1 to 25 of 60 Threat Detection Jobs in the UK

Glasgow, Scotland - United Kingdom Type: Permanent Senior SOC Engineer A leading organisation is seeking a Senior SOC Engineer to strengthen its security operations capability and drive continuous improvement across detection, response, and automation. This pivotal role requires deep expertise in IBM QRadar, with a strong focus on playbook development, analytical rule creation, and threat modelling. The Senior SOC … Engineer will play a key role in building and optimising detection and response strategies, ensuring robust protection against evolving threats. Key Responsibilities SIEM Engineering & Management Deploy, configure, and maintain the QRadar SIEM platform. Onboard and normalise log sources across on-premises and cloud environments. Develop and optimise analytical rules for threat detection, anomaly detection, and behavioural … scenarios such as phishing, lateral movement, and data exfiltration. Integrate playbooks with SOAR platforms (e.g., Microsoft Logic Apps, XSOAR) to streamline triage and automate response. Refine playbooks based on threat intelligence and incident insights. Threat Detection & Response Monitor and analyse security alerts and events to identify potential threats. Conduct investigations and coordinate incident response activities. Collaborate with More ❯

do energy differently - we do it all. We make it, store it, move it, sell it, and mend it. An opportunity to play your part - Join Centrica as a Threat Detection Engineer, where you'll be at the forefront of our mission to safeguard our digital landscape. In this dynamic role, you'll be responsible for developing, automating … and enhancing our detection capabilities to swiftly identify and respond to security threats. You'll have the exciting opportunity to create innovative detection use cases, leveraging security telemetry, threat intelligence, and insights from past incidents. Your expertise will be crucial in addressing detection gaps across our infrastructure, working closely with various business units to boost visibility … and crafting automated detection workflows. If you're passionate about cybersecurity and eager to make a real impact, this is the perfect role for you. Location : UK, Windsor (talk to us about flexible working) The day to day: Assist in the implementation and management of the Detection Engineering framework across our infrastructure. Contribute to the development of the More ❯

SARL (Irish Branch) Do you want to work on planetary scale incident response solutions in the cloud? Are you skilled at performing Incident Response activities and helping customers build threat detection and incident response capabilities using highly scalable computing architectures? Are you excited to help customers respond to security incidents and automate security operations giving them unprecedented capability … and agility? Do you enjoy working on fast-paced complex projects focused on game changing business outcomes for customers globally? As a member of the Threat Detection and Incident Response Practice in the AWS Global Service Security you will have the opportunity to help customers respond to security incidents and pioneer technically superb security solutions to help customer … resource that earns the trust of customer stakeholders before, during, and after a security event. Independently contribute to teams that include Amazonians, partners, and customers to build and deploy threat detection and incident response capabilities. Design, build, and deploy solutions to automate security operations and incident response on AWS. Independently contribute to internal builder projects to develop new More ❯

transformation consultancy is seeking a Senior SOC Solutions Engineer to elevate its security operations capability. This is a hands-on engineering role focused on SIEM development, playbook automation, and threat modelling-delivering proactive defence across cloud and on-prem environments. You'll be instrumental in designing and implementing advanced detection and response strategies, working closely with cross-functional … improvement. Key Responsibilities SIEM Engineering & Management Deploy, configure, and maintain IBM QRadar SIEM platform Onboard and normalize diverse log sources across hybrid environments Develop and tune analytical rules for threat detection and behavioural analysis Playbook Development & Automation Design incident response playbooks for scenarios including phishing, lateral movement, and data exfiltration Integrate playbooks with SOAR platforms (e.g., Microsoft Logic … Apps, XSOAR) Continuously refine automation based on threat intelligence and incident feedback Threat Detection & Response Monitor and investigate security alerts and anomalies Lead incident response activities and collaborate with threat intelligence teams Enrich detection logic with contextual threat data Threat Modelling & Use Case Development Conduct threat modelling using MITRE ATT&CK, STRIDE More ❯

Primary Details Time Type: Full time Worker Type: Employee Senior Threat Detection Specialist Location: London Happy to talk flexible working The Opportunity As we focus on transformation across the organisation, we’re also investing in our cyber security capabilities to keep our people, data, and customers safe. That’s why we’re building a new Detection Engineering … function—and we’re looking for a talented and driven Threat Detection Senior Specialist to help us lead the way. In this key role, you’ll support the GSOC Manager in shaping the future of detection engineering, developing the strategy, and designing detection capabilities that protect our global environment. Your new role Lead the coordination and … operation of the internal detection engineering function. Design and implement cyber detection rules and use cases to identify threats across our IT infrastructure. Identify and log visibility gaps, working to improve detection coverage and accuracy. Build and tune custom detection logic for complex environments and emerging threats. Monitor evolving attacker tactics (TTPs), integrating insights into detection More ❯

+ Benefits Clearance: Must hold or be eligible for SC Clearance Sponsorship: Not available We're seeking a highly skilled SOC Solutions Engineer to enhance security operations and strengthen detection & response strategies. This is a hands-on engineering role focused on IBM QRadar, playbook automation, and advanced threat modelling to deliver cutting-edge security solutions. What you'll … do: SIEM Engineering & Management: Deploy, configure, and optimise QRadar. Onboard log sources from cloud/on-prem environments. Build detection and anomaly rules. Playbook Development & Automation: Design and implement automated response playbooks (phishing, lateral movement, exfiltration) with SOAR tools (e.g., Logic Apps, XSOAR). Threat Detection & Response: Investigate alerts, enrich detection logic with threat intel … coordinate incident response. Threat Modelling & Use Case Development: Apply MITRE ATT&CK, STRIDE, and Kill Chain frameworks to build detection use cases. Reporting & Collaboration: Build security dashboards, produce reporting packs, and guide junior analysts and engineers. Client & Project Support: Support presales, contribute to new SOC solution scoping, and lead demos where required. What we're looking for: Must More ❯

on an evaluation of their potential and support them throughout their time at Cloudflare. Come join us! Available Locations: London, UK About the Team Cloudforce One is Cloudflare's threat operations and research team, responsible for identifying and disrupting cyber threats ranging from sophisticated cyber criminal activity to nation-state sponsored advanced persistent threats (APTs). Cloudforce One works … in close partnership with external organizations and internal Cloudflare teams, continuously developing operational tradecraft and expanding ever-growing sources of threat intelligence to enable expedited threat hunting and remediation. Members of Cloudforce One are at the helm of leveraging an incredibly vast and varied set of data points that only one of the world's largest global networks … can provide. The team is able to analyze these unique data points, at massive scale and efficiency, synthesizing findings into actionable threat intelligence to better protect our customers.The team's core disciplines are data engineering, data science, devops, and security. We use data science and machine learning to process large volumes of data and build threat intelligence for More ❯

lead the strategic direction, performance, and day-to-day operations of their Security Operations Centre (SOC). As a central figure in security services, you'll ensure the efficient detection, analysis, and response to cyber threats across a diverse client portfolio. This leadership role involves mentoring your team, enhancing our security processes, and driving ongoing improvements in threat detection and incident response capabilities. Key Responsibilities Team Leadership & Development Lead and mentor a team of SOC analysts, fostering a collaborative, high-performing environment. Manage team scheduling, conduct performance reviews, and support professional growth and development. SOC Operations Oversight Supervise 24/7/365 monitoring of client environments, ensuring consistent adherence to SLAs for threat detection More ❯

governance and identity lifecycle processes in a highly View job & apply CTI Analyst Location: London Job type: Permanent Financial Services firm seeks an Operational CTI Analyst to join its Threat Intelligence team. Th View job & apply Senior Manager - BCM Second Line Location: Frankfurt Salary: 125,000 + Benefits Job type: Permanent Sector: Banking We are seeking a Senior Manager … hybrid Job type: Permanent Leading banking group seeks a Cryptography Analyst to join their security team. As an Analyst in We are seeking a highly motivated and skilled Insider Threat Investigations Lead to join a newly formed Insider Threat Team. This role focuses on identifying, preventing, and responding to risks posed by individuals with authorized access to organisational … This role suits someone with strong investigative skills, an analytical mindset, the ability to interpret and act on data, and the capability to execute initiatives that strengthen the insider threat programme. Key Responsibilities Support the delivery of the insider threat programme, including developing tools, standards, and procedures to detect, prevent, and respond to insider threats. Utilise advanced detection More ❯

the design and implementation of scalable, automated security solutions that integrate seamlessly into enterprise platforms and user experiences. Establish a global security architecture and engineering roadmap focused on prevention, detection, and rapid response. Drive continuous improvement of security posture while aligning with business needs, regulatory requirements, and user experience expectations. Champion DevSecOps practices to embed security early into development … Engineering: Lead end-to-end engineering for identity and access management (IAM), including authentication, authorization, and privileged access controls. Oversee endpoint security architecture and enforcement, ensuring comprehensive coverage for threat detection, malware prevention, and device compliance. Build and operate scalable data protection solutions, including data loss prevention (DLP), secrets management, encryption, and classification. Integrate security controls into CI … intervention. Operational Security, SRE & Assurance: Ensure security platforms are resilient, continuously monitored, and designed for 24x7 support and incident response readiness. Embed security telemetry and observability to enable proactive threat detection and automated response. Apply SRE principles to improve reliability, performance, and maintainability of security services. Lead platform health, patching automation, and vulnerability remediation workflows. Define service level More ❯

is an brilliant opportunity for an experienced Senior Cyber Security Analyst to play a key role in protecting our client's systems, networks, and data. You'll lead on threat detection, incident response, and security improvements, working closely with teams across the business to maintain compliance and best practice. What you'll do: Lead threat detection More ❯

and an ability to work under pressure within a client-facing capacity. Key responsibilities: Provide front line cyber security monitoring and analysis within a Security Operations Centre (SOC) Perform threat detection and incident response using SIEM tools such as Splunk and Microsoft Defender Conduct in-depth investigations into security alerts, escalating where appropriate and providing remediation advice Carry … out threat analysis to improve detection capability and contribute to continuous service improvement Act as a key point of contact for clients, providing expert advice and clear communication on cyber matters Apply up-to-date knowledge of the cyber threat landscape and defence best practices Essential skills and experience: Proven experience in SOC environments, with a strong More ❯

FCA Consumer Duty and broader regulatory obligations. You will play a key role in the operational management of security technologies, incident response processes, and the continuous enhancement of our detection and response capabilities. The successful candidate will bring hands-on expertise in, cloud security operations, threat detection and DevSecOps practices, ensuring security is embedded within operational workflows … What you will do: Operate and optimise core cyber security tools and platforms, including SIEM, XDR, EDR, DLP, IAM, PAM, ZTNA and vulnerability management solutions Lead or support the detection and response lifecycle, including triage of alerts, investigation of incidents, root cause analysis, and coordination of response actions. Implement and administrate security operational controls across AWS, Azure, and on More ❯

digital forensics team. This is a client-facing role where you'll lead DFIR (Digital Forensics & Incident Response) investigations, guide executives through cyber incidents, and help organisations strengthen their threat detection, response, and resilience. If you're an expert in incident response, threat hunting, and forensic analysis and thrive under pressure, this is your opportunity to work … from breach triage and containment to full recovery. Client Engagement: Act as a trusted advisor to CISOs, boards, and regulators, providing executive-level briefings during and after incidents. Forensics & Threat Hunting: Conduct advanced forensic investigations across endpoints, servers, networks, cloud platforms, and SaaS. Adversary Analysis: Use threat intelligence and MITRE ATT&CK to attribute attacks and inform proactive … defences. Crisis Management: Lead coordination between internal stakeholders, third parties, and law enforcement. Cybersecurity Advisory: Help clients improve incident readiness, detection engineering, and response capabilities. Innovation: Contribute to new playbooks, tools, and methodologies to evolve our DFIR practice. Mentorship: Train and coach junior consultants in incident response and digital forensics. Industry Contribution: Publish thought leadership, speak at conferences, and More ❯

the development and delivery of a comprehensive cyber security strategy across both corporate and clinical areas. Oversee the organisation's information security portfolio, including compliance frameworks, risk assessments, and threat intelligence. Provide active leadership for all aspects of cyber security covering infrastructure, applications, and clinical technology. Ensure business operations remain secure and resilient, embedding security at the heart of … service delivery. Maintain an up-to-date understanding of the sector's cyber threat environment and adapt strategies accordingly. Establish, enhance and enforce operational procedures aligned with recognised standards and best practices. Contribute security expertise to major transformation projects, ensuring risks are identified and mitigated. Promote a culture of security awareness across the organisation, communicating risks and best practices … Plus). Proven experience in developing and delivering cyber security strategies within complex organisations. Hands-on expertise across infrastructure, applications, and cloud environments. Track record of leading incident response, threat detection and vulnerability management activities. Strong leadership and stakeholder management skills, with the ability to engage senior executives, boards, and technical teams alike. Experience influencing and embedding a More ❯

deliver runtime-isolated, reproducible models that are easy to deploy, monitor, and update without connectivity. Work closely with data scientists to define clear KPIs and success criteria-such as detection accuracy, latency, false positive/negative rates, explainability, and robustness-to determine what constitutes a production-grade, releasable model. Align model performance goals with the operational realities of the … into actionable requirements. Excellent communication and stakeholder management skills. Comfortable working in a fast-paced, iterative, and agile environment. Preferred Experience: Solid understanding of cyber security concepts such as threat detection, SIEM, anomaly detection, and incident response. Experience with tools for tracking ML models in production (e.g., MLflow). We encourage you to apply even if your More ❯

assets. Collates, defines, and enforces secure configuration baselines and hardening standards in alignment with organisational security obligations and recognised industry frameworks (e.g., CIS Benchmarks, Microsoft Security Baselines). Conducts threat modelling and risk assessments to identify vulnerabilities or compliance gaps. Maintains and manages Software Bills of Materials (SBOMs). Assists with integrating security monitoring, logging, and alerting capabilities. Creates … risk assessments, risk mitigation plans, and security operations procedures. Performs security validation, configuration assessments, and support user acceptance testing (UAT) for security-related features. Collates and analyses information for threat intelligence requirements from a variety of sources. Designs and executes complex vulnerability research activities. Provides guidance, support and mentoring to other IT Engineers as requested by the IT Leadership … . Experience aligning infrastructure builds with cyber security standards such as NCSC guidance, CIS benchmarks, or Microsoft Security Baselines. Experience implementing monitoring, logging, and alerting toolsets including SIEM and threat detection platforms. Understanding of data classification, encryption, and secure storage/access principles. Familiarity with endpoint protection platforms and vulnerability management tools. Experience securing hybrid identity solutions and More ❯

robust, efficient and globally coordinated security operations that protect the organisation's people, systems, and data. This includes direct ownership of security controls, security testing, vendor management, vulnerability and threat management, and incident response. You will work daily with the Group CISO to support consistent, high-assurance security practices across all regions, in-line with regional regulation and to … for the management of any global Cyber Incidents by supporting the CISO team. Additionally, you will be: Working collaboratively with the SOC to ensure 24/7 visibility and threat detection across global environments, driving maturity and constant improvements to support the ever-changing threat landscape. Defining and monitoring KPIs for detection, response, and containment performance. … vendors responsible for supporting CFC. Ensuring security controls are deployed, tuned, and monitored effectively across cloud and on-premises assets. Leading the organisation's global vulnerability management program, ensuring threat led and risk-based prioritization, along with collaboration with IT for timely remediation. Leading on and refining the incident response playbooks Support the Group CISO to define security maturity More ❯

advanced threats. Project Objectives Strengthen cyber defences for MoD critical infrastructure against sophisticated threats, including APTs. Ensure compliance with HMG policies, JSP 440, JSP 604, and ISO 27001. Enhance threat detection, incident response, and system recovery capabilities. Securely integrate cloud and hybrid IT systems. Key Responsibilities Lead threat intelligence integration with MoD and NCSC teams. Design and … Certifications: CISSP, CISM, or equivalent. Proven incident response and project leadership skills. Desirable Skills Experience with MoD CSOC or defence contractors. Knowledge of zero-trust models or AI-based threat detection. Personal Attributes Strategic thinker with strong decision-making under pressure. Excellent communication for technical and non-technical audiences. High integrity for handling classified information. Working Conditions Job Type More ❯

a hybrid Security Operations Centre (SOC) model, leading the investigation and resolution of cyber security incidents, and coordinating with the University's third-party SOC provider to ensure effective threat detection, incident response, and continuous monitoring across the University. Conduct proactive threat hunting activities to detect advanced threats and anomalous behaviour within the University's network, and More ❯

within a hybrid Security Operations Centre (SOC) model, leading the investigation and resolution of cybersecurity incidents, and co-ordinating with the Universitys third-party SOC provider to ensure effective threat detection, incident response, and continuous monitoring across the University. - Conduct proactive threat hunting activities to detect advanced threats and anomalous behaviour within the University's network, and More ❯

manage Cyber Incidents supporting the CISO and CISO team in the co-ordination of managing these events globally, collaborate with the SOC to ensure 24/7 visibility and threat detection across global environments, driving maturity and constant improvements to support the constantly changing threat landscape and define and monitor KPIs regarding detection, response and containment. … a strong technical security operations background with experience of leading SOCs or Security Operations teams within regulated environments You have an indepth knowledge of core security operations practices: SIEM, threat hunting, vulnerability management, incident response You have a good understanding of common threat actor tactics (MITRE ATT&CK), modern malware, and intrusion techniques You have experience of supporting More ❯

ll manage Cyber Incidents supporting the CISO and CISO team in the coordination of managing these events globally, collaborate with the SOC to ensure 24/7 visibility and threat detection across global environments, driving maturity and constant improvements to support the constantly changing threat landscape and define and monitor KPIs regarding detection, response and containment. … strong technical security operations background with experience of leading SOCs or Security Operations teams within regulated environments * You have an in-depth knowledge of core security operations practices: SIEM, threat hunting, vulnerability management, incident response * You have a good understanding of common threat actor tactics (MITRE ATT&CK), modern malware, and intrusion techniques * You have experience of supporting More ❯

using tools such as Splunk, Flexera, and other industry-standard SIEM platforms. You'll investigate security incidents, coordinate with other IT and security teams, and support continuous improvement of threat detection and response processes. Key Requirements: Previous experience in a SOC Analyst or similar cybersecurity role Strong expertise in Splunk or similar SIEM tools Familiarity with Flexera for … vulnerability management Understanding of firewalls, network protocols, intrusion detection/prevention systems Relevant certifications (e.g., CISSP, CEH, Splunk) advantageous Must be eligible for Developed Vetting (DV) clearance , requiring 10 years continuous UK residency Please Note: All offers will be subject to standard pre-employment checks including ID, employment history (last 3 years), immigration status, and an unspent criminal record More ❯

experienced Senior XSOAR/XSIAM Consultant to join a major Public Sector programme. This role is a key position within the security operations landscape, helping to drive advanced automation, threat detection, and response capabilities across a complex environment. This is a contract opportunity suited to someone with deep technical knowledge of Palo Alto's XSOAR and XSIAM platforms … Responsibilities Design, implement, and optimise Palo Alto XSOAR playbooks and XSIAM workflows to enhance SOC automation Integrate XSIAM with existing SIEM, XDR, and third-party security tools Build advanced detection logic, enrichment pipelines, and correlation rules to improve visibility and response Develop dashboards, reports, and monitoring tools to provide real-time threat intelligence Troubleshoot and resolve complex issues More ❯