mapping.
- Strong familiarity with cloud platforms (Azure) and associated security controls.
- Experience with Microsoft Defender Suite, CrowdStrike, Proofpoint and Zscaler.
- Strong understanding of MITRE ATT&CK, threat modelling, and popular incident detection frameworks.
- Experience with SOAR platforms and automation scripting (e.g., Python, PowerShell).
- Knowledge of integrating SIEM with EDR, NDR, DLP, and ticketing systems.
- Core understanding of regulated business operational frameworks.
Desired Qualifications
- Bachelor's degree in Cybersecurity, Intelligence Studies, Computer Science, or related field.
- Qualifications CISSP, CISM, CCSP, GIAC, CPIA or similar.
#LI-PM1
Inclusion & Diversity
We value diversity and strive to promote inclusivity in all aspects of our culture. We believe in equal opportunities for all, ensuring that no applicant encounters less favourable treatment based on anything but their skills, qualifications, experience, and potential. We celebrate the unique contributions of a diverse workforce and create a respectful, nurturing environment where every colleague can thrive.
Values
Do the right thing: We act with integrity and are proudly committed to going above and beyond in service of our clients and the support we provide our communities.
Always curious: We continuously seek new ideas and knowledge so we’re one step ahead of our clients’ needs. We look for inspiration everywhere and encourage experimentation, recognising that this is how we create brilliant solutions for brighter futures.
Embrace challenge: We aim high to transform our potential into meaningful outcomes. With ambition as our driving force and a steadfast commitment to growth, we succeed for the good of every generation.
Stronger together: Combining our diverse talents, we accomplish more collectively than we ever could do alone. We speak openly, actively listen, and support each other, and constructively challenge and embrace new ideas. We seek empowerment and demonstrate ownership and trust, with the confidence to make impactful decisions.
Core Benefits
Holiday: 182 hours (26 days)
Quilter Incentive Scheme: All employees are eligible to participate in incentive scheme, to incentivise business performance and their contribution.
Pension Scheme: A non-contributory company pension scheme that can be boosted through personal contributions.
Private Medical Insurance: Single cover as standard with options to increase cover to include your partner or children.
Life Assurance: 4x your salary.
Income Protection: 75% of salary, less state benefits, payable after 26 weeks of absence.
Healthcare Cash Plan: Jersey employees only
In addition to our core benefits, we offer a range of flexible benefits to UK employees that you can choose from and pay for conveniently via a salary deduction.