Detection & Threat Hunt Lead Analyst - Cheltenham

Engage at our Cheltenham office. Secure employment is subject to satisfactory BPSS and SC security clearance, requiring five years continuous UK address history (no 30+ consecutive days outside the UK), and declaration of being a British passport holder with no dual nationality at the point of application.

As a member of the SOC Content Team, you will be responsible for contributing to the creation, deployment, and tuning of threat detection content and delivery of proactive threat hunting. You will work in close partnership with client Lead Analysts, threat intelligence teams, and other SOC functions to help ensure that detection strategies are tailored to each client's threat profile and security objectives. This role offers a balance of technical hands on work, collaboration, and knowledge sharing, with a strong emphasis on continual learning and process improvement.

• Threat Detection Use Case Development: Design and implement detection logic aligned to specific threat scenarios, using industry frameworks such as MITRE ATT&CK. Maintain detection content throughout its lifecycle - from development and testing to deployment and tuning. Work with client Lead Analysts to ensure content relevance and effectiveness in detecting threats across various environments.
• Proactive Threat Hunting: Conduct hypothesis driven threat hunts based on client telemetry, threat intelligence, and observed anomalies. Use available data sources and tools to identify suspicious or malicious activity that may bypass existing detections. Document and present findings in a clear and actionable format for both internal teams and clients.
• Content QA and Maintenance: Participate in the review and validation of detection content prior to deployment. Assist in updating runbooks, SOPs, and detection playbooks to reflect changes in tools, threats, or client requirements. Support efforts to maintain consistency, accuracy, and quality in all delivered content.
• Collaboration & Knowledge Sharing: Actively engage with the wider SOC, threat intelligence, and tooling teams to refine detection strategies. Share insights, findings, and improvements with team members through documentation, workshops, or informal sessions. Support cross team initiatives and help drive a culture of continuous improvement and innovation.

• Competitive basic salary
• 25 days' vacation per year
• Private medical insurance
• 3 extra days leave per year for charitable work of your choice
• Flexibility and mobility required - may need to spend time onsite with clients and partners

All employment decisions shall be made without regard to age, race, creed, colour, religion, sex, national origin, ancestry, disability status, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, citizenship status or any other basis as protected by applicable law. Job candidates will not be obligated to disclose sealed or expunged records of conviction or arrest as part of the hiring process.

Closing date for applications: 25/02/26.

Location: Cheltenham.