17 of 17 Permanent Threat Detection Jobs in Central London

security team and will be responsible of helping develop effective security controls. Key responsibilities will include: Working closely with the in-house security operations team to drive world class threat detection Building effective detection use cases within the chosen SIEM while minimizing false positives. Utilize online resources for researching and collecting threat intelligence to enhance the … SOC’s abilities to detect cyber-attacks. Utilize telemetry available throughout the environment to build and improve detection capabilities. Testing of existing and new detection use cases Participation in security incidents/investigations Key skills needed for the role: Experience of SIEM administration – Splunk or Exabeam preferred but other SIEM tools considered Broad technical information security knowledge including … networking, malware analysis, incident response and Knowledge of information security protection, detection and authentication systems Understanding of tools, techniques and procedures that attackers use to compromise organizations, ideally from direct experience. Basic python\ AWS experience Please send your CV for immediate review More ❯

Every minute of every day, Smiths Detection’s threat detection and security screening technology helps to protect people and infrastructure, making the world a safer place. Smiths Detection, part of Smiths Group is a global leader in the development, manufacture and management of security and detection solutions designed to make the world a safer place. … Our technology provides threat detection and screening solutions for customers in our key markets: aviation, ports and borders, defence, and urban security. Our expertise spans 21 global offices, seven manufacturing sites and five R&D centres, with a global network of 3,000 dedicated colleagues contributing towards over 40 years at the frontline of advances in safety and More ❯

API's, Linux & Windows | Up to £1000 Inside | 2 Days p/week in London We are seeking an experienced Security Orchestration, Automation & Response (SOAR) Engineer to strengthen cyber threat detection and automation capabilities within a leading financial organisation. This role combines hands-on technical expertise with strategic security automation and orchestration across modern platforms. You will work … closely with detection, response, and engineering teams to design, build, and optimise security workflows — enabling faster, more effective incident response and reducing manual effort through automation. Key Responsibilities: Develop and enhance security detections and automations across SOAR platforms (ideally Palo Alto Cortex XSOAR) Create and maintain playbooks and integrations to improve incident response and operational efficiency Collaborate across teams … to improve detection coverage and response workflows Monitor emerging threats and translate attacker TTPs into actionable detections and automated mitigations Key Skills & Experience: Hands-on experience with Palo Alto Cortex XSOAR or other SOAR platforms Strong knowledge of threat detection and response engineering Familiarity with MITRE ATT&CK framework Proficiency in Python for automation and integration development More ❯

We’re looking for a hands-on technical expert to join our team and enhance our Microsoft Sentinel & Azure SIEM threat detection capabilities. The Role: Design, implement & tune advanced detection rules and analytics. Translate threat intelligence into actionable detection logic. Lead SIEM enhancements, integrations & content migration. Mentor junior engineers and drive best practices. Collaborate with … IR & threat intel teams to refine detections. Skills: Proven experience in SIEM content development & threat detection. Strong expertise with Microsoft Sentinel, Azure & Logic Apps. Deep knowledge of MITRE ATT&CK, attacker TTPs & security principles. Strong analytical & problem-solving skills. More ❯

attacks, phishing attempts, and unauthorised access events. Monitor, analyse, and respond to alerts from client security platforms (MDR/XDR, SentinelOne, Huntress, Fortinet, Mimecast, Avanan, Defender) to ensure rapid threat mitigation. Conduct vulnerability assessments, risk analyses and security audits across client environments, providing actionable recommendations and remediation guidance. Implement and maintain security hardening across infrastructure, cloud services, endpoints, and … networks, in alignment with best practices and frameworks such as ISO27001, NIST, and Cyber Essentials Plus. Lead and coordinate incident response efforts, including root cause analysis, threat containment and post-incident reporting for clients. Collaborate with the Project and Service Desk teams to embed security into deployments, migrations, upgrades, and automation workflows, ensuring systems remain secure by design. Maintain … is shared across the team for rapid incident handling. Provide mentorship and cybersecurity guidance to junior engineers and Service Desk staff, fostering a culture of security awareness and proactive threat management. Perform ongoing threat intelligence monitoring and security trend analysis to anticipate risks and protect client environments. Support clients in security reporting, compliance reviews, and continuous improvement initiatives More ❯

SOC Specialist | London based 2-3x a week | £85,000 + Benefits Role Brief Join a global Security Operations Center team providing 24/7 threat detection and incident response. As a SOC Specialist, you’ll act as a frontline defender—monitoring alerts, leading investigations, and conducting proactive threat hunts. You'll work with a range … of technologies, contribute to detection improvements, and collaborate with wider cyber teams. This role is a 9-5 position, with occasional requirement to be on on-call rota Essential Skills Solid grasp of incident response fundamentals Understanding of common attack techniques (phishing, lateral movement, DDoS, etc.) Experience with log and packet (PCAP) analysis Familiarity with Windows and/or … Linux investigations Clear and structured documentation of technical findings Desired Skills Basic scripting (e.g., Python, Bash, PowerShell) Experience creating SIEM rules or detection logic Exposure to cloud environments and related attack vectors Knowledge of threat hunting methods and MITRE ATT&CK Interest or experience in cross-functional collaboration (e.g., Threat Intel, Red Teams More ❯

key to detecting, preventing, and responding to cybersecurity threats in a proactive and efficient manner. Key Responsibilities: Security Architecture & Implementation Design, deploy, and manage security solutions including firewalls, intrusion detection/prevention systems, endpoint protection, SIEM, and identity management platforms. Implement secure network architecture and enforce segmentation and least-privilege access controls. Support secure cloud environments across Azure, AWS … or GCP (e.g., IAM, security groups, encryption, KMS). Threat Detection & Incident Response Monitor and analyze security alerts and network traffic for threats or suspicious activity. Lead or support incident response activities: investigation, containment, eradication, recovery, and reporting. Conduct root cause analysis and implement security hardening improvements. Vulnerability & Risk Management Run regular vulnerability scans and penetration testing activities More ❯

WAN, SD-WAN, data-center design, virtualization, storage, backup); cloud and datacenter (IaaS/PaaS, public, private, hybrid architectures; migration and modernization); cybersecurity (identity, endpoints, network, identity & access management, threat detection, incident response); application support and managed services for critical business applications. Security and compliance: Build security-by-design into solution proposals; incorporate best practices for data protection … center design, virtualization, storage, backups, disaster recovery, networking (LAN/WAN, SD-WAN), cloud connectivity. Cloud and Datacenter: IaaS/PaaS migrations, cloud governance, hybrid architectures, cloud security. Cybersecurity: threat prevention/detection, IAM, endpoint protection, SOC-oriented operations, incident response planning. Solution architecture and proposal skills: ability to translate business needs into standardized reference architectures, bill of More ❯

inconsistencies. Facilitate smooth transitions across IT and OT environments, including hypercare and process adaptations. Investigate and resolve IAM security incidents, access anomalies, and authentication issues. Review and monitor Identity Threat Detection & Response (ITDR) systems. Collaborate with SOC teams to detect privileged account misuse and insider threats. Identity & Access Management (IAM): Design, implement, and maintain IAM solutions leveraging Active … integration. Privileged Access Management: CyberArk – Vault administration, credential rotation, JIT access, session monitoring, compliance reporting. Security & Compliance: CAF, eCAF, NIST frameworks; IAM controls for critical infrastructure; incident response and threat detection. Preferred Certifications: Microsoft Certified: Identity and Access Administrator Associate Okta Certified Administrator/Professional SailPoint IdentityNow/IdentityIQ Engineer CyberArk Defender/Guardian CISSP or Certified Identity and More ❯

and platforms Maintain and enhance the ISO 27001-aligned Information Security Management System (ISMS) Ensure compliance with frameworks including CIS Controls, NIST, ISO 27701, and GDPR Oversee incident response, threat detection, and access governance across systems such as iManage, Intapp, Aderant, Microsoft 365, and Azure Drive firm-wide security awareness and training initiatives Monitor regulatory changes and emerging More ❯

equivalent) required Hands-on knowledge of ISO27001 and supporting an ISMS (audit experience useful but not central) Familiarity with security tools: Azure security, cloud IAM, Defender, web proxy, endpoint detection (CrowdStrike or equivalents) Understanding of zero trust networks, SSO, and network segregation principles Strong communicator: able to advise IT teams on practical security steps, not just theory Experience mentoring … Azure (and AWS) – IAM, monitoring, encryption Defender, web proxy, CrowdStrike-equivalent – Endpoint & email protection Panorays – Third-party risk Protecht – Enterprise risk & audit management Rapid7/Armis – Vulnerability management and threat detection Why this role? Hands-on, high-impact role in a dynamic SME environment Influence across security operations, governance, and data management Work alongside experienced InfoSec leadership in More ❯

end users, our mission is to enable secure cloud and end-user services guided by our Zero Trust Security Model. Our teams specialise in Identity Verification, Managed Endpoints, Threat Detection, Secure Remote Access, and Adaptive Security Policies—balancing exceptional user experience with enterprise-grade security. We operate under an ISO/IEC 27001-certified ISMS and an ITIL … and AWS including, but not limited to, private hosted environment (VPC/Vnet), private connectivity (endpoint, VPN services, etc.) Physical/Virtual/WebApp Firewalls for access controls, and threat detection. Automate provisioning and configuration using Terraform, Ansible, Azure CLI, and PowerShell. Contribute to CI/CD integration for infrastructure as code. Support and evolve exiting topologies and connectivity More ❯

to join them on a permanent basis. You will help to establish and lead local security operations capability across European offices, providing strategic technical leadership in incident response, cyber threat visibility, and security resilience. This role will bridge the gap between our centralized corporate security services and regional business needs. Key Responsibilities Incident Response & Security Operations Lead and mature … security incident response capabilities across the organisation Oversee incident investigations, alert triage, and threat hunting activities Develop and execute tabletop exercises and incident response playbooks Provide expert technical guidance during security incidents and recovery efforts Build real-time visibility into organisational cyber telemetry and security posture Leadership & Team Management Line manage and mentor a security engineer and future team … members Strategic & Stakeholder Engagement Partner with third-party security service providers and managed services Align regional security operations with global CISO strategy Operational Excellence Enhance detection and monitoring capabilities aligned to NIS2/NIST frameworks Drive continuous improvement of security tools, processes, and procedures Ensure appropriate balance between local autonomy and corporate alignment Contribute to broader security strategy and More ❯

end users, our mission is to enable secure cloud and end user services guided by our Zero Trust Security Model. Our teams specialise in Identity Verification, Managed Endpoints, Threat Detection, Secure Remote Access, and Adaptive Security Policies, balancing exceptional user experience with enterprise grade security. We operate under an ISO/IEC 27001 certified ISMS and an ITIL More ❯

end users, our mission is to enable secure cloud and end-user services guided by our Zero Trust Security Model. Our teams specialise in Identity Verification, Managed Endpoints, Threat Detection, Secure Remote Access, and Adaptive Security Policies, balancing exceptional user experience with enterprise-grade security. We operate under an ISO/IEC 27001-certified ISMS and an ITIL More ❯

connectivity for thousands of user VDIs. Troubleshoot proxy issues using HAR files, Wireshark, and Fiddler to ensure stable operations. Deploy and configure Darktrace vSensor probes for network monitoring and threat detection. Optimize Darktrace models to minimize false positives and improve alert accuracy. Perform post-build security checks using Splunk, Qualys, CrowdStrike, and CyberArk before server sign-off. More ❯

Cyble is revolutionizing the landscape of cybersecurity intelligence. Founded in 2019, Cyble began as a visionary college project and has quickly transformed into a leading force in proactive cyber threat detection and mitigation, that is now globally significant, with people in 20 countries - Headquartered in Alpharetta, Georgia, and with offices in Australia, Malaysia, Singapore, Dubai, Saudi Arabia and More ❯