1 to 25 of 46 MITRE ATT&CK Jobs in England

reactive alert handling. You will actively hunt for malicious activity using telemetry, SIEM data, and threat intelligence, develop hypotheses based on MITRE ATT&CK Tactics, Techniques, and Procedures (TTPs), and support incident management and response activities when threats are identified. We are open to experienced … experience using SIEM platforms, including: Microsoft Sentinel (KQL) Splunk (SPL) Elastic Security/Kibana (KQL, ESQL) Practical and operational understanding of MITRE ATT&CK, attacker techniques, and adversary tradecraft Experience working with Indicators of Compromise (IOCs) and threat intelligence feeds Solid experience across the security ...

Splunk Enterprise Security platforms Designing and maintaining log ingestion pipelines and data enrichment processes Developing and tuning detection rules aligned to MITRE ATT&CK techniques Managing the full lifecycle of detection content from design through to optimisation Automating security workflows using scripting, CI/… detection engineering Experience with automation, scripting or Infrastructure as Code in SIEM environments Understanding of MITRE ATT&CK and threat detection techniques Experience with high availability, disaster recovery and SIEM performance optimisation TO BE CONSIDERED Please either apply through this advert or email me directly ...

conduct forensic analysis across endpoints, networks, cloud, and SaaS. Integrate threat intelligence into investigations (e.g., enrich IOCs, map activity to MITRE ATT&CK, identify likely threat actors/TTPs, and assess potential impact). Understand the threat landscape through collaboration with industry peers, FS-ISAC … legal/compliance requirements. Required Qualifications Working knowledge of common cyber attacks, tools, and attacker tradecraft; ability to map activity to MITRE ATT&CK and articulate likely TTPs. Demonstrated experience handling security events in critical environments and applying intelligence to accelerate triage and response. Experience ...

error-free ingestion. Use Case & Detection Content Development Design, implement, test, and tune detection use cases based on attacker techniques (MITRE ATT&CK), threat intelligence, and risk appetite. Build correlation rules, anomaly-based detections, dashboards, and alerting workflows. Regularly review detection efficacy and reduce false … systems, Cloud platforms (Azure/AWS/GCP), identity systems, and endpoint protection technologies (e.g. SentinelOne and Microsoft Defender) Knowledge of MITRE ATT&CK, cyber kill chain, and threat hunting methodologies. Must Have Level 4 or higher qualification in a computing subject, or equivalent experience ...

customer environments. Producing clear, insightful reports for both technical and non-technical audiences. Enhancing detection rules and use cases aligned to MITRE ATT&CK and threat-informed defence. What you’ll bring: Hands-on experience with Microsoft Sentinel and Splunk. Knowledge of the MITRE ATT&CK framework. Understanding of client-server and multi-tier applications, databases, firewalls, VPNs and endpoint security. Solid networking fundamentals (TCP/IP, LAN/WAN, HTTP, SMTP, FTP, LDAP, etc.). Strong analytical thinking and structured problem-solving. An entry-level cyber security certification ...

hypothesis-driven threat hunting activities across endpoint, network, cloud, identity, and SaaS environments Develop and maintain threat hunting playbooks aligned to MITRE ATT&CK techniques Identify stealthy, low-and-slow, and novel attack patterns not detected by automated controls Translate threat intelligence into actionable hunt … platforms (e.g. Sentinel, Splunk, Elastic) EDR/XDR solutions (e.g. Defender, CrowdStrike, SentinelOne) Network and cloud security telemetry Strong understanding of: MITRE ATT&CK Windows, Linux, and cloud attack techniques Malware behaviours, credential abuse, lateral movement, and persistence mechanisms Leadership & Soft Skills Demonstrated ability ...

reports for managed clients to both technical and non-technical audiences, Collaborate on improving detection rules and use cases aligned with Mitre Att&ck and threat-informed defense. Participate in a team effort to guarantee that corporate data and technology platform components are shielded from … Farnborough. What you’ll bring: Experience demonstrated in Security Operations Centre. Experience using Microsoft Sentinel and Splunk. Knowledge and experience with Mitre Att&ck Framework. Basic knowledge of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, and enterprise AntiVirus products. Understanding ...

cases across SIEM and SOAR platforms using threat intelligence and incident data Develop, map, and maintain detection logic aligned to MITRE ATT&CK frameworks Continuously tune and optimise correlation rules to improve signal-to-noise ratio Validate detection logic through simulations, threat emulation … platforms and query languages (e.g. SPL, KQL) Solid understanding of detection engineering principles, data modelling, and regex Proven experience working with MITRE ATT&CK and threat-informed defence strategies Ability to design scalable and maintainable detection content in complex environments Strong documentation and stakeholder communication ...

cases across SIEM and SOAR platforms using threat intelligence and incident data Develop, map, and maintain detection logic aligned to MITRE ATT&CK frameworks Continuously tune and optimise correlation rules to improve signal-to-noise ratio Validate detection logic through simulations, threat emulation … platforms and query languages (e.g. SPL, KQL) Solid understanding of detection engineering principles, data modelling, and regex Proven experience working with MITRE ATT&CK and threat-informed defence strategies Ability to design scalable and maintainable detection content in complex environments Strong documentation and stakeholder communication ...

cases across SIEM and SOAR platforms using threat intelligence and incident data Develop, map, and maintain detection logic aligned to MITRE ATT&CK frameworks Continuously tune and optimise correlation rules to improve signal-to-noise ratio Validate detection logic through simulations, threat emulation … platforms and query languages (e.g. SPL, KQL) Solid understanding of detection engineering principles, data modelling, and regex Proven experience working with MITRE ATT&CK and threat-informed defence strategies Ability to design scalable and maintainable detection content in complex environments Strong documentation and stakeholder communication ...

escalation playbooks; suggest improvements based on recurring issues or inefficiencies. Threat Awareness: Maintain awareness of current cyber threats, attacker techniques (MITRE ATT&CK), and industry trends relevant to the organisations threat landscape. Essential: 2-4 years of experience in a SOC, IT Operations, or security … Working knowledge of SIEM platforms (e.g. Microsoft sentinel, Splunk, Elastic, QRadar). Desirable: Awareness of security frameworks and methodologies (NIST CSF, MITRE ATT&CK, ISO27001). Qualifications: Desirable: CompTIA Security+, CySA+ or other entry level certification. ...

continuously refine advanced SIEM detection logic, including rules, correlations and analytics. Research emerging threats, vulnerabilities and adversary TTPs, mapping them to MITRE ATT&CK to close detection and visibility gaps. Tune and validate detections to minimise false positives and deliver high-fidelity alerts … detection patterns. Confidence to own technical delivery end-to-end, driving work through to completion with minimal escalation. Expert knowledge of MITRE ATT&CK, with real-world application in detection engineering. A BSc in Computer Science, IT, or a related discipline. Solid scripting skills ...

continuously refine advanced SIEM detection logic, including rules, correlations and analytics. Research emerging threats, vulnerabilities and adversary TTPs, mapping them to MITRE ATT&CK to close detection and visibility gaps. Tune and validate detections to minimise false positives and deliver high-fidelity alerts … detection patterns. Confidence to own technical delivery end-to-end, driving work through to completion with minimal escalation. Expert knowledge of MITRE ATT&CK, with real-world application in detection engineering. A BSc in Computer Science, IT, or a related discipline. Solid scripting skills ...

essential skills Experience working in a Security Operations Centre environment Hands-on experience with Microsoft Sentinel or Splunk Knowledge of the MITRE ATT&CK framework Understanding of networks and systems, including TCP/IP, firewalls, VPNs and endpoint security Strong analytical and problem-solving skills … client in conjunction with this vacancy only. KEY SKILLS: SOC Analyst, Security Operations Centre, Microsoft Sentinel, Splunk, SIEM, Incident Response, MITRE ATT and CK, Networking, SC Clearance ...

pipelines, including log ingestion, enrichment and schema standardisation. Develop and tune security detection content, translating threat intelligence and TTPs aligned to MITRE ATT&CK into actionable, high-value alerts. Manage the full detection content lifecycle: design, test, deploy, monitor, tune and retire, using version control … Strong hands-on knowledge of SIEM engineering, including indexing, parsing, onboarding and performance tuning. Experience designing and optimising detection content, including MITRE ATT&CK-aligned use cases and alert tuning to reduce noise. Good understanding of data pipeline engineering, log enrichment, data quality and large ...

Required Experience & Skills 2–4 years’ experience in a SOC, CSIRT, or cyber defence environment Strong understanding of attack frameworks (e.g. MITRE ATT&CK, Cyber Kill Chain) Hands-on experience with SIEM and EDR tools (e.g. Microsoft Sentinel, Splunk, CrowdStrike, Defender) Experience in incident triage ...

certifications such as Security+, SC-200, CySA+, CISSP, or similar Experience with cloud security technologies (Azure, AWS, Microsoft 365) Knowledge of MITRE ATT&CK framework and threat hunting methodologies Scripting or automation experience (PowerShell, Python, etc.) What’s on Offer Hybrid working model ...

optimise complex queries to support threat detection, proactive threat hunting, and anomaly identification Map detection logic to adversary behaviours using the MITRE ATT&CK Framework, ensuring effective coverage of tactics, techniques, and procedures Work with the wider Splunk ecosystem, including tools like TrackMe, and contribute ...

professionals, with demonstrated ability to develop talent and drive team performance • Deep expertise in threat intelligence platforms and frameworks such as MITRE ATT&CK, with experience using Google SecOps, Wiz, and Recorded Future for threat analysis and intelligence gathering • Strong knowledge of financial services threat ...

SIEM, SOAR, EDR, IDS/IPS, firewalls, and cloud-native security tooling. Knowledge of cyber security frameworks such as NIST CSF, MITRE ATT&CK, ISO 27001, or CIS Controls. Demonstrated expertise in incident response and threat management. Experience working in hybrid cloud environments (Azure ...

practices Knowledge of cyber frameworks and regulations including GDPR, NIS, and National Cyber Security Centre guidance Familiarity with frameworks such as MITRE ATT&CK and ITIL processes Experience operating within complex, regulated environments (e.g. public sector, financial services) Strong stakeholder management skills, with the ability ...

Sentinel Familiarity with Microsoft Defender tools (Endpoint & O365) Exposure to Azure cloud logging and Kubernetes environments Knowledge of attacker TTPs and MITRE ATT&CK frameworks Proactive, collaborative, and innovative mindset Desirable/Nice-to-Have: Experience with Python , Terraform , or CI/CD pipelines Familiarity ...

Sentinel Familiarity with Microsoft Defender tools (Endpoint & O365) Exposure to Azure cloud logging and Kubernetes environments Knowledge of attacker TTPs and MITRE ATT&CK frameworks Proactive, collaborative, and innovative mindset Desirable/Nice-to-Have: Experience with Python , Terraform , or CI/CD pipelines Familiarity ...

effective security controls aligned with business requirements using a risk-based approach. Familiarity with application attack tactics and techniques, including the MITRE ATT&CK framework, and security maturity models such as OpenSAMM and C2M2. Strong working knowledge of recognised security frameworks and standards, including NIST ...

managing Splunk Enterprise Security (ES). Technical Breadth: Strong understanding of network protocols, cloud security (AWS/Azure), and the MITRE ATT&CK framework. Additional Skills: Experience with Vulnerability Assessment (VA) tools, Penetration Testing, and Web Application Testing is a significant bonus. Desired Qualifications: Mandatory ...