23 of 23 SOAR Jobs in London

threat detection, anomaly detection, and behavioural analysis. Playbook Development & Automation Design and implement incident response playbooks for scenarios such as phishing, lateral movement, and data exfiltration. Integrate playbooks with SOAR platforms (e.g., Microsoft Logic Apps, XSOAR) to streamline triage and automate response. Refine playbooks based on threat intelligence and incident insights. Threat Detection & Response Monitor and analyse security alerts and More ❯

QRadar. Onboard log sources from cloud/on-prem environments. Build detection and anomaly rules. Playbook Development & Automation: Design and implement automated response playbooks (phishing, lateral movement, exfiltration) with SOAR tools (e.g., Logic Apps, XSOAR). Threat Detection & Response: Investigate alerts, enrich detection logic with threat intel, coordinate incident response. Threat Modelling & Use Case Development: Apply MITRE ATT&CK, STRIDE More ❯

You will work with a modern SOC technology stack, including: SIEM: Microsoft Sentinel EDR/XDR: Microsoft Defender for Endpoint Threat Intel: Recorded Future Network Analysis: Wireshark/tcpdump SOAR & Automation: Palo Alto Cortex XSOAR, ServiceNow SecOps Vulnerability Management: Tenable Nessus/Tenable.io Other nice to have tools: Shodan, Censys, BloodHound, Metasploit, Cobalt Strike, MITRE ATT&CK Navigator Cloud Security More ❯

You will work with a modern SOC technology stack, including: SIEM: Microsoft Sentinel EDR/XDR: Microsoft Defender for Endpoint Threat Intel: Recorded Future Network Analysis: Wireshark/tcpdump SOAR & Automation: Palo Alto Cortex XSOAR, ServiceNow SecOps Vulnerability Management: Tenable Nessus/Tenable.io Other nice to have tools: Shodan, Censys, BloodHound, Metasploit, Cobalt Strike, MITRE ATT&CK Navigator Cloud Security More ❯

design input. Staying ahead of emerging threats and technologies to continuously improve SOC capabilities . What You’ll Bring: Strong experience in designing and implementing SOC platforms (e.g., SIEM, SOAR, EDR). Deep understanding of security operations workflows, threat intelligence, and incident response. Hands-on experience with tools like Splunk, Sentinel, QRadar, or similar. Ability to engage with both technical More ❯

design input. Staying ahead of emerging threats and technologies to continuously improve SOC capabilities . What You’ll Bring: Strong experience in designing and implementing SOC platforms (e.g., SIEM, SOAR, EDR). Deep understanding of security operations workflows, threat intelligence, and incident response. Hands-on experience with tools like Splunk, Sentinel, QRadar, or similar. Ability to engage with both technical More ❯

design input. Staying ahead of emerging threats and technologies to continuously improve SOC capabilities . What You’ll Bring: Strong experience in designing and implementing SOC platforms (e.g., SIEM, SOAR, EDR). Deep understanding of security operations workflows, threat intelligence, and incident response. Hands-on experience with tools like Splunk, Sentinel, QRadar, or similar. Ability to engage with both technical More ❯

design input. Staying ahead of emerging threats and technologies to continuously improve SOC capabilities . What You’ll Bring: Strong experience in designing and implementing SOC platforms (e.g., SIEM, SOAR, EDR). Deep understanding of security operations workflows, threat intelligence, and incident response. Hands-on experience with tools like Splunk, Sentinel, QRadar, or similar. Ability to engage with both technical More ❯

scripts in Python JavaScript or PowerShell is a plus Experience with security design and architecture, content development, workload automation and use-cases Experienced with technologies such as EDR, SIEM, SOAR, NGFW and their ecosystems Familiarity with cloud technologies, providers (such as GCP, AWS, Azure) Familiarity with attack surface management is a plus Experience in customer-facing roles (internal or external More ❯

in security visibility. Skills & Experience Required Demonstrated experience in cyber operations, detection & response , or building and running modern SOCs. Strong understanding of Security Information and Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR) platforms (e.g. Google SecOps, Chronicle, Siemplify). Proven experience in solution design , including development of HLD/LLD documentation and architectural blueprints. Familiarity with architecture More ❯

security across their infrastructure. Key responsibilities include managing MaiServers, Firewalls and Micorsoft Gateways. You will be involved in Managing WAF/DDoS, web/email security gateways, SIEM/SOAR/EDR (alert response), firewalls, MFA/SSO, MDM/MAM, vulnerability scans/remediation, security certificates, IDS/IPS, PAM, and deliver security awareness training. Remediate penetration test findings More ❯

with zero-trust security models and endpoint detection and response (EDR). Certifications such as CISSP, CISM, Microsoft Security certifications, or equivalent. Experience integrating device telemetry into SIEM and SOAR platforms. Who You'll Work With Work Environment & Additional Information: Hybrid or on-site work model. Occasional travel for global alignment or vendor engagements. Ability to operate in a fast More ❯

leader in safeguarding sensitive data and systems. Key Responsibilities/Duties Manage WAF and DDoS systems Manage the Web Security Gateway Manage the Email Security Gateway Manage the SIEM, SOAR, Identity Protection and EDR, and respond to alerts and threats. Carry out vulnerability scans, identify risks, and remediation. Manage the perimeter and VPN firewalls. Manage MFA and SSO. Manage MDM More ❯

resilient, resourceful, and relentless in your pursuit of product excellence. As a bonus, you understand and have built integrations for popular cybersecurity partner solutions, such as Splunk Enterprise, Splunk SOAR, Palo Alto Networks Cortex XSOAR, Microsoft Sentinel, Google SecOps, and/or others. About Dataminr At Dataminr, we are a mission driven team of talented builders, creators and visionaries who More ❯

deliver cutting-edge security solutions that address the evolving threat landscape, helping organisations to safeguard their critical assets. Deploy, manage and optimise SOC tools, including SIEM (e.g. Splunk, QRadar), SOAR (e.g. Cortex XSOAR, Phantom), EDR (e.g. CrowdStrike, SentinelOne), and other monitoring tools. Provide technical guidance to engineering teams on secure design and implementation. Develop playbooks and automation scripts to enhance … as necessary. Skills Extensive experience in SOC tools engineering plus one of Cloud Security, Identity & Access Management (IAM) or threat modelling. Hands-on experience with SOC tools, including SIEM, SOAR and EDR solutions. Strong experience in securing cloud platforms (AWS, Azure, GCP) and understanding of their native security services (preferred). Knowledge of IAM principles, tools (e.g., Okta, Azure AD More ❯

Ensure monitoring outputs are actionable, enriching detection and response activities and informing risk and compliance stakeholders. Technical Architecture & Integration Design and implement a continuous monitoring reference architecture, leveraging SIEM, SOAR, UEBA, and threat intelligence. Establish enterprise logging standards covering log coverage, retention, encryption, access, and integrity requirements. Drive automation of monitoring workflows and correlation logic to reduce dwell time and … years in cybersecurity operations, with at least 5 years in security monitoring, SOC leadership, or equivalent detection & response functions. Proven track record of building or maturing monitoring capabilities (SIEM, SOAR, telemetry pipelines, UEBA, threat intel integration). Knowledge of log ingestion, normalization, correlation, and enrichment processes. Familiarity with leading monitoring technologies: Splunk, DataDog, Microsoft Defender, CrowdStrike Falcon, Azure/AWS … security posture. Technical & Functional Expertise Develops and executes the continuous monitoring strategy, aligned to enterprise security goals and SecOPS direction. Demonstrates deep technical expertise in telemetry ingestion, SIEM/SOAR integration, log management, and threat intelligence enrichment. Serves as a recognized expert in monitoring and detection, providing guidance to peers and influencing related security domains. Codifies monitoring practices and standards More ❯

On average it takes 5 minutes to apply for this role. Kick-start your career in the online gaming world and experience the very latest in technology and innovation. Do you see yourself as one of those "out-of-the More ❯

be better, be more and ultimately, be more fulfilled. SOC Consultant Hybrid-3 days onsite Requirement: 10+ years of experience in Cyber security Designing & implementation on Network Security, SIEM, SOAR & Threat Intelligence. Key Responsibilities: Lead Sentinel Deployment for OT SOC Architect and implement Microsoft Sentinel across global OT environments to centralize security monitoring and incident response. Log Source Integration Configure … OT landscape. Incident Response Automation Design and implement playbooks using Logic Apps to automate incident response workflows for common OT security events. Execution of the use cases on SIEM, SOAR & Threat Intelligence Build custom workbooks and dashboards to visualize OT security posture, threat trends, and SOC performance metrics. More ❯

be better, be more and ultimately, be more fulfilled. SOC Consultant Hybrid-3 days onsite Requirement: 10+ years of experience in Cyber security Designing & implementation on Network Security, SIEM, SOAR & Threat Intelligence. Key Responsibilities: Lead Sentinel Deployment for OT SOC Architect and implement Microsoft Sentinel across global OT environments to centralize security monitoring and incident response. Log Source Integration Configure … OT landscape. Incident Response Automation Design and implement playbooks using Logic Apps to automate incident response workflows for common OT security events. Execution of the use cases on SIEM, SOAR & Threat Intelligence Build custom workbooks and dashboards to visualize OT security posture, threat trends, and SOC performance metrics. More ❯

be better, be more and ultimately, be more fulfilled. SOC Consultant Hybrid-3 days onsite Requirement: 10+ years of experience in Cyber security Designing & implementation on Network Security, SIEM, SOAR & Threat Intelligence. Key Responsibilities: Lead Sentinel Deployment for OT SOC Architect and implement Microsoft Sentinel across global OT environments to centralize security monitoring and incident response. Log Source Integration Configure … OT landscape. Incident Response Automation Design and implement playbooks using Logic Apps to automate incident response workflows for common OT security events. Execution of the use cases on SIEM, SOAR & Threat Intelligence Build custom workbooks and dashboards to visualize OT security posture, threat trends, and SOC performance metrics. More ❯

be better, be more and ultimately, be more fulfilled. SOC Consultant Hybrid-3 days onsite Requirement: 10+ years of experience in Cyber security Designing & implementation on Network Security, SIEM, SOAR & Threat Intelligence. Key Responsibilities: Lead Sentinel Deployment for OT SOC Architect and implement Microsoft Sentinel across global OT environments to centralize security monitoring and incident response. Log Source Integration Configure … OT landscape. Incident Response Automation Design and implement playbooks using Logic Apps to automate incident response workflows for common OT security events. Execution of the use cases on SIEM, SOAR & Threat Intelligence Build custom workbooks and dashboards to visualize OT security posture, threat trends, and SOC performance metrics. More ❯

Location: London (hybrid ad hoc) Pay: 450-475/day (inside IR35) A confidential client is seeking an experienced Splunk Consultant with strong expertise in Enterprise Security (ES) and SOAR to support and enhance their SIEM capabilities. This role is critical in delivering threat detection, investigation, and response capabilities, leveraging Splunk's advanced security and automation features. Responsibilities: - Implement and … and parsing from diverse platforms (eg Firewalls, endpoints) - Design and develop correlation searches and security use cases aligned to CIM and DMA - Build and manage response playbooks using Splunk SOAR - Implement and support Splunk ITSI dashboards and services - Monitor, tune, and maintain high-availability Splunk infrastructure - Automate repetitive tasks to improve operational efficiency - Work with Splunk apps and ensure seamless … onboarding projects, from small to enterprise scale - Support SOC operations with unified workflows, case management, and response plans Essential Skills & Experience: - Advanced knowledge of Splunk Enterprise (7/8), SOAR, and ITSI - Strong understanding of CIM, DMA, and security use case development - Proven experience with clustered Splunk deployments and multi-site architectures - Skilled in onboarding and parsing security data sources More ❯

involves using it as a SIEM to detect, investigate, and respond to security threats through features like incident investigation, 24/7 threat monitoring, automated response playbooks via Splunk SOAR, AI-powered agentic capabilities, and customizable analytics. Key aspects of this experience include data ingestion and correlation from diverse sources like Firewalls and endpoints, building correlation searches, creating and assigning … of Splunk in a multi-site clustering environment, understanding of CIM and DMA, Red Hat, Windows. Key Skills & Experience: * Candidate must be Excellent Splunk Enterprise 7/8., Splunk SOAR skills * Good ITSI implementation skill * Understanding of Installation, management, and support of Splunk 7/8, in a multi-site clustering environment * Hands on experience of security data sources on More ❯