Jobs / Haleon / Detection & Automation Lead

Detection & Automation Lead

Haleon
Bengaluru Campus 31 Onsite Technical Specialists
Apply for this position

About this role

Welcome to Haleon. We’re a purpose-driven, world-class consumer company putting everyday health in the hands of millions. In just three years since our launch, we’ve grown, evolved and are now entering an exciting new chapter – one filled with bold ambitions and enormous opportunity.

Our trusted portfolio of brands – including Sensodyne®, Panadol®, Advil®, Voltaren®, Theraflu®, Otrivin®, and Centrum® – lead in resilient and growing categories. What sets us apart is our unique blend of deep human understanding and trusted science.

Now it’s time to fully realise the full potential of our business and our people. We do this through our Win as One strategy. It puts our purpose – to deliver better everyday health with humanity – at the heart of everything we do. It unites us, inspires us, and challenges us to be better every day, driven by our agile, performance-focused culture.

About the role

This position is critical to protecting Haleon’s corporate assets and managing its day-to-day operational cyber security defences. It involves leading a team responsible for the design, development and maintenance of automation workflows and detection capabilities to identify cyber threats at the earliest opportunity and enhance the company’s cyber security response.

Responsibilities:

The post holder will overall responsibility within the company for:

  • Designing, developing and maintaining SOAR playbooks to automate security incident detection and response.

  • Designing, developing and maintaining detection rules and use cases across SIEM, EDR, and other security platforms.

  • Integrating various security tools (SIEM, EDR, threat intelligence platforms, ticketing systems) into SOAR platforms.

  • Collaborating with SOC analysts and incident responders to identify automation opportunities.

  • Developing and maintaining APIs, scripts, and connectors for system integration.

  • Continuously optimising and improving existing playbooks for performance and accuracy.

  • Monitoring the health of automation pipelines and troubleshoot failed executions or API connectivity issues

  • Troubleshooting and resolving issues related to automation workflows and integrations.

  • Documenting workflows, processes and technical configurations.

  • Ensuring security best practices are followed in all automation and development activities.

  • Staying up to date with emerging threats, technologies, and automation techniques.

  • Analysing logs and telemetry to identify suspicious activity and detection opportunities.

  • Continuously improving detection coverage based on emerging threats and intelligence.

  • Tuning and optimising alerts to reduce false positives and improve signal quality.

  • Collaborating with security operations analysts to validate and refine detection logic.

  • Translating threat intelligence into actionable detection rules and analytics.

  • Developing and maintaining detection-as-code practices, including version control and testing.

  • Supporting incident response by enhancing visibility and creating rapid detections.

  • Maping detections to frameworks such as MITRE ATT&CK to ensure coverage.

  • Conducting gap analysis and recommend improvements to monitoring capabilities.

  • Working closely with Security Operations, Threat Intelligence, and Incident Response teams to ensure threats are detected quickly and accurately.

Why you?

Basic Qualifications:

  • Three years experience in security operations, detection engineering or SOAR develepment.

  • Strong understanding of log sources (e.g., Windows, Linux, network, cloud).

  • Hands-on experience with SIEM platforms (e.g., Splunk, Sentinel, QRadar).

  • Familiarity with EDR/XDR tools (e.g., CrowdStrike, Defender, Carbon Black).

  • Strong programming / scripting skills (Python, PowerShell, JavaScript).

  • Experience of SOAR platforms such as Palo Alto Cortex XSOAR, Splunk SOAR, IBM Resilient.

  • Experience with REST APIs and system integrations.

Preferred Skills and Experience:

  • Bachelor’s degree in Computer Science, Cyber Security or related field (or equivalent experience).

  • Knowledge of DevOps practices and CI/CD pipelines.

  • Familiarity with MITRE ATT&CK framework.

  • Experience with containerisation (Docker, Kubernetes).

  • Ability to communicate complex problems succinctly.

  • Knowledge of query languages (e.g., KQL, SPL, SQL).

  • Understanding of attacker tactics, techniques, and procedures (TTPs).

  • Attention to detail and quality of detection logic.

  • Ability to balance detection fidelity with operational efficiency.

  • Experience with scripting or automation (Python, PowerShell, Bash).

  • Knowledge of cloud security monitoring (AWS, Azure, GCP).

  • Familiarity with detection engineering methodologies and detection-as-code.

  • Ability to work within a team environment, sharing workload and responsibility.

  • Strong analytical and problem-solving skills.

  • CISSP, GCIA, GCDA, GSOC, GCIH.

 

 

 

 Job Posting End Date

 

 

2026-06-26

 

 

 

Equal Opportunities

Haleon are committed to mobilising our purpose in a way that represents the diverse consumers and communities who rely on our brands every day. It guides us in creating an inclusive culture, where different backgrounds and views are valued and respected – all in support of understanding and best serving the needs of our consumers and unleashing the full potential of our people. It’s important to us that Haleon is a place where all our employees feel they truly belong.

During the application process, we may ask you to share some personal information, which is entirely voluntary. This information ensures we meet certain regulatory and reporting obligations and supports the development, refinement, and execution of our inclusion and belonging programmes that are open to all Haleon employees. 

The personal information you provide will be kept confidential, used only for legitimate business purposes, and will never be used in making any employment decisions, including hiring decisions.

 

 

 

Adjustment or Accommodations Request

If you require a reasonable adjustment or accommodation or other assistance to apply for a job at Haleon at any stage of the application process, please let your recruiter know by providing them with a description of specific adjustments you are requesting. We’ll provide all reasonable adjustments to support you throughout the recruitment process and treat all information you provide us in confidence. 

 

 

 

Note to candidates

The Haleon recruitment team will contact you using a Haleon email account (@haleon.com). If you are not sure whether the email you received is from Haleon, please get in touch.

About Haleon

Consumer healthcare company spun off from GSK, making brands like Sensodyne, Advil, and Centrum. Based in Weybridge, UK.

haleon.com

Similar jobs you might like

MEA Wellness / Digestive Associate Marketing Manager
Haleon · Istanbul River Plaza
OTC & Wellness Expert Lead - MEA
Haleon · Istanbul River Plaza
Brand Assistant Respiratory
Haleon · Mexico City Artz Pedregal Flex
Digital Marketing Lead - Oral Health
Haleon · India - Haryana - Gurgaon
Job Details
LocationBengaluru Campus 31
Work typeOnsite
DepartmentTechnical Specialists
SenioritySenior
CountryIndia
About the company
Haleon
Consumer healthcare company spun off from GSK, making brands like Sensodyne, Advil, and Centrum. Based in Weybridge, UK.
View all 454 open jobs at Haleon
BioHired Insights
Hiring locations: India (96), China (83), United States (37)