Open to South African Applicants.
About Integrity360
Integrity360 is Europe’s largest independent cyber security provider, with a growing international presence across the UK, Ireland, mainland Europe, Africa, and the Caribbean. With over 700 employees across 12 locations, including six Security Operations Centres (SOCs) in Dublin, Sofia, Stockholm, Madrid, Naples, and Cape Town, the company supports more than 2,500 clients across a wide range of industries.
More than 80% of Integrity360’s workforce are technical experts, dedicated to helping clients proactively identify, protect, detect, and respond to threats in today’s evolving cyber landscape. The organisation’s security-first approach positions cyber resilience as a business enabler, empowering companies to operate with confidence.
Integrity360 prioritises its people, investing heavily in learning, development, and career progression. The culture is dynamic, collaborative, and growth-focused, ensuring employees thrive while contributing to innovation in cybersecurity.
About the Role
The Threat Content Developer will play a critical role in strengthening Integrity360’s threat detection capabilities across its Managed Detection & Response (MDR) services.
By tracking adversary activity across industries, the successful candidate will help ensure that Integrity360’s managed products are continuously updated to detect the latest tactics, techniques, and procedures (TTPs) used by attackers.
Working closely with teams such as Incident Response, Cyber Threat Intelligence, and the Cyber Security Operations Centre (CSOC), the Threat Content Developer will translate intelligence into actionable detection capabilities, enabling faster, more effective investigations of real-time threats.
This role requires a passion for security, a curious mindset, and a drive to stay ahead of emerging threats, vulnerabilities, and exploit methods.
Key Responsibilities
- Continually assess Integrity360’s detection portfolio, identifying strengths, weaknesses, and priorities for enhancement.
- Analyse multiple sources of threat intelligence to track adversary groups, campaigns, and software.
- Monitor and respond to emerging threats, including zero-day vulnerabilities affecting widely used software.
- Deploy advanced detection analytics (primarily to SIEM) to identify threats discovered during intelligence reviews.
- Collaborate with colleagues in Incident Response and other teams to operationalise indicators of compromise into new detections.
- Contribute to developing automation tools that streamline delivery and maximise intelligence integration.
- Produce high-quality technical documentation outlining both strategic and detailed aspects of new detections.
Basic Qualifications & Skills
- Minimum of 3 years’ hands-on experience in a cybersecurity-related role such as Detection Engineer, DevSecOps Engineer, Network Security Engineer, or Cyber Security Engineer.
- Demonstrated experience building detection capabilities in platforms such as SIEM, EDR, XDR, or SOAR.
- Strong knowledge of security frameworks (MITRE ATT&CK, OWASP, NIST, CIS).
- Solid technical foundation in networking, operating systems, and software design practices.
- Familiarity with major cloud platforms (AWS, Azure, GCP).
- Genuine passion for cybersecurity, with an analytical and problem-solving approach.
Preferred Qualifications
- Working knowledge of incident response and investigation practices.
- Proficiency in one or more scripting/programming languages (Python, PowerShell, Bash, etc.).
- Experience with CI/CD tools (Azure DevOps, GitLab Runner) and version control systems such as Git.