1 to 25 of 224 MITRE ATT&CK Jobs in the UK excluding London

using SIEM and EDR solutions. Fine-tune SIEM detection rules, correlation alerts, and log sources to reduce false positives. Analyse threat intelligence feeds, map findings to MITRE ATT&CK framework, and provide actionable security recommendations. Collaborate with SOC teams to investigate alerts, escalate incidents, and improve detection mechanisms. Conduct adversary simulation exercises to test and … minimal levels of supervision. Threat Hunting & Detection (IOC & IOA Analysis, TTP Profiling, Cyber Kill Chain) SIEM Fine-Tuning & Optimisation (QRadar, Splunk, Sentinel, ArcSight) Incident Response & Forensics (MITRE ATT&CK, DFIR, Log Analysis) Threat Intelligence Analysis Security Analytics & Automation (SOAR, YARA Rules, Sigma Rules) Malware Analysis & Reverse Engineering Network & Endpoint Security Monitoring (EDR, IDS/IPS More ❯

using SIEM and EDR solutions. Fine-tune SIEM detection rules, correlation alerts, and log sources to reduce false positives. Analyse threat intelligence feeds, map findings to MITRE ATT&CK framework, and provide actionable security recommendations. Collaborate with SOC teams to investigate alerts, escalate incidents, and improve detection mechanisms. Conduct adversary simulation exercises to test and … operations or on call. Threat Hunting & Detection (IOC & IOA Analysis, TTP Profiling, Cyber Kill Chain) SIEM Fine-Tuning & Optimisation (QRadar, Splunk, Sentinel, ArcSight) Incident Response & Forensics (MITRE ATT&CK, DFIR, Log Analysis) Threat Intelligence Analysis Security Analytics & Automation (SOAR, YARA Rules, Sigma Rules) Malware Analysis & Reverse Engineering Network & Endpoint Security Monitoring (EDR, IDS/IPS More ❯

using SIEM and EDR solutions. Fine-tune SIEM detection rules, correlation alerts, and log sources to reduce false positives. Analyse threat intelligence feeds, map findings to MITRE ATT&CK framework, and provide actionable security recommendations. Collaborate with SOC teams to investigate alerts, escalate incidents, and improve detection mechanisms. Conduct adversary simulation exercises to test and … operations or on call. Threat Hunting & Detection (IOC & IOA Analysis, TTP Profiling, Cyber Kill Chain) SIEM Fine-Tuning & Optimisation (QRadar, Splunk, Sentinel, ArcSight) Incident Response & Forensics (MITRE ATT&CK, DFIR, Log Analysis) Threat Intelligence Analysis Security Analytics & Automation (SOAR, YARA Rules, Sigma Rules) Malware Analysis & Reverse Engineering Network & Endpoint Security Monitoring (EDR, IDS/IPS More ❯

Digital Forensics, Incident Response, or Ethical Hacking (e.g., GCIH, CEH, GCFE, GCFA, and CFCE). Knowledge of main concepts related to the Incident Response Life Cycle, MITRE ATT&CK Framework, Cyber Kill Chain, and other cybersecurity frameworks. High-level understanding of common intrusion methods and cyber-attack tactics, techniques, and procedures (TTPs), and common industry More ❯

level and technical customer facing information. Confidence providing critical/sensitive information accurately. Contacting key stakeholders during major incidents. Incident Analysis and Response: Awareness of the MITRE ATT&CK framework. Pedigree in performing in-depth analysis of security alerts. Assess customer impact through investigation and work with senior analysts for resolution. Liaise with CIRT for More ❯

development. Experience with Infrastructure as Code (IaC) tools, particularly Terraform. Solid understanding of security monitoring, logging, and alerting concepts. Familiarity with common security frameworks (e.g., NIST, MITRE ATT&CK, OWASP Top 10). Preferred Qualifications Google Professional Cloud Security Engineer certification or equivalent (e.g., CISSP, CISM, AWS/Azure Security Certs). Experience with incident More ❯

command organisation or reporting structure and in security solution design and security architecture experience; working as a security architect with business partners Detailed understanding of the MITRE ATT&CK and D3fend Framework and the Cyber Kill Chain Detailed understanding of using Cyber Threat Intelligence in support of a Managed Security Service organisation An understanding of More ❯

. Solid understanding of network protocols and infrastructure (e.g. TCP/IP , VPNs , firewalls ). Skilled in incident response and threat intelligence analysis . Familiarity with Mitre Att&ck framework and advanced threat detection techniques. Excellent analytical and problem-solving capabilities. Able to provide mentorship and leadership within a SOC team. Desirable (Nice-to-Have … SIEM platforms ( Microsoft Sentinel , Splunk ). Leading incident response and driving improvements in detection and containment strategies. Tuning and maintaining detection rules, using threat frameworks like Mitre Att&ck . Collaborating with colleagues to enhance the overall capability and resilience of the Security Operations Centre . Staying abreast of cyber threat developments and contributing to More ❯

advanced SIEM platforms (Microsoft Sentinel, Splunk) Leading incident response and driving improvements in detection and containment strategies Tuning and maintaining detection rules, using threat frameworks like Mitre Att&ck Collaborating with colleagues to enhance the overall capability and resilience of the Security Operations Centre Staying abreast of cyber threat developments and contributing to best practices … Sentinel and Splunk Solid understanding of network protocols and infrastructure (eg TCP/IP, VPNs, Firewalls) Skilled in incident response and threat intelligence analysis Familiarity with Mitre Att&ck framework and advanced threat detection techniques Excellent analytical and problem-solving capabilities The ability to provide mentorship and leadership within a SOC team To apply for More ❯

Sentinel and Splunk Solid understanding of network protocols and infrastructure (e.g. TCP/IP , VPNs , firewalls ) Skilled in incident response and threat intelligence analysis Familiarity with Mitre Att&ck framework and advanced threat detection techniques Excellent analytical and problem-solving capabilities Able to provide mentorship and leadership within a SOC team Desirable (Nice-to-Have … advanced SIEM platforms ( Microsoft Sentinel , Splunk ) Leading incident response and driving improvements in detection and containment strategies Tuning and maintaining detection rules, using threat frameworks like Mitre Att&ck Collaborating with colleagues to enhance the overall capability and resilience of the Security Operations Centre Staying abreast of cyber threat developments and contributing to best practices More ❯

Sentinel and Splunk Solid understanding of network protocols and infrastructure (e.g. TCP/IP , VPNs , firewalls ) Skilled in incident response and threat intelligence analysis Familiarity with Mitre Att&ck framework and advanced threat detection techniques Excellent analytical and problem-solving capabilities Able to provide mentorship and leadership within a SOC team Desirable (Nice-to-Have … advanced SIEM platforms ( Microsoft Sentinel , Splunk ) Leading incident response and driving improvements in detection and containment strategies Tuning and maintaining detection rules, using threat frameworks like Mitre Att&ck Collaborating with colleagues to enhance the overall capability and resilience of the Security Operations Centre Staying abreast of cyber threat developments and contributing to best practices More ❯

Threat Hunting & Detection Engineering - Perform proactive threat hunting using KQL within Microsoft Sentinel. - Develop and fine-tune custom analytics rules, workbooks, and hunting queries. - Apply the MITRE ATT&CK framework to build coverage and improve threat visibility. Security Engineering & Platform Management - Onboard and integrate new data sources into Microsoft Sentinel, ensuring accurate log ingestion and More ❯

Cryptography, End User Computing, IAM, PKI, Server hardening, SIEM, SOAR, virtualisation (VMware) Participate in pre-sales tasks and perform ongoing support of delivery collateral. Familiarity with MITRE ATT&CK Familiarity with ITIL Who we are: We're a business with a global reach that empowers local teams, and we undertake hugely exciting work that is More ❯

as a point of contact for intrusion analysis, forensics, and incident response queries. Managing ADHOC and regular products during capacity constraints. Knowledge of Cyber Kill Chain, MITRE ATT&CK, and developing new analytics and playbooks. Requirements Technical: 3+ years in Cyber Threat Intelligence, research, and investigation. Experience in incident response and management. Understanding of threats More ❯

Experience: Extensive experience in planning and executing CTM exercises for on-prem as well cloud-hosted applications or environments. Experience with CTM frameworks like STRIDE, PASTA, MITRE ATT&CK etc. Experience in conducting assessments against common security standards like ISO27001, NIST CSF, NIST 800-53, CIS benchmarks etc. Experience in assessing, documenting and managing cyber More ❯

sufficient quality for distribution In-depth knowledge of the various techniques and frameworks used within the Cyber Threat Intelligence Domain, Including the Cyber Kill Chain and MITRE ATT&CK Development of new analytics and playbooks that result in creation of new detection rules/analytics Requirements Technical 3+ years’ experience in Cyber Threat Intelligence, and More ❯

sufficient quality for distribution In-depth knowledge of the various techniques and frameworks used within the Cyber Threat Intelligence Domain, Including the Cyber Kill Chain and MITRE ATT&CK Development of new analytics and playbooks that result in creation of new detection rules/analytics Requirements Technical 3+ years' experience in Cyber Threat Intelligence, and More ❯

scalable applications using modern full-stack development tools and frameworks. · Collaborate with cybersecurity teams to build and enhance detection and mitigation systems based on frameworks like MITRE ATT&CK. · Develop and maintain data pipelines, APIs, dashboards, and visualization tools to support AI model insights. · Write clean, well-documented, and secure code using Python, C C#, or R. … Information Technology, or related field. · 3 years of experience in a cybersecurity operations or similar function. · Strong knowledge of cybersecurity principles, frameworks, and threat intelligence (e.g., MITRE ATT&CK). · Proficient in AI/ML technologies, including Natural Language Processing, Generative AI, and Machine Learning algorithms. · Experienced in full-stack development with proficiency in Python More ❯

off the cloud’ using Microsoft Graph API, app registrations, and managed identities. Ability to research and learn new tools and techniques quickly. Good understanding of the MITRE ATT&CK Framework. Strong knowledge of networking concepts and protocols (TCP/IP, UDP, DNS, DHCP, HTTP). Experience in Intrusion Analysis on Windows Devices and Azure Cloud More ❯

Summary Threat Detection and Monitoring: Design, build, and own a formal threat hunting program with a strong emphasis on hypothesis-based hunting methodologies. Use threat intelligence, MITRE ATT&CK, and risk models to form hypotheses and validate them through structured hunts. Leverage Jupyter Notebooks and other tools to automate hunts, visualise results, and create reusable … They have 3–5+ years of hands-on experience in Threat Hunting, Red Team, Blue Team, or Incident Response roles, with a deep understanding of the MITRE ATT&CK framework and a proven ability to detect and investigate advanced threats beyond signature-based solutions. Adept at leveraging Splunk for data analysis and detection development, they … you Minimum Requirements Minimum 3-5 + years of experience within a Threat Hunter, Red Team, Incident Response, or Blue Team role. Solid understanding of the MITRE ATT&CK framework, TTP analysis, and adversary emulation. Deep familiarity with hypothesis-driven threat hunting frameworks and methodologies. Ability to work autonomously while collaborating across security, engineering, and More ❯

Summary Threat Detection and Monitoring: Design, build, and own a formal threat hunting program with a strong emphasis on hypothesis-based hunting methodologies. Use threat intelligence, MITRE ATT&CK, and risk models to form hypotheses and validate them through structured hunts. Leverage Jupyter Notebooks and other tools to automate hunts, visualise results, and create reusable … They have 3–5+ years of hands-on experience in Threat Hunting, Red Team, Blue Team, or Incident Response roles, with a deep understanding of the MITRE ATT&CK framework and a proven ability to detect and investigate advanced threats beyond signature-based solutions. Adept at leveraging Splunk for data analysis and detection development, they … you Minimum Requirements Minimum 3-5 + years of experience within a Threat Hunter, Red Team, Incident Response, or Blue Team role. Solid understanding of the MITRE ATT&CK framework, TTP analysis, and adversary emulation. Deep familiarity with hypothesis-driven threat hunting frameworks and methodologies. Ability to work autonomously while collaborating across security, engineering, and More ❯

/and trusted external stakeholders. Collaboration and Support • Supporting Security Operations, Threat Hunting, and engineering teams through prioritised intelligence requirements. • Aligning to cyber frameworks such as MITRE ATT&CK, Cyber Kill Chain, Pyramid of Pain, and Diamond Model to contextualise threats. Continuous Learning and Adaptation • Staying current on threat trends, tools, and techniques to ensure … query languages. • Experience of intelligence collection and processing techniques, including OSINT. • Exposure to Structured Analytic Techniques (like ACH) and quantitative methods. • Application of cyber frameworks like MITRE ATT&CK, Cyber Kill Chain, and Diamond Model in pursuit of producing high-quality intelligence. • Assisting with malware triage, including static and dynamic analysis, to identify and mitigate More ❯

firewalls). Analytical Skills: Proficiency in analysing log sources and data normalization using platforms such as Splunk, Elastic, or similar. Frameworks & Methodologies: Deep knowledge of the MITRE ATT&CK framework, Cyber Kill Chain, NIST, and related methodologies. Communication: Excellent verbal and written communication skills, with the ability to work both independently and collaboratively. Desirable Certifications More ❯

traffic, and endpoint telemetry Supporting containment and recovery efforts during active security incidents Continuously enhancing SOC capabilities, tooling, and detection rules using threat-informed approaches like MITRE ATT&CK Producing detailed incident reports and documentation for both technical and non-technical stakeholders Assisting with threat intelligence activities as needed Staying current on evolving threats, attack … will have: Hands-on experience working in a Security Operations Centre (SOC) Solid knowledge of SIEM tools such as Microsoft Sentinel or Splunk Familiarity with the MITRE ATT&CK framework and threat detection methodologies Strong analytical skills with a keen eye for detail in log analysis and network monitoring Basic understanding of enterprise security architecture More ❯

as use of Microsoft Graph API, app registrations and managed identities · Ability to quickly research and learn about new tools and techniques · Good working knowledge of MITRE ATT&CK Framework Good working knowledge of networking concepts & protocols (TCP/IP, UDP, DNS, DHCP, HTTP, etc.) · Intrusion Analysis on Windows Devices and Azure Cloud Architecture. · Relevant More ❯