1 to 25 of 69 Threat Detection Jobs in the UK excluding London

to own, manage and rule their data. One of our specialisations is incybersecurity consultancy offering end-to-end SIEM services, helping clients design, deploy, and optimise security monitoring and threat detection solutions. Our team provides comprehensive support across all stages of SIEM implementation, from initial strategy and solution design to deployment and ongoing management. Our focus is on … delivering tailored solutions that enhance security postures, maintain compliance, and provide actionable threat intelligence. What we're looking for We are seeking a client-focused Senior SIEM Consultant with a strong foundation in SIEM technologies, cybersecurity best practices, and threat detection strategies. In this role, you will work closely with clients to understand their security needs, provide … based on client requirements, budget, and existing security infrastructure. SIEM Implementation & Configuration: Lead the design and configuration of SIEM solutions, ensuring integration with client systems and optimizing for effective threat detection and real-time monitoring. Support clients in deploying SIEM in hybrid environments, including on-premises, cloud, and multi-cloud platforms, integrating cloud-native security tools for enhanced More ❯

Threat Detection Engineer (SIEM/SOAR) Hybrid working: 1 day required in Leeds office per quarter. Mostly remote working. DGH Recruitment are currently recruiting on behalf of a leading global organisation who are looking for a Threat detection and threat response subject matter expert to join the team on a permanent basis. Responsibilities: - Design, engineer … a technical resource for the security operations team during active response efforts. - Conduct and manage event/incident investigations and post-mortem analysis as needed. - Document and maintain Automation, Detection and Incident Response procedures as required. - Regularly monitor and translate threat intelligence feeds into actionable detection. - Examine various logs to determine trends and identify security incidents. - Assist in … responding to audits, penetration tests and vulnerability assessments. Required Skills/Experience: - Experience with SIEM security telemetry, security monitoring, incident detection, incident response and forensics - Experience in Threat hunting & IR experience in Windows and/or Linux environments, cloud/hybrid environments - Proficient in SIEM management, configuration and analysis - Experience with Security Orchestration Automation and Response (SOAR) tools More ❯

Weir's global technology infrastructure from internal and external threats, while fostering a secure-by-design culture. You will collaborate across business units and technology teams to ensure robust threat detection, response capabilities, and alignment with strategic business goals. Why choose Weir: Be part of a global organization dedicated to building a better future: At Weir, the growing … business goals and ensuring resilience across Weir's digital ecosystem. Lead the development of a secure-by-design approach and contribute to the broader technology strategy. Security Operations and Threat Management: Oversee the 24x7 Security Operations Centre and ensure robust threat detection, response, and recovery capabilities. Implement and test frameworks for threat detection and operational … candidates that have the ability to perform the objectives above. Proven leadership experience within a technology security function in a medium to large organization Deep expertise in security operations, threat detection, risk management, and digital security practices Demonstrated success in managing global, high-availability IT systems and delivering complex programs Background in supplier management and stakeholder engagement at More ❯

Primary Details Time Type: Full time Worker Type: Employee Senior Threat Detection Specialist Location: London Happy to talk flexible working The Opportunity As we focus on transformation across the organisation, we’re also investing in our cyber security capabilities to keep our people, data, and customers safe. That’s why we’re building a new Detection Engineering … function—and we’re looking for a talented and driven Threat Detection Senior Specialist to help us lead the way. In this key role, you’ll support the GSOC Manager in shaping the future of detection engineering, developing the strategy, and designing detection capabilities that protect our global environment. Your new role Lead the coordination and … operation of the internal detection engineering function. Design and implement cyber detection rules and use cases to identify threats across our IT infrastructure. Identify and log visibility gaps, working to improve detection coverage and accuracy. Build and tune custom detection logic for complex environments and emerging threats. Monitor evolving attacker tactics (TTPs), integrating insights into detection More ❯

Threat Detection Engineer (SIEM/SOAR) Hybrid working: 1 day required in Leeds office per quarter. Mostly remote working. DGH Recruitment are currently recruiting on behalf of a leading global organisation who are looking for a Threat detection and threat response subject matter expert to join the team on a permanent basis click apply for More ❯

including subsidised meals, free car parking and much more... The opportunity: An opportunity has arisen in the cyber security operations centre (SOC) within Information Management (IM) for a SOC Threat Detection Analyst. Supporting the Senior SOC analysts in assisting IM meet the challenges and demands of countering the Cyber Threat. The successful applicant will drive a proactive ethos … in an ever-changing cyber security environment and provide robust threat detection and analysis within the 24x7 SOC. To support the SOC Manager in assisting Information Management UK meet the challenges and demands of countering the Cyber Threat. Support for the operational functions of the UK SOC. To work with other UK SOC members, including the UK InfoSec … and investigation activity utilising a wide variety of security platforms including AI/ML and behavioural analytics, SIEM (Security Information Event Management), Network Packet Capture platform, Anti Malicious Code, Threat Detection technologies and platforms across the UK Network Perimeter working with the best standard technologies. The MBDA SOC Analyst reports to the SOC Manager. The MBDA SOC Analyst More ❯

Detection and Response Engineer page is loaded Detection and Response Engineer Apply locations Edinburgh London 125 London Wall Leeds Wellington Place Bristol Manchester Westminster House time type Full time posted on Posted Yesterday time left to apply End Date: August 1, 2025 (12 days left to apply) job requisition id 138539 End Date Thursday 31 July 2025 Salary … We support flexible working - click here for more information on flexible working options Flexible Working Options Hybrid Working, Job Share Job Description Summary . Job Description JOB TITLE: Detection & Response Engineer SALARY : From £70,929 depending on experience and location LOCATION(S): Leeds, Manchester, Bristol, London or Edinburgh HOURS: Full time (This role will include a requirement to work … stay one step ahead of cyber adversaries. We pride ourselves on our innovative approach and our commitment to excellence in cyber security. Join us as a skilled and proactive Detection and Response Engineer and play a pivotal role in safeguarding our organisation against cyber threats! What you'll do Design, code and operationalise detection rules based on threat More ❯

JOB TITLE: Detection & Response Engineer SALARY : From £70,929 depending on experience and location LOCATION(S): Leeds, Manchester, Bristol, London or Edinburgh HOURS: Full time (This role will include a requirement to work as part of an on-call rota) WORKING PATTERN: Our work style is hybrid, which involves spending at least two days per week, or 40% of … stay one step ahead of cyber adversaries. We pride ourselves on our innovative approach and our commitment to excellence in cyber security. Join us as a skilled and proactive Detection and Response Engineer and play a pivotal role in safeguarding our organisation against cyber threats! What you'll do Design, code and operationalise detection rules based on threat models and intelligence Fine-tune detection rules and monitor their performance Support detection automation and playbook editing Conduct proactive threat hunting and threat modelling Perform cyber event triage, classification, and investigation Complete containment, remediation, and recovery activities Build and maintain reporting mechanisms and documentation Perform root cause analysis and support post-incident reviews Why Lloyds More ❯

the organisation’s cyber resilience. As a Senior Cyber Security Analyst, you will play a key role in protecting systems, networks, and data against cyber threats. You will lead threat detection and incident response efforts, support the development of security policies and controls, and work closely with stakeholders to ensure compliance and security best practice across the business. … teams to ensure cyber security best practice is considered throughout the entire SDLC. Creates and maintains documentation around the use of cyber security technology in the organisation. Carries out threat detection and incident response. Carries out vulnerability management and remediation. Collaborates as needed with third-party security vendors for expert advice and issue resolution. Carries out threat … technical background. Detailed understanding of application security along with experience of working alongside software development teams, supporting and advising on best practice to maintain security. Significant experience of endpoint detection and response (EDR) technologies and network detection and response (NDR) technologies. Detailed knowledge of Information Security standards including Cyber Essentials, Cyber Essentials Plus and ISO27001. Good understanding of More ❯

software delivery lifecycle. A key part of this position will also involve mentoring an internal engineer, developing structured security policies, and managing Sentinel, Defender and SOAR solutions for automated threat response. Additionally, the role requires liaising with third-party support partners to coordinate security solutions, manage incidents, and enhance overall cybersecurity posture. Responsibilities Infrastructure Security: Architect and secure Azure … and optimize Azure DevOps pipelines with security embedded at every stage. Cloud Security Implementation: Leverage Azure Security Centre, Microsoft Defender for Cloud, and Microsoft Sentinel for advanced security monitoring. Threat Detection & SOAR Automation: Oversee Security Orchestration, Automation, and Response (SOAR) solutions including SOC Prime. Network & Application Security: Manage Web Application Firewalls (WAF) and Intrusion Prevention Systems (IPS). … to prevent cyber threats. Incident Response: Formulating and documenting a solid process utilising a 3rd party support partner Security Monitoring & Logging: Develop SIEM solutions, logging strategies, and real-time threat intelligence. Monitor, audit, and improve infrastructure security posture using automated tooling. Policy & Procedures: Define and enforce security policies, incident response strategies, and structured action plans for proactive risk mitigation. More ❯

bringing together two pioneers that have redefined the cybersecurity industry with their innovative, native AI-optimized services, technologies, and products. Sophos is now the largest pure-play Managed Detection and Response (MDR) provider, supporting more than 28,000 organizations. In addition to MDR and other services, Sophos' complete portfolio includes industry-leading endpoint, network, email, and cloud security that … interoperate and adapt to defend through the Sophos Central platform. Secureworks provides the innovative, market-leading Taegis XDR/MDR, identity threat detection and response (ITDR), next-gen SIEM capabilities, managed risk, and a comprehensive set of advisory services. Sophos sells all these solutions through reseller partners, Managed Service Providers (MSPs), and Managed Security Service Providers (MSSPs) worldwide … defending more than 600,000 organizations from phishing, ransomware, data theft, and other cybercrimes. The solutions are powered by threat intelligence from Sophos X-Ops and the Counter Threat Unit (CTU). Sophos is headquartered in Oxford, U.K. More information is available at . Role Summary We're looking for a Senior Software Engineer 2 with deep expertise More ❯

Senior Machine Learning Engineer - Behavioural Modeling & Threat Detection - £160,000+ - Fully Remote UK BASED CANDIDATES ONLY My client is looking for an experienced Machine Learning Engineer ready to play a pivotal role in shaping the technical direction of their behavioural modelling and threat detection systems. This position offers the opportunity to influence not just their engineering … and verbal communication skills, especially in cross-functional contexts. Bonus Experience (Nice to Have) Exposure to large language models (LLMs) or foundational model adaptation. Previous work in cybersecurity, anomaly detection, or behavioural analytics. Familiarity with orchestration frameworks (Airflow or similar). Experience with scalable ML systems, pipelines, or real-time data processing. Advanced degree or equivalent experience in ML More ❯

Threat and Incident Response Lead Analyst Permanent or Contract | Hybrid 12 Days in Office (North West) Threat and Incident Response Lead Analyst is needed for a growing Cyber team who are looking to strengthen its cyber defence capabilities with the hire of a Threat and Incident Response Lead Analyst . This is a pivotal, hands-on role … in a growing cyber team. Youll lead threat intelligence and incident response efforts, shape defensive strategy and play a critical role in ensuring the organisation stays ahead of evolving threats. What Youll Be Doing: Lead all aspects of Threat Intelligence and Incident Response Perform gap analysis across tooling, processes and detection capabilities Implement and embed modern IR … and threat detection best practices Develop and maintain incident response playbooks and threat hunting strategies Stay informed on emerging threats, TTPs, and adversarial behaviours Tune detection rules and improve response workflows Work with tools such as Microsoft Sentinel, Defender, Splunk, or similar What Were Looking For: Proven experience in hands-on incident response and cyber threat More ❯

key role in deploying and configuring modern security tooling across complex platforms. This is a great opportunity for someone who enjoys hands-on engineering, improving SOC effectiveness, and shaping threat detection capabilities at scale. What you'll be doing Deploying and configuring security tools including SIEM, vulnerability scanning and endpoint monitoring Developing use cases, alerts, and dashboards to … support active threat detection Writing and maintaining SOC playbooks and triage workflows Performing 2nd line security monitoring, incident triage and investigation Supporting security assurance activities and documentation across the programme lifecycle Working with cross-functional teams in a high-assurance, cloud-native environment What you'll bring Strong experience configuring and optimising SIEM tooling (e.g. Splunk, Elastic) Proven More ❯

rotating teams of Tier 1 and Tier 2 analysts, providing live operational oversight, procedural assurance, and ongoing mentorship. This role ensures each analyst team is aligned with evolving cyber threat detection standards, works in sync with response and intelligence functions, and delivers consistent high-quality casework across shifts. This is a senior operational role that builds upon the … technical skills in a values led company that values innovation and diversity, this is the place to make an impact. In addition to Senior SOC Analyst responsibilities (alert triage, threat detection, ticket response, and tooling operation), the SOC Shift Lead will provide: Shift Continuity & QA Operational assurance and standard enforcement across all active shifts. Review, assess, and QA … just-in-time support and real-time knowledge sharing. Identify capability gaps within the shift team and report training needs to SOC management. Facilitate awareness of the latest threats, detection guidance, and tooling updates through briefings or job aids. Escalation & Communication Interface Serve as the first point of contact for non-critical escalations and queries within the shift team. More ❯

PLCs), 200 SCADA systems, and their supporting networks. This role demands a strong technical understanding of OT assets, including PLCs, SCADA, telemetry systems, and server infrastructure, alongside experience with threat detection, intrusion systems, and compliance with industry standards like the NIS Directive. Accountabilities & Responsibilities To improve performance and security of the OT Technology estate through a process of … out best practice and innovative ideas/approaches, both internally and externally, and manage their implementation in the given business area Oversee the Security Operations Centre (SOC) and manage threat detection, monitoring, and response Technical Skills & Experience Considerable experience of operating Information Technology Information Library (ITIL) and Cyber Security Incident Response Team (CSIRT) processes and standards. Extensive working More ❯

IR35 - 3 days a week on-site** Key Responsibilities SIEM Management & Optimization: Design, implement, and maintain Microsoft Sentinel workspaces, connectors, analytics rules, and playbooks Develop advanced KQL queries for threat hunting and reporting Optimize SIEM performance, cost, and data retention policies Troubleshoot log ingestion and parsing issues Log Source Integration: Onboard and configure critical log sources (AD, firewalls, servers … cloud infrastructure) Manage event collection and forwarding infrastructure Implement data filtering and custom log parsing Threat Detection & Use Case Development: Develop and refine detection rules based on threat intelligence and attack patterns Continuously improve detection efficacy and reduce false positives Security Monitoring & Incident Response: Monitor systems for anomalies and malicious activity Contribute to threat More ❯

role requires deep expertise in SIEM platforms, including Splunk, IBM QRadar, Microsoft Defender, Microsoft Sentinel, and Google Chronicle, with a strong focus on playbook development, analytical rule creation, and threat modelling. You will be instrumental in building and optimizing our detection and response strategies. Job Duties SIEM Engineering & Management Deploy, configure, and maintain SIEM platforms (Splunk, QRadar, Sentinel … Defender, Chronicle). Onboard and normalize log sources across cloud and on-prem environments. Develop and optimize analytical rules for threat detection, anomaly detection, and behavioural analysis. Skills Must be able to obtain SC Clearance or already hold SC clearance. SIEM Expertise: Hands-on experience with at least two of the following: Splunk IBM QRadar Microsoft Defender More ❯

and fast-paced problem-solving—and want your work to have a real impact—this could be the perfect role for you. Key Responsibilities Lead security incident response and threat detection efforts, prioritising the protection of customer data and experience Build automated detection and remediation workflows using SOAR, SIEM, and scripting (Python, SQL) Apply deep cloud security … with Fraud and Customer Experience teams to mitigate risks such as account takeover and loyalty fraud Onboard key customer-facing and payment systems into the security monitoring platform Perform threat hunting and detection engineering to identify and address emerging risks Support security audits, compliance (PCI-DSS), and post-incident reviews Mentor junior team members and contribute to a … to assess threats and act quickly to protect customer trust Strong Communicator: Confident working with technical teams, fraud analysts, and senior stakeholders Retail-Specific Insight: Familiar with customer-centric threat vectors like loyalty abuse and payment fraud Automation-First Mindset: Keen to reduce manual work through scripting and process automation Agile Approach: Comfortable working in cross-functional teams with More ❯

security into everything we dofrom infrastructure to application design. Key Responsibilities Design and implement security controls across cloud platforms (AWS, Azure, or GCP) Develop and maintain security tooling for threat detection, vulnerability management, and incident response Lead threat modelling and risk assessments for critical systems and services Collaborate with engineering teams to integrate security best practices into More ❯

from security incidents. Develop and maintain incident response plans, ensuring they align with industry best practices. Escalation management in the event of a security incident Follow major incident process Threat Intelligence: Stay abreast of the latest cybersecurity threats and vulnerabilities, integrating threat intelligence into security monitoring processes. Contribute to the development of threat intelligence feeds to enhance … proactive threat detection. Proactively hunt for threats within enterprise environments using SIEM and EDR solutions. Fine-tune SIEM detection rules, correlation alerts, and log sources to reduce false positives. Analyse threat intelligence feeds, map findings to MITRE ATT&CK framework, and provide actionable security recommendations. Collaborate with SOC teams to investigate alerts, escalate incidents, and improve detection mechanisms. Conduct adversary simulation exercises to test and improve detection capabilities. Generate detailed reports on emerging threats, attack trends, and security posture improvements. Monitored and analysed security logs from SIEM platforms to identify suspicious activity. Security Tool Management: Manage and optimise SIEM tools, ensuring they are properly configured and updated to maximize effectiveness. Own the development and implementation More ❯

Analystto play a key leadership role in shaping and advancing our Security Operations Centre (SOC). You'll drive our incident response strategy, lead major investigations, develop cutting-edge detection content, and help grow a highly capable security team through training and exercises. This is a critical role in our Cyber Security Team, offering the opportunity to work on … day-to-day SOC activities, ensuring timely escalation and resolution of incidents. Mentor junior analysts, support skills development, and facilitate tabletop exercises and simulations. Drive use-case development and threat detection content using advanced analytics, including machine learning and security automation. Maintain and update SOC processes, procedures, and documentation. Help build and mature threat intelligence capabilities and … foster collaboration across the smart metering community. Translate threat trends into actionable insights and drive improvements across the organisation. Evaluate and recommend tools that enhance detection and response capabilities. Conduct forensic investigations and perform root cause analysis of security incidents. What are we looking for? Proven experience in incident response and leading investigations in complex environments. Strong understanding More ❯

role, you will be at the forefront of our efforts to protect and defend against malicious cyber-attacks. Our modern, proactive operational Cyber Security team is dedicated to providing: Threat Hunting: Actively seek out potential threats before they can cause harm. This involves continuous monitoring and analysis of network traffic, system logs, and other data sources to identify unusual … protect against malicious content. Configure and maintain web and email filtering solutions to block phishing attempts, malware, and other threats. EDR and XDR Technologies: Administer and respond to Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) technologies to swiftly mitigate threats. Monitor alerts, investigate incidents, and take appropriate actions to contain and remediate threats. Security … and Statutory and Regulatory obligations. SIEM Management: Manage, monitor, and respond to security incidents and events using the Council's Security Incident and Event Monitoring (SIEM) platform. Ensure timely detection, analysis, and response to security incidents to minimise impact and support recovery efforts. As part of our team, the successful candidate will play a crucial role in ensuring the More ❯

weaknesses and enhancing defensive capabilities Contributes to the development of Active Defence, Red Team capabilities through people, process, and technology where appropriate Maintains a broad understanding of the external threat environment and attacker tactics, techniques, and procedures Your skills and experiences: Essential: Demonstrable experience in penetration testing Proficient in penetration testing tools such as Burp Suite, Nmap, Metasploit etc … and shopping discounts - you may also be eligible for an annual incentive. The Cyber Operations Team Cyber Operations is responsible for protecting BAE Systems from Cyber Attacks by various threat actors. Not only do we protect BAE Systems and its employees, indirectly we protect those who protect us - who serve in our military and rely on the products and … services we create. Across Threat Intelligence, Threat Detection, Incident Response and Active Defence we work to evolve cyber operations as a world class capability. This role will sit under the Active Defence, Red Team who are responsible for delivering the following capabilities in support of Cyber Operations: Red Teaming, Purple Teaming, Security Critical Control Testing, Threat More ❯

Security, Identity & Access Management, and Microsoft Teams Calling. Now, we’re growing our Managed Security Services team and looking for a Senior Security Engineer with a passion for proactive threat detection, automation, and innovation. Why Join Quorum? Highly competitive salary + Bonus scheme linked to Microsoft accreditations Flexible holiday buying/selling Home broadband paid Private health care … in our mission to protect, detect, and respond to evolving cyber threats. Your day-to-day will include: Leading as an escalation point for cyber incidents and alerts Integrating threat intelligence into Microsoft Defender and Sentinel Developing, tuning, and managing detection rules and response policies Performing threat hunting across client environments Maintaining and optimising our security tech More ❯