1 to 25 of 49 Threat Analysis Jobs in the UK

Tier 2 SOC Analyst - Cyber Threat Analysis Center Job Description: The Tier 2 Cyber Security Analyst is a mid-tier position within the Cyber Threat Analysis Centre (CTAC), responsible for advancing the initial work conducted by Tier 1 Analysts and providing more in-depth analysis … Analyst works closely with senior and junior analysts to ensure a seamless SOC operation and acts as a bridge between foundational and advanced threat detection and response functions. Responsibilities: Conduct escalated triage and analysis on security events identified by Tier 1 Analysts, determining threat severity and advising … on initial response actions. Apply expertise in SIEM solutions utilizing Kusto Query Language (KQL), to perform log analysis, event correlation, and thorough documentation of security incidents. Identify and escalate critical threats to Tier 3 Analysts with detailed analysis for further action, ensuring rapid response and adherence to service More ❯

Job Description: Cyber Threat Analyst Roles and Responsibilities Tier 2 Analyst You must hold a UK passport only due to the security clearance; we can only accept single national status (2nd passport holders, OCI & ILR candidates can't be accepted) and you must have been in the UK for … least 6 months working experience in SIEM technologies. Job Description The Tier 2 Cyber Security Analyst is a mid-Tier position within the Cyber Threat Analysis Centre (CTAC), responsible for advancing the initial work conducted by Tier 1 Analysts and providing more in-depth analysis of potential … Analyst works closely with senior and junior analysts to ensure a seamless SOC operation and acts as a bridge between foundational and advanced threat detection and response functions. Responsibilities: Conduct escalated triage and analysis on security events identified by Tier 1 Analysts, determining threat severity and advising More ❯

to protect and preserve the ability of HMRC to function and serve the public against threats posed by possible cyber-attacks is critical. Cyber Threat Operations (CTO) is part of the Cyber Security Delivery (CSD) function in HMRC Security. CTO covers a diverse range of responsibilities across the span … of anti-phishing, brand abuse management, cyber threat intelligence, data science, and threat hunting. We are seeking an G7 Cyber Threat Intelligence Lead, who will report to the G6 Head of CTO. The successful candidate will manage three SO Cyber Threat Intelligence Managers and one SO … Threat Hunting Manager. Job descriptionAs the Cyber Threat Intelligence Lead, on a day-to-day basis you will be overseeing and directing the work of Cyber Threat Intelligence and Threat Hunting which will involve: Overseeing the delivery of high quality cyber threat analysis at More ❯

to protect and preserve the ability of HMRC to function and serve the public against threats posed by possible cyber-attacks is critical. Cyber Threat Operations (CTO) is part of the Cyber Security Delivery (CSD) function in HMRC Security. CTO covers a diverse range of responsibilities across the span … of anti-phishing, brand abuse management, cyber threat intelligence, data science, and threat hunting. We are seeking an G7 Cyber Threat Intelligence Lead, who will report to the G6 Head of CTO. The successful candidate will manage three SO Cyber Threat Intelligence Managers and one SO … Threat Hunting Manager. Job description As the Cyber Threat Intelligence Lead, on a day-to-day basis you will be overseeing and directing the work of Cyber Threat Intelligence and Threat Hunting which will involve: Overseeing the delivery of high quality cyber threat analysis More ❯

to protect and preserve the ability of HMRC to function and serve the public against threats posed by possible cyber-attacks is critical. Cyber Threat Operations (CTO) is part of the Cyber Security Delivery (CSD) function in HMRC Security. CTO covers a diverse range of responsibilities across the span … of anti-phishing, brand abuse management, cyber threat intelligence, data science, and threat hunting. We are seeking an G7 Cyber Threat Intelligence Lead, who will report to the G6 Head of CTO. The successful candidate will manage three SO Cyber Threat Intelligence Managers and one SO … Threat Hunting Manager. Job description As the Cyber Threat Intelligence Lead, on a day-to-day basis you will be overseeing and directing the work of Cyber Threat Intelligence and Threat Hunting which will involve: Overseeing the delivery of high quality cyber threat analysis More ❯

Job Description: Cyber Threat Analyst Roles and Responsibilities You must hold a UK passport only due to the security clearance; we can only accept single national status (2nd passport holders, OCI & ILR candidates can't be accepted) and you must have been in the UK for the last … The Tier 1 Cyber Security Analyst plays a critical role in the initial triage, monitoring, and reporting of potential cyber threats within the Cyber Threat Analysis Centre (CTAC). Working under the guidance of more senior analysts, the Tier 1 Analyst will use their foundational knowledge of security … and event management (SIEM) solutions to support the security operations team. They will also be proficient in utilizing Kusto Query Language (KQL) for log analysis and gain experience using multiple ticketing systems to manage incidents effectively, ensuring that we adhere to our service level objectives. Responsibilities: Monitor and review More ❯

London, England, United Kingdom Corporate Functions Add to Favorites Incident Response Engineer - Threat Analysis Description Apple is seeking a security professional to join its Information Security Response Organization, as part of the Threat Analysis and Incident Response function. A successful candidate will possess a proven technical … Response, Security Engineering, and/or Intrusion Detection Proficient understanding of incident response automation strategies, with demonstrated ability to implement them Proficient understanding of threat modeling, operational threat intelligence, and common attack vectors Knowledge of web application vulnerabilities with ability to triage/verify OWASP Top 10 issues More ❯

The Tier 1 Cyber Security Analyst plays a critical role in the initial triage, monitoring, and reporting of potential cyber threats within the Cyber Threat Analysis Centre (CTAC). Working under the guidance of more senior analysts, the Tier 1 Analyst will use their foundational knowledge of security … and event management (SIEM) solutions to support the security operations team. They will also be proficient in utilizing Kusto Query Language (KQL) for log analysis and gain experience using multiple ticketing systems to manage incidents effectively, ensuring that we adhere to our service level objectives. Responsibilities: Monitor and review … as the first line of response for security incidents by identifying, validating, and classifying potential threats, escalating to higher tiers when necessary. Perform preliminary analysis on alerts to determine false positives and escalate confirmed incidents based on pre-defined criteria. Create and manage incident tickets in the system to More ❯

watchTowr's alignment to numerous industry standards, including ISO27001 and SOC2 Type 2, while going steps further where relevant due to watchTowr's unique threat model. You will oversee security monitoring, threat analysis, threat hunting, penetration testing, and vulnerability management to align cyber risk management with More ❯

of cybersecurity with intelligence, passion, and excellence! In this role you will be responsible for: • Independent implementation of customer projects in areas such as Threat Analysis, Secure Software Development Lifecycle, Web Application Security, DevSecOps, and Secure Network Design. • Assist customers in developing security-relevant concepts and making architectural … can be hybrid in Austria or Germany Essential: • Relevant degree e.g. Computer Science, Cyber Security • 5 years professional experience in two or more of: Threat Analysis, Secure Software Development Lifecycle, Web Application Security, DevSecOps, Secure Network Design • Passion for Cyber Security • Good communication skills • Minimum C1 German and More ❯

severity incidents. Create and update security event investigation notes, report on open cases, and maintain case data in the Incident Response Management platform. Monitor threat and vulnerability news services for any relevant information that may impact installed infrastructure. Analyse reports to understand threat campaign(s) techniques, lateral movements … and extract indicators of compromise (IOCs). Continuous engagement with the Threat Intelligence and 24x7 Monitoring teams. Provide ad-hoc on-call support to review threats and response actions for off-hour critical incident response. What you'll need Job Complexity: Works on and may lead projects or a … education or equivalent in Information Security, Forensics, or Computer Science; related experience and/or training in the field of IT security monitoring and analysis, cyber threat analysis, and vulnerability analysis. A Global Information Assurance Certification (GIAC) Certified Incident Handler (GCIH), GIAC Certified Intrusion Analyst (GCIA), or More ❯

Consultancy company, based in Glasgow, on multiple workstreams of a variety of complexity and scale. This is a mid-Tier position within the Cyber Threat Analysis Centre (CTAC), responsible for advancing the initial work conducted by Tier 1 Analysts and providing more in-depth analysis of potential … Analyst will work closely with senior and junior analysts to ensure a seamless SOC operation and act as a bridge between foundational and advanced threat detection and response functions. This is a full-time on-site role, covering a 24x7 shift pattern, which will come with a shift allowance. … have active SC, moving to DV clearance and must have at least 6 months working experience in SIEM technologies. Responsibilities: Conduct escalated triage and analysis on security events identified by Tier 1 Analysts Apply expertise in SIEM solutions utilising Kusto Query Language (KQL) Identify and escalate critical threats to More ❯

Consultancy company, based in Glasgow, on multiple workstreams of a variety of complexity and scale. This is a mid-Tier position within the Cyber Threat Analysis Centre (CTAC), responsible for advancing the initial work conducted by Tier 1 Analysts and providing more in-depth analysis of potential … Analyst will work closely with senior and junior analysts to ensure a seamless SOC operation and act as a bridge between foundational and advanced threat detection and response functions. This is a full-time on-site role, covering a 24x7 shift pattern, which will come with a shift allowance. … have active SC, moving to DV clearance and must have at least 6 months working experience in SIEM technologies. Responsibilities: Conduct escalated triage and analysis on security events identified by Tier 1 Analysts Apply expertise in SIEM solutions utilising Kusto Query Language (KQL) Identify and escalate critical threats to More ❯

Erskine/Farnborough (Complete Remote is fine) Job Description Summary - The Tier 2 Cyber Security Analyst is a mid-Tier position within the Cyber Threat Analysis Centre (CTAC), responsible for advancing the initial work conducted by Tier 1 Analysts and providing more in-depth analysis of potential … Analyst works closely with senior and junior analysts to ensure a seamless SOC operation and acts as a bridge between foundational and advanced threat detection and response functions. Experience Required Understands advanced networking concepts, including IP addressing, basic network protocols, and how traffic flows within a network. Advanced knowledge … operating environments, including standard commands, file systems, and user authentication mechanisms. Competence in using SIEM solutions (e.g., ArcSight, Azure Sentinel) for monitoring and log analysis; some exposure to additional analysis tools such as basic XDR platforms. Able to demonstrate proficient knowledge using Kusto Query Language (KQL) to search More ❯

Erskine/Farnborough (Complete Remote is fine) Job Description Summary - The Tier 2 Cyber Security Analyst is a mid-Tier position within the Cyber Threat Analysis Centre (CTAC), responsible for advancing the initial work conducted by Tier 1 Analysts and providing more in-depth analysis of potential … Analyst works closely with senior and junior analysts to ensure a seamless SOC operation and acts as a bridge between foundational and advanced threat detection and response functions. Experience Required Understands advanced networking concepts, including IP addressing, basic network protocols, and how traffic flows within a network. Advanced knowledge … operating environments, including standard commands, file systems, and user authentication mechanisms. Competence in using SIEM solutions (e.g., ArcSight, Azure Sentinel) for monitoring and log analysis; some exposure to additional analysis tools such as basic XDR platforms. Able to demonstrate proficient knowledge using Kusto Query Language (KQL) to search More ❯

threats utilising a number of different SIEM & EDR tools. Responsibilities To be a key member of Security Operations Centre (SOC) and provide real-time threat analysis and detection. Respond to system generated alerts, analyse logs and traffic patterns. Provide analysis and trending of security log data from … possibility of system breaches. Other duties as assigned. About You Requirements A passion for Cyber Security and enjoys solving problems. Knowledge of the security threat landscape. Knowledge of various security methodologies and processes, and technical security solutions (firewall and intrusion detection systems). Knowledge of TCP/IP Protocols … network analysis, and network/security applications. Knowledge of common Internet protocols and applications. Ability to multi-task, prioritize, and manage time effectively. Ability to cope successfully under pressure and with shifting priorities. Ability to work on a shift rota. Strong attention to detail. Excellent interpersonal skills and professional More ❯

of complexity and scale. The role plays a critical role in the initial triage, monitoring, and reporting of potential cyber threats within the Cyber Threat Analysis Centre (CTAC). Tier 1 Analysts will use their foundational knowledge of security information and event management (SIEM) solutions, to support the … in using multiple ticketing systems to manage incidents effectively, ensuring service level objectives are adhered to. Experience utilising Kusto Query Language (KQL) for log analysis will also be beneficial. This is a full-time on-site role, covering a 24x7 shift pattern, which will come with a shift allowance. … Act as the first line of response for security incidents by identifying and classifying potential threats, escalating to higher tiers when necessary. Perform preliminary analysis on alerts. Create and manage incident tickets to track incident status Conduct and document formal handover/takeover procedures at the beginning and end More ❯

a passion to be part of a fast-paced, successful team. This is a hands-on technical lead role, requiring expertise in security assessments, threat detection and incident response. We are looking for someone with a solid technical background who is willing to take on a broader remit and … Strong understanding of cloud security (AWS, Azure, Google Cloud), network security, and endpoint protection Hands-on experience with SIEM tools, intrusion detection, firewalls, and threat analysis Knowledge of identity and access management (IAM), zero-trust architectures, and encryption techniques Experience conducting vulnerability assessments, and risk analysis Strong More ❯

the forefront of safeguarding Industrial Control Systems and SCADA networks from evolving cyber threats. Key Responsibilities: Monitor and assess OT cybersecurity systems, ensuring effective threat detection and response. Conduct threat analysis and vulnerability assessments to support incident response activities. Develop and implement incident response plans tailored to … Skills & Experience: Strong understanding of OT/ICS cybersecurity or relevant control systems (SCADA/PLC) – training provided where required. Experience with network security, threat detection, and incident response. Knowledge of security frameworks and regulations including NIST, IEC, NIS Directive, and Cyber Kill Chain. Analytical mindset with the ability More ❯

operational improvements, working onsite, leading and mentoring a small team. Responsibilities: Monitoring, triaging, and investigating alerts across host and network security systems Performing deep analysis of traffic, logs, and system events to identify threats and vulnerabilities Providing mentoring & line management to SOC Analysts Enhancing team knowledge across SOC tooling … detection methodologies, and threat triage Analyse and optimise detection rules and use cases based on Mitre Att&ck Maintaining detailed and up-to-date incident documentation, findings, and mitigation strategies Acting as a representative of the SOC in key meetings and internal stakeholder engagements Skills and Experience required for … Level 2 Strong familiarity with SIEM platforms including Microsoft Sentinel and Splunk Knowledge and use of the Mitre Att&ck Framework for detection and threat analysis Experience of static malware analysis and reverse engineering (desirable) Scripting or programming with Python, Perl, Bash, PowerShell or C++ (desirable not More ❯

operational improvements, working onsite, leading and mentoring a small team. Responsibilities: Monitoring, triaging, and investigating alerts across host and network security systems Performing deep analysis of traffic, logs, and system events to identify threats and vulnerabilities Providing mentoring & line management to SOC Analysts Enhancing team knowledge across SOC tooling … detection methodologies, and threat triage Analyse and optimise detection rules and use cases based on Mitre Att&ck Maintaining detailed and up-to-date incident documentation, findings, and mitigation strategies Acting as a representative of the SOC in key meetings and internal stakeholder engagements Skills and Experience required for … Level 2 Strong familiarity with SIEM platforms including Microsoft Sentinel and Splunk Knowledge and use of the Mitre Att&ck Framework for detection and threat analysis Experience of static malware analysis and reverse engineering (desirable) Scripting or programming with Python, Perl, Bash, PowerShell or C++ (desirable not More ❯

tools. * Cloud Security Design & Integration: Implement and optimize Microsoft Defender for Cloud to enhance cloud security posture, detect misconfigurations, and enforce compliance. * Log Management & Analysis: Oversee the ingestion, parsing, and normalization of security logs from Azure, AWS, M365, and hybrid environments to improve threat visibility. * Security Event Correlation … Automation: Develop advanced correlation rules, alerts, playbooks, and automation workflows using Sentinel, KQL, and SOAR integrations to enhance threat detection and response capabilities. * Cloud Threat Protection: Monitor, analyse, and strengthen security postures across cloud platforms, utilising Defender for Cloud and SIEM insights. * Compliance & Governance: Ensure alignment with industry … best practices, regulatory frameworks, and internal security policies for cloud security. * Threat Intelligence & Enrichment: Integrate threat intelligence feeds with Sentinel and Defender for Cloud to enhance real-time threat analysis. * Collaboration & Advisory: Work closely with security analysts, cloud engineers, and IT teams to optimize security monitoring, threat More ❯

tools. * Cloud Security Design & Integration: Implement and optimize Microsoft Defender for Cloud to enhance cloud security posture, detect misconfigurations, and enforce compliance. * Log Management & Analysis: Oversee the ingestion, parsing, and normalization of security logs from Azure, AWS, M365, and hybrid environments to improve threat visibility. * Security Event Correlation … Automation: Develop advanced correlation rules, alerts, playbooks, and automation workflows using Sentinel, KQL, and SOAR integrations to enhance threat detection and response capabilities. * Cloud Threat Protection: Monitor, analyse, and strengthen security postures across cloud platforms, utilising Defender for Cloud and SIEM insights. * Compliance & Governance: Ensure alignment with industry … best practices, regulatory frameworks, and internal security policies for cloud security. * Threat Intelligence & Enrichment: Integrate threat intelligence feeds with Sentinel and Defender for Cloud to enhance real-time threat analysis. * Collaboration & Advisory: Work closely with security analysts, cloud engineers, and IT teams to optimize security monitoring, threat More ❯

tools. * Cloud Security Design & Integration: Implement and optimize Microsoft Defender for Cloud to enhance cloud security posture, detect misconfigurations, and enforce compliance. * Log Management & Analysis: Oversee the ingestion, parsing, and normalization of security logs from Azure, AWS, M365, and hybrid environments to improve threat visibility. * Security Event Correlation … Automation: Develop advanced correlation rules, alerts, playbooks, and automation workflows using Sentinel, KQL, and SOAR integrations to enhance threat detection and response capabilities. * Cloud Threat Protection: Monitor, analyse, and strengthen security postures across cloud platforms, utilising Defender for Cloud and SIEM insights. * Compliance & Governance: Ensure alignment with industry … best practices, regulatory frameworks, and internal security policies for cloud security. * Threat Intelligence & Enrichment: Integrate threat intelligence feeds with Sentinel and Defender for Cloud to enhance real-time threat analysis. * Collaboration & Advisory: Work closely with security analysts, cloud engineers, and IT teams to optimize security monitoring, threat More ❯

strategy of enhancing the bank's IT security further. Using a combination of third-party tooling and custom solutions to assist you with security threat analysis and detection, you will help drive the security strategy for current and future product implementations. With good mentoring and coaching capabilities, you … to monitor, detect, and respond to potential threats in real-time. Lead the establishment of a Security Operations Center (SOC) for continuous monitoring and threat intelligence. Continuously evaluate and enhance security tools, technologies, and processes to stay ahead of evolving threats. Application and Cloud Security Implement best practices for … Incident Response Plans (CSIRP) and Disaster Recovery Plans (DRP). Lead the response to cybersecurity incidents, ensuring rapid containment and recovery. Conduct post-incident analysis along with the incident team to identify root causes and enhance defenses. Third-Party Security and Due Diligence Conduct risk assessments and due diligence More ❯