18 of 18 MITRE ATT&CK Jobs in the South East

reactive alert handling. You will actively hunt for malicious activity using telemetry, SIEM data, and threat intelligence, develop hypotheses based on MITRE ATT&CK Tactics, Techniques, and Procedures (TTPs), and support incident management and response activities when threats are identified. We are open to experienced … experience using SIEM platforms, including: Microsoft Sentinel (KQL) Splunk (SPL) Elastic Security/Kibana (KQL, ESQL) Practical and operational understanding of MITRE ATT&CK, attacker techniques, and adversary tradecraft Experience working with Indicators of Compromise (IOCs) and threat intelligence feeds Solid experience across the security ...

within the team. Demonstrable experience leading cyber security incident response (incident command), from detection through containment and remediation. Working knowledge of MITRE ATT&CK and at least one recognised control framework (ISO 27001, CIS or NIST). Risk-based prioritisation of remediation using threat intelligence. … tooling (e.g. CrowdStrike or equivalent) in a production environment. Prioritised and managed a risk-based security backlog, applying frameworks such as MITRE ATT&CK and threat-based prioritisation. Assured the delivery of security initiatives across distributed teams or sites, tracking vulnerability remediation and patching through ...

Threat & Adversary Knowledge * Understanding of attacker Tactics, Techniques and Procedures (TTPs) and how they manifest in logs and telemetry * Familiarity with MITRE ATT&CK framework * Evidence of staying up to date with: o Emerging threats o Adversary tradecraft o Defensive techniques ________________________________________ Incident Handling & Investigation * Experience … Analyst, Cyber Security Analyst, Microsoft Sentinel, Splunk, Elastic SIEM, KQL, SPL, ES|QL, Threat Detection, Incident Response, EDR, IDS/IPS, MITRE ATT&CK, Cyber Defence ...

reports for managed clients to both technical and non-technical audiences, Collaborate on improving detection rules and use cases aligned with Mitre Att&ck and threat-informed defense. Participate in a team effort to guarantee that corporate data and technology platform components are shielded from … Farnborough. What youll bring: Experience demonstrated in Security Operations Centre. Experience using Microsoft Sentinel and Splunk. Knowledge and experience with Mitre Att&ck Framework. Basic knowledge of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, and enterprise AntiVirus products. Understanding of networking ...

customer environments. Producing clear, insightful reports for both technical and non-technical audiences. Enhancing detection rules and use cases aligned to MITRE ATT&CK and threat-informed defence. What you'll bring: Hands-on experience with Microsoft Sentinel and Splunk. Knowledge of the MITRE ATT&CK framework. Understanding of client-server and multi-tier applications, databases, firewalls, VPNs and endpoint security. Solid networking fundamentals (TCP/IP, LAN/WAN, HTTP, SMTP, FTP, LDAP, etc.). Strong analytical thinking and structured problem-solving. An entry-level cyber security certification ...

network traffic to identify malicious activity. Contribute to the development and improvement of detection rules and use cases aligned to the MITRE ATT&CK framework. Support continuous improvement of SOC processes, tooling, and incident response playbooks. Maintain clear and accurate incident documentation, including reports … environment. It would be great if you had: Experience improving detection content or threat-informed defense use cases. Familiarity with the MITRE ATT&CK framework. Scripting or automation experience (e.g. Python, PowerShell, Bash). Exposure to malware analysis or reverse engineering (not required ...

pipelines, including log ingestion, enrichment and schema standardisation. Develop and tune security detection content, translating threat intelligence and TTPs aligned to MITRE ATT&CK into actionable, high-value alerts. Manage the full detection content lifecycle: design, test, deploy, monitor, tune and retire, using version control … Strong hands-on knowledge of SIEM engineering, including indexing, parsing, onboarding and performance tuning. Experience designing and optimising detection content, including MITRE ATT&CK-aligned use cases and alert tuning to reduce noise. Good understanding of data pipeline engineering, log enrichment, data quality and large ...

SIEM, SOAR, EDR, DLP, email security and intrusion detection technologies. Analyse attacker tactics, techniques and procedures (TTPs) using frameworks such as MITRE ATT&CK. Produce dashboards, reports and recommendations to improve security posture. Ensure adherence to operational processes, SLAs, KPIs and security policies. Drive continuous improvement across … PowerShell, Bash, Perl or similar. Understanding of network forensics, threat intelligence and cyber threat detection methodologies. Knowledge of ISO 27001:2022 , MITRE ATT&CK , and IT Service Management principles. ...

platforms Knowledge of cybersecurity frameworks such as NIST, ISO27001, CIS benchmarks and Cyber Essentials Experience with threat intelligence frameworks such as MITRE ATT&CK and Cyber Kill Chain Familiarity with Data Loss Prevention technologies and Microsoft 365 security tooling Exposure to DevSecOps practices and cloud ...

including TCP/IP, DNS, firewalls, and proxies. Experience within a SOC, NOC, or 24/7 operational environment. Familiarity with MITRE ATT&CK, CVEs, and vulnerability management. Exposure to cloud security monitoring across Azure, AWS, or Microsoft 365. Desirable Certifications Microsoft SC-200 CompTIA ...

queries and manage Splunk Enterprise Security. Technical Breadth: Strong knowledge of network protocols, cloud security (AWS/Azure), and the MITRE ATT&CK framework. Vulnerability Assessment & Penetration Testing: Bonus points for experience with vulnerability assessment tools and exposure to penetration testing and web application testing. ...

escalation point for Tier 1, owning investigations end-to-end — triaging SIEM and EDR alerts, leading incident response, hunting threats using MITRE ATT&CK, and tuning detections to cut noise. You’ll also mentor junior analysts and help mature playbooks and runbooks. We’re looking ...

Splunk Enterprise Security (ES). You must have a strong understanding of network protocols, cloud security (AWS/Azure), and the MITRE ATT&CK framework. CCFA/CCFR Certifications will be a a major plus. If you match the above skill set please apply ASAP. ...

endpoint detection platforms* Knowledge of identity and access management, directory services, or privileged access solutions* Understanding of security frameworks such as MITRE ATT&CK* Experience working in secure or regulated environments* Strong problem-solving skills and ability to work at a detailed technical level* Familiarity ...

standards and processes in large corporate IT environments • Working knowledge of Cyber Security frameworks/methodologies (such as NIST, ISO 27001, MITRE ATT&CK, Lockheed Martin Kill Chain etc) Network Security Architect Due to the volume of applications received for positions, it will ...

maintaining detection rules.Good understanding of SIEM lifecycle management and security telemetry.Knowledge of cloud environments and IT infrastructure.Familiarity with frameworks such as MITRE ATT&CK.Ability to analyse threats and translate them into detection capability.Nice to have:Experience with SOAR (Logic Apps/Splunk SOAR).Detection-as-code ...

Good understanding of SIEM lifecycle management and security telemetry. Knowledge of cloud environments and IT infrastructure. Familiarity with frameworks such as MITRE ATT&CK. Ability to analyse threats and translate them into detection capability. Nice to have: Experience with SOAR (Logic Apps/Splunk SOAR). Detection ...

APIs, microservices, and modern application architectures. Knowledge of current cyber threats and experience with threat modelling frameworks such as STRIDE and MITRE ATT&CK. Solid understanding of key security domains including IAM, network security, cryptography, endpoint security, and information management. Familiarity with security frameworks and standards including ...