1 to 25 of 45 SOAR Jobs in the UK

experience in cybersecurity or information security roles Strong understanding of network protocols, operating systems and enterprise security technologies Experience implementing and managing SIEM and SOAR platforms Knowledge of cybersecurity frameworks such as NIST, ISO27001, CIS benchmarks and Cyber Essentials Experience with threat intelligence frameworks such as MITRE ATT&CK and ...

Cloud, Azure) Active Directory, Group Policies, PowerShell Endpoint protection applications (Antivirus, Web Filtering, ATP, Encryption) IDP/IPS Systems SIEM tools (such as Splunk) SOAR is an added advantage Knowledge of malware capabilities, attack vectors and impact. Knowledge of the MITRE ATT&CK framework to understand threat actors and ...

clear, pragmatic security architecture guidance and influence technical and non technical stakeholders. Desirable • Scripting or automation experience (e.g. Python, PowerShell, Bash) and/or SOAR exposure. • Relevant certifications such as CISSP, CCSP, Security+, or GIAC. • Exposure to application security concepts is beneficial but not essential. ...

investigate incidents and deliver containment, remediation, and root cause analysis; produce high-quality intel-informed incident reports. Create and tune detections (e.g., SIEM/SOAR, EDR) using intelligence signals (TTPs, behaviors, YARA/Sigma where applicable). Produce and present consumable intelligence outputs (e.g., flash alerts, threat overviews, executive briefs ...

Cybersecurity role. Strong understanding of cyber defence practices and modern attack techniques. Hands-on experience with security technologies such as EDR, XDR, SIEM, SOAR, IDS, and IPS. Experience in vulnerability analysis, security alert analysis, incident response, and email threat analysis. Ability to read and understand scripting and query languages such ...

Cybersecurity role. Strong understanding of cyber defence practices and modern attack techniques. Hands-on experience with security technologies such as EDR, XDR, SIEM, SOAR, IDS, and IPS. Experience in vulnerability analysis, security alert analysis, incident response, and email threat analysis. Ability to read and understand scripting and query languages such ...

Center (MSSP) to ensure high‐fidelity alerting and low Mean Time to Resolve (MTTR). Tooling Optimization : Own the security stack (SIEM, EDR, XDR, SOAR). Ensure tools are integrated, automated, and providing maximum ROI rather than just generating “noise.” Automation : Drive a “Detection as Code” philosophy to automate repetitive ...

Sentinel, Microsoft Purview, Defender suite, and Entra ID Security Operations (SecOps) expertise covering monitoring, triage, investigation, and incident response Microsoft Sentinel for advanced SIEM, SOAR, and threat detection use cases Identity and Access Management (IAM) including privileged access management and Zero Trust principles Endpoint, email, and cloud threat protection using ...

integrating various commercial and open source OSINT, and internal intelligence feeds. Expertise in security operations, threat detection methodologies, and managing defensive platforms (SIEM, EDR, SOAR). Exposure to or direct experience with reverse engineering malware and defensive tool bypasses to inform intelligence gathering and improve detection methods. Advanced understanding ...

with NCC Group to enhance Splunk dashboards, alerts, and detections Act as the technical escalation point for high-severity security incidents Develop automation and SOAR workflows to improve response effectiveness Conduct proactive threat hunting activities Mentor and upskill the internal security team across tools and threat analysis Skills & Experience Required ...

with NCC Group to enhance Splunk dashboards, alerts, and detections Act as the technical escalation point for high-severity security incidents Develop automation and SOAR workflows to improve response effectiveness Conduct proactive threat hunting activities Mentor and upskill the internal security team across tools and threat analysis Skills & Experience Required ...

Falcon deployment, configuration, and optimisation Enhancing Splunk SIEM dashboards, alerts, and threat detection capabilities Acting as a senior escalation point for incident response Driving SOAR automation to improve response times Conducting proactive threat hunting Upskilling internal teams across CrowdStrike, Splunk, and security analysis What we’re looking for: 5+ years ...

deployment, configuration, and optimisation Design and enhance Splunk SIEM dashboards, alerts, and data models Act as an escalation point for major cyber incidents Develop SOAR automation workflows to improve response times Conduct proactive threat hunting using advanced queries Work closely with SOC partner to optimise security operations Provide training and ...

Response: Act as escalation point for high-priority incidents, driving rapid containment Threat Hunting: Proactively identify hidden threats using advanced queries and telemetry Automation (SOAR): Build workflows to streamline response and reduce manual effort Capability Building: Upskill internal teams across CrowdStrike, Splunk, and security analysis Required Experience 5+ years ...

Response: Act as escalation point for high-priority incidents, driving rapid containment Threat Hunting: Proactively identify hidden threats using advanced queries and telemetry Automation (SOAR): Build workflows to streamline response and reduce manual effort Capability Building: Upskill internal teams across CrowdStrike, Splunk, and security analysis Required Experience 5+ years ...

related services. Integrate security into DevOps pipelines, CI/CD, infrastructure-as-code, and container workflows. Automate threat detection and response using Microsoft Sentinel SOAR, custom playbooks, and telemetry pipelines. Platform Security Oversight Own and optimise endpoint security through Intune, ensuring device compliance and integration with Zero Trust. Harden ...

content lifecycle: design, test, deploy, monitor, tune and retire, using version control and rollback processes. Automate workflows and platform configurations using CI/CD, SOAR, scripting and Infrastructure as Code tools such as Terraform and Ansible. Ensure platform performance, stability and resilience through capacity planning, high availability, disaster recovery and ...

design and enhance Splunk dashboards, alerts, and data models Act as escalation point for high-severity incidents, driving rapid detection and response Develop SOAR workflows to automate and streamline security operations Conduct proactive threat hunting to identify hidden risks Upskill internal teams in CrowdStrike, Splunk, and security analysis best practices ...

design and enhance Splunk dashboards, alerts, and data models Act as escalation point for high-severity incidents, driving rapid detection and response Develop SOAR workflows to automate and streamline security operations Conduct proactive threat hunting to identify hidden risks Upskill internal teams in CrowdStrike, Splunk, and security analysis best practices ...

CISSP, CISM, SANS) with ongoing professional development. Experience with cloud security controls and monitoring (e.g., Microsoft 365/Azure). Experience with SIEM/SOAR, detection engineering or incident automation. Experience implementing IAM tooling and access governance (e.g., PAM, IGA). Experience commissioning security testing and remediation programmes (e.g. ...

managing and operating FortiGate firewalls ·Proven experience with Active Directory/Azure AD, including patch and group policy management ·Cloud native SIEM, SOCs and SOAR ·Windows Server, Windows 11, and Microsoft Application Suite ·Experience with adoption of Infrastructure-as-Code (IaC) utilising technologies such as Terraform and Ansible. ·Mobile Device ...

across multiple environments Create, tune, and improve detection rules and use cases to identify threats quickly Support incident triage, investigations, and response activities Build SOAR-style workflows to improve response speed, consistency, and efficiency Cloud Security Implement and enhance security controls across AWS and Azure environments Review cloud configurations … Experience with SIEM platforms such as Microsoft Sentinel, Elastic, Splunk, or similar Strong knowledge of detection engineering, alert tuning, and log management Experience with SOAR or security automation tooling Scripting skills in Python and/or PowerShell Experience with EDR, endpoint security, and identity controls Good knowledge of networking, firewalls ...

technical escalation point for high-priority security incidents, utilizing EDR and SIEM tools for rapid containment. Automation: Develop "SOAR" workflows (Security Orchestration, Automation, and Response) to reduce manual intervention and improve response times. Threat Hunting: Proactively search for undetected malicious activity using specialized queries. Training . Build up the Crowdstrike ...

Advanced knowledge of SIEM operations, detection engineering, and RBA Experience with large-scale data ingestion, enrichment, and pipeline design Familiarity with automation tools, SOAR, Terraform/Ansible, and CI/CD Excellent communication, stakeholder management, and problem-solving skills This is a great opportunity to play a key role ...

Implement identity access control measures and DLP controls Respond to Tier 3 security incidents Monitor threat intelligence Participate in pentests Engineer Microsoft Sentinel detections & SOAR playbooks Cyber Security Engineer: Technical Experience Microsoft Security: Defender of Endpoint, Identity, Cloud Apps, Office 365 Azure AD Microsoft Purview Cloud & Endpoint Security Azure Sentinel ...