Back to jobs

Global Head of Detection & Response (SIEM / XDR / SOAR) - UK Office

Job description

🚀 Introduction

SALASUNGO positions itself as an international talent and market partner for organizations that treat cybersecurity not as an operational function, but as a strategic capability. We operate at the intersection of digital resilience, cybercrime defense and executive responsibility — where the impact of key hires is business-critical.

On behalf of one of Europe’s most respected cybersecurity-focused IT integrators, with major hubs in Germany, the UK and Ireland and hundreds of highly specialized security professionals, we are currently looking for a leader to shape and scale the global Detection & Response function.

This is not an operational role.
It is the architectural and leadership role for modern cyber defense.

🧠 Your Mission

You design the organization’s ability to detect, understand and stop attacks in real time.

You don’t build tools — you build a detection and response engine.
You turn data into security.
You turn reaction into resilience.

🎯 Your Responsibilities

  • Build and lead the global Detection & Response organization

  • Define and evolve the end-to-end detection strategy across platforms

  • Own the architecture of SIEM, XDR and SOAR landscapes

  • Establish Detection Engineering as a core capability

  • Build scalable Threat Hunting and Incident Response models

  • Drive global incident and crisis response structures

  • Integrate threat intelligence into operational detection

  • Work closely with customers, vendors and internal expert teams

  • Own quality, maturity, methodology and effectiveness of detection

🛠 Your Technology Stack

You will work with (or shape):

  • SIEM: Splunk, Microsoft Sentinel, Elastic, QRadar

  • XDR: Microsoft Defender XDR, Palo Alto Cortex XDR, CrowdStrike Falcon, SentinelOne

  • SOAR: Splunk SOAR, Palo Alto XSOAR, Microsoft Sentinel Playbooks

  • Threat Intelligence: MISP, Recorded Future, OpenCTI

  • Telemetry: Endpoint, Network, Cloud, Identity, OT

  • Cloud: Azure, AWS, Hybrid

  • Detection Languages: Sigma, YARA-L, KQL, SPL, Python

👤 Your Profile

  • Extensive experience in Detection, Incident Response, Threat Hunting or Security Architecture

  • Experience leading global security or SOC organizations

  • Deep technical expertise in SIEM, XDR, SOAR and detection engineering

  • Ability to translate operational security into strategic business value

  • Strong presence in executive and crisis environments

  • Entrepreneurial mindset and high intrinsic drive

🎓 Preferred Certifications

  • GIAC: GCED, GCIA, GCIH

  • CISSP, CISM or equivalent

  • Vendor certifications (Splunk, Microsoft, Palo Alto, CrowdStrike)

  • Experience in regulated industries (Finance, Critical Infrastructure, Industry)

🎁 What You Can Expect

  • Build a global core capability in cybercrime defense

  • High strategic impact and international visibility

  • Work with Europe’s top cybersecurity experts

  • Real ownership and freedom to shape

  • Attractive executive compensation and flexible work models