23 of 23 Threat Detection Jobs in the South East

Primary Details Time Type: Full time Worker Type: Employee Senior Threat Detection Specialist Location: London Happy to talk flexible working The Opportunity As we focus on transformation across the organisation, we’re also investing in our cyber security capabilities to keep our people, data, and customers safe. That’s why we’re building a new Detection Engineering … function—and we’re looking for a talented and driven Threat Detection Senior Specialist to help us lead the way. In this key role, you’ll support the GSOC Manager in shaping the future of detection engineering, developing the strategy, and designing detection capabilities that protect our global environment. Your new role Lead the coordination and … operation of the internal detection engineering function. Design and implement cyber detection rules and use cases to identify threats across our IT infrastructure. Identify and log visibility gaps, working to improve detection coverage and accuracy. Build and tune custom detection logic for complex environments and emerging threats. Monitor evolving attacker tactics (TTPs), integrating insights into detection More ❯

software delivery lifecycle. A key part of this position will also involve mentoring an internal engineer, developing structured security policies, and managing Sentinel, Defender and SOAR solutions for automated threat response. Additionally, the role requires liaising with third-party support partners to coordinate security solutions, manage incidents, and enhance overall cybersecurity posture. Responsibilities Infrastructure Security: Architect and secure Azure … and optimize Azure DevOps pipelines with security embedded at every stage. Cloud Security Implementation: Leverage Azure Security Centre, Microsoft Defender for Cloud, and Microsoft Sentinel for advanced security monitoring. Threat Detection & SOAR Automation: Oversee Security Orchestration, Automation, and Response (SOAR) solutions including SOC Prime. Network & Application Security: Manage Web Application Firewalls (WAF) and Intrusion Prevention Systems (IPS). … to prevent cyber threats. Incident Response: Formulating and documenting a solid process utilising a 3rd party support partner Security Monitoring & Logging: Develop SIEM solutions, logging strategies, and real-time threat intelligence. Monitor, audit, and improve infrastructure security posture using automated tooling. Policy & Procedures: Define and enforce security policies, incident response strategies, and structured action plans for proactive risk mitigation. More ❯

bringing together two pioneers that have redefined the cybersecurity industry with their innovative, native AI-optimized services, technologies, and products. Sophos is now the largest pure-play Managed Detection and Response (MDR) provider, supporting more than 28,000 organizations. In addition to MDR and other services, Sophos' complete portfolio includes industry-leading endpoint, network, email, and cloud security that … interoperate and adapt to defend through the Sophos Central platform. Secureworks provides the innovative, market-leading Taegis XDR/MDR, identity threat detection and response (ITDR), next-gen SIEM capabilities, managed risk, and a comprehensive set of advisory services. Sophos sells all these solutions through reseller partners, Managed Service Providers (MSPs), and Managed Security Service Providers (MSSPs) worldwide … defending more than 600,000 organizations from phishing, ransomware, data theft, and other cybercrimes. The solutions are powered by threat intelligence from Sophos X-Ops and the Counter Threat Unit (CTU). Sophos is headquartered in Oxford, U.K. More information is available at . Role Summary We're looking for a Senior Software Engineer 2 with deep expertise More ❯

Senior Machine Learning Engineer - Behavioural Modeling & Threat Detection - £160,000+ - Fully Remote UK BASED CANDIDATES ONLY My client is looking for an experienced Machine Learning Engineer ready to play a pivotal role in shaping the technical direction of their behavioural modelling and threat detection systems. This position offers the opportunity to influence not just their engineering … and verbal communication skills, especially in cross-functional contexts. Bonus Experience (Nice to Have) Exposure to large language models (LLMs) or foundational model adaptation. Previous work in cybersecurity, anomaly detection, or behavioural analytics. Familiarity with orchestration frameworks (Airflow or similar). Experience with scalable ML systems, pipelines, or real-time data processing. Advanced degree or equivalent experience in ML More ❯

key role in deploying and configuring modern security tooling across complex platforms. This is a great opportunity for someone who enjoys hands-on engineering, improving SOC effectiveness, and shaping threat detection capabilities at scale. What you'll be doing Deploying and configuring security tools including SIEM, vulnerability scanning and endpoint monitoring Developing use cases, alerts, and dashboards to … support active threat detection Writing and maintaining SOC playbooks and triage workflows Performing 2nd line security monitoring, incident triage and investigation Supporting security assurance activities and documentation across the programme lifecycle Working with cross-functional teams in a high-assurance, cloud-native environment What you'll bring Strong experience configuring and optimising SIEM tooling (e.g. Splunk, Elastic) Proven More ❯

IR35 - 3 days a week on-site** Key Responsibilities SIEM Management & Optimization: Design, implement, and maintain Microsoft Sentinel workspaces, connectors, analytics rules, and playbooks Develop advanced KQL queries for threat hunting and reporting Optimize SIEM performance, cost, and data retention policies Troubleshoot log ingestion and parsing issues Log Source Integration: Onboard and configure critical log sources (AD, firewalls, servers … cloud infrastructure) Manage event collection and forwarding infrastructure Implement data filtering and custom log parsing Threat Detection & Use Case Development: Develop and refine detection rules based on threat intelligence and attack patterns Continuously improve detection efficacy and reduce false positives Security Monitoring & Incident Response: Monitor systems for anomalies and malicious activity Contribute to threat More ❯

and fast-paced problem-solving—and want your work to have a real impact—this could be the perfect role for you. Key Responsibilities Lead security incident response and threat detection efforts, prioritising the protection of customer data and experience Build automated detection and remediation workflows using SOAR, SIEM, and scripting (Python, SQL) Apply deep cloud security … with Fraud and Customer Experience teams to mitigate risks such as account takeover and loyalty fraud Onboard key customer-facing and payment systems into the security monitoring platform Perform threat hunting and detection engineering to identify and address emerging risks Support security audits, compliance (PCI-DSS), and post-incident reviews Mentor junior team members and contribute to a … to assess threats and act quickly to protect customer trust Strong Communicator: Confident working with technical teams, fraud analysts, and senior stakeholders Retail-Specific Insight: Familiar with customer-centric threat vectors like loyalty abuse and payment fraud Automation-First Mindset: Keen to reduce manual work through scripting and process automation Agile Approach: Comfortable working in cross-functional teams with More ❯

security into everything we dofrom infrastructure to application design. Key Responsibilities Design and implement security controls across cloud platforms (AWS, Azure, or GCP) Develop and maintain security tooling for threat detection, vulnerability management, and incident response Lead threat modelling and risk assessments for critical systems and services Collaborate with engineering teams to integrate security best practices into More ❯

is a rare opportunity to play a key role in the operation and enhancement of a 24/7 SOC , handling incident response and contributing to the development of detection, automation, and reporting tools. Key Responsibilities: Lead and support incident response (IR) and investigation of security threats across a complex enterprise estate. Manage, tune, and develop SIEM and EDR … technologies to enhance threat detection and response capabilities. Implement and refine playbooks , automations , and alerting rules in collaboration with security partners. Contribute to threat hunting and proactive detection strategies. Produce actionable reporting and metrics for stakeholders, including executive leadership. Desired Experience: Proven experience working in or alongside a 24/7 Security Operations Centre . Strong … technical exposure to SIEM (ideally Splunk), EDR (CrowdStrike preferred), and SOAR tools. Expertise in incident handling , threat analysis , and digital forensics . Scripting or automation experience (Python, PowerShell, etc.) is highly beneficial. Knowledge of MITRE ATT&CK , NIST CSF , and related security frameworks. Legal, financial, or similarly high-compliance industry experience is a bonus. Why Apply? Join a global More ❯

cyber security support and assurance across multiple digital programmes. Embed appropriate security controls during the full lifecycle of digital projects. Actively support the Cyber Security Operations Centre (CSOC) with threat monitoring, incident response, and proactive threat hunting. Monitor infrastructure security alerts, analyse incidents, and recommend remediation actions. Maintain and improve threat detection tools including SIEM systems. … and user education activities. Experience & Skills Required: Hands-on experience working in a cyber security function within a large or complex organisation. Strong familiarity with SIEM tools, incident response, threat analysis, and cyber remediation processes. Understanding of relevant frameworks and standards (e.g., ISO 27001, NCSC Cyber Assessment Framework). Experience supporting audits, risk assessments, and maintaining security documentation. Confident More ❯

in production with a strong focus on performance, explainability, and cost-efficiency. What You'll Bring: Deep applied experience in ML/DL , with bonus points for work in threat detection , phishing , or abuse detection Proven ability to design and deploy full-stack AI pipelines in production Strong experience in backend engineering , ideally with Go and ML … frameworks like PyTorch or TensorFlow Familiarity with MLOps , cloud infrastructure (AWS) , Kubernetes , and Terraform Experience evaluating and deploying models (including anomaly detection, RAG, and clustering) in noisy, evolving data environments Nice to Have: Experience with Perl Knowledge of threat intelligence integration and MCP architectures Location: Remote Salary: Up to £120,000 , depending on experience RSG Plc is acting More ❯

SOC Analyst, you will: Monitoring and triaging alerts across secure client environments Investigating threats using logs, network traffic, and endpoint telemetry Supporting response efforts during live security incidents Improving detection rules, playbooks, and tooling with MITRE ATT&CK-driven enhancements Producing clear incident reports for both technical and non-technical audiences Contributing to threat intelligence initiatives Staying ahead … secure this SOC role: Proven experience in a Security Operations Centre (SOC) environment Hands-on knowledge of SIEM tools (Microsoft Sentinel, Splunk, etc.) Familiarity with MITRE ATT&CK and threat detection methodologies Strong analytical mindset with log, endpoint, and network analysis skills Understanding of network protocols (TCP/IP, DNS, HTTP, SMTP) Awareness of enterprise security architecture: firewalls More ❯

and data privacy standards. What You’ll Be Doing: Define and implement the cyber security strategy, policies, and controls across a multi-regional environment. Lead global security operations, including threat detection, incident response, and risk mitigation. Manage compliance with standards such as ISO27001, NIST, Cyber Essentials+, and GDPR. Build and develop a high-performing cyber team spanning multiple More ❯

your technical expertise will be pivotal. You'll also play a critical role in shaping and safeguarding the organisation's cybersecurity posture - designing and implementing robust security protocols, managing threat detection and response, and ensuring compliance with key standards such as GDPR, Cyber Essentials, and ISO 27001. Collaboration is key, as you'll work closely with IT support … support. Familiar with VMware for virtualisation and cloud-based UC telephony systems. Solid understanding of DNS, DHCP, VPN access, and administration. Hands-on experience with firewalls (e.g., Fortinet), intrusion detection/prevention systems, and Cisco networking/routing. Knowledge of security best practices, including EDR/XDR platforms and antivirus solutions (e.g., EPO). Familiar with identity and access More ❯

stakeholders to align security recommendations with business goals Required Skills & Experience Proven experience in senior security consultancy or architecture roles Strong understanding of cloud security (AWS), SOC design, and threat detection Familiarity with security frameworks (NIST CSF, ISO 27001) and red teaming approaches Excellent communication skills with ability to influence technical and executive stakeholders Preferred Background Experience in More ❯

days onsite Rate: Clearance required: Active SC is essential Role purpose/summary SIEM Deployment & Management - Set up, configure, and maintain SIEM tools like ArcSight, Splunk, or QRadar. Threat Detection & Analysis - Monitor security logs, detect anomalies, and investigate potential threats. Incident Response - Work with security teams to analyze and mitigate security incidents. Custom Rule Creation - Develop and fine … tune detection rules and alerts to identify malicious activities. Security Reporting - Generate reports on security events, trends, and system performance. Collaboration - Work with IT and security teams to improve overall cybersecurity posture. Required Skills & Qualifications Technical Expertise - Strong knowledge of SIEM platforms, network security, and cybersecurity frameworks. Certifications - CISSP, CEH, GIAC, or vendor-specific SIEM certifications. Programming & Scripting - Familiarity More ❯

Via Umbrella inside IR35 Clearance required: Active SC is essential Role purpose/summary SIEM Deployment & Management - Set up, configure, and maintain SIEM tools like ArcSight, Splunk, or QRadar. Threat Detection & Analysis - Monitor security logs, detect anomalies, and investigate potential threats. Incident Response - Work with security teams to analyze and mitigate security incidents. Custom Rule Creation - Develop and … fine-tune detection rules and alerts to identify malicious activities. Security Reporting - Generate reports on security events, trends, and system performance. Collaboration - Work with IT and security teams to improve overall cybersecurity posture. Required Skills & Qualifications Technical Expertise - Strong knowledge of SIEM platforms, network security, and cybersecurity frameworks. Certifications - CISSP, CEH, GIAC, or vendor-specific SIEM certifications. Programming & Scripting More ❯

Via Umbrella inside IR35 Clearance required: Active SC is essential Role purpose/summary SIEM Deployment & Management - Set up, configure, and maintain SIEM tools like ArcSight, Splunk, or QRadar. Threat Detection & Analysis - Monitor security logs, detect anomalies, and investigate potential threats. Incident Response - Work with security teams to analyze and mitigate security incidents. Custom Rule Creation - Develop and … fine-tune detection rules and alerts to identify malicious activities. Security Reporting - Generate reports on security events, trends, and system performance. Collaboration - Work with IT and security teams to improve overall cybersecurity posture. Required Skills & Qualifications Technical Expertise - Strong knowledge of SIEM platforms, network security, and cybersecurity frameworks. Certifications - CISSP, CEH, GIAC, or vendor-specific SIEM certifications. Programming & Scripting More ❯

Work for a Not-for-Profit compliance company working in the green sector. Responsible for: 1) Cyber Security governance and delivery across the company and their suppliers. Covering: Governance, threat detection, reports, SIEM, DevSecOps 2) Cloud Architecture and Resilience. AWS estate and the platform applications. Assessment of risk and resilience. AWS cloud costs, technical debt, overview of architecture. … This is not a technical hands-on position (other than maybe some config and creation of threat reports). However, you will need a technical background which will give you the authority to discuss architecture at C-Level and engage with 3rd parties. Reporting to Head of IT you will be the lead on Cyber Security and Resilience. More ❯

frameworks and standards including CIS, ISO 27001/27002, GDPR, DPA, and Cyber Essentials. Proven experience managing or working closely with Security Operations Centres (SOC), including incident response and threat detection. Demonstrable background in implementing and running vulnerability management programmes, with experience using industry-standard tooling. Experience designing, deploying, and managing Identity and Access Management (IAM) systems and processes. More ❯

. Additional Skills (Preferred): Experience with Microsoft Endpoint Configuration Manager (SCCM) co-management with Intune. PowerShell scripting for automation and bulk administration . Knowledge of Microsoft Sentinel for advanced threat detection. Familiarity with Microsoft Teams administration (voice, meetings, policies). Qualifications & Experience: 3+ years of hands-on experience as a Microsoft 365 Administrator or similar role. Microsoft 365 Certified More ❯

delivery teams. You will have strong and demonstable experience of working with Maufacturing clients leveraging an established network. My client is an expert cybersecurity business providing managed security and threat detection/response services to a global client base. As Managing Principal (Manufacturing Vertical) reporting to the UK Managing Director (whilst having a close working relationship with the More ❯

architecture and infrastructure. Design and configure networking components to ensure efficient and secure communication between services. Develop and implement security best practices, including identity and access management, encryption, and threat detection. Monitor and manage detection contracts to ensure timely identification and resolution of security incidents. Automate infrastructure provisioning, deployment, and management using Infrastructure as Code (IaC) tools. Perform … VPC, IAM, CloudFormation, and more. Strong background in networking, including VPN, DNS, load balancing, and firewall configurations. Demonstrated expertise in security practices, including identity and access management, encryption, and threat detection. Experience with detection contracts and monitoring tools to identify and respond to security incidents. Proficiency in scripting languages such as Python, Bash, or PowerShell. Familiarity with Infrastructure More ❯