8 of 8 Contract Threat Detection Jobs in the UK

Key Responsibilities Design, develop and deploy detection logic across SIEM, EDR and cloud security platforms. Build detections aligned with frameworks such as MITRE ATT&CK and continuously tune for accuracy and performance. Conduct threat modelling and participate in purple team exercises to assess and improve detection effectiveness. Use Detection-as-Code principles to manage detection rules via version control, CI/CD pipelines and automated testing frameworks. Reduce false positives through tuning, enrichment and contextual awareness. Skills Expertise in detection engineering, threat hunting, or a related Cyber Security field. Proficiency in Sentinel, KQL, XDR and Splunk is required. Experience with SIEM platforms (e.g. Splunk, Sentinel, Elastic), EDR tools (e.g. CrowdStrike, SentinelOne), and …/or cloud-native security services (e.g. AWS GuardDuty, GCP Chronicle). Ability to create and iterate on detection content (e.g. SIEM rules, correlation searches and detection-as-code signatures) to proactively identify malicious behaviour and improve threat visibility and reduce false positives Familiarity with MITRE ATT&CK framework and threat detection lifecycle. More ❯

IR35 - 3 days a week on-site** Key Responsibilities SIEM Management & Optimization: Design, implement, and maintain Microsoft Sentinel workspaces, connectors, analytics rules, and playbooks Develop advanced KQL queries for threat hunting and reporting Optimize SIEM performance, cost, and data retention policies Troubleshoot log ingestion and parsing issues Log Source Integration: Onboard and configure critical log sources (AD, firewalls, servers … cloud infrastructure) Manage event collection and forwarding infrastructure Implement data filtering and custom log parsing Threat Detection & Use Case Development: Develop and refine detection rules based on threat intelligence and attack patterns Continuously improve detection efficacy and reduce false positives Security Monitoring & Incident Response: Monitor systems for anomalies and malicious activity Contribute to threat More ❯

role requires deep expertise in SIEM platforms, including Splunk, IBM QRadar, Microsoft Defender, Microsoft Sentinel, and Google Chronicle, with a strong focus on playbook development, analytical rule creation, and threat modelling. You will be instrumental in building and optimizing our detection and response strategies. Job Duties SIEM Engineering & Management Deploy, configure, and maintain SIEM platforms (Splunk, QRadar, Sentinel … Defender, Chronicle). Onboard and normalize log sources across cloud and on-prem environments. Develop and optimize analytical rules for threat detection, anomaly detection, and behavioural analysis. Skills Must be able to obtain SC Clearance or already hold SC clearance. SIEM Expertise: Hands-on experience with at least two of the following: Splunk IBM QRadar Microsoft Defender More ❯

Via Umbrella inside IR35 Clearance required: Active SC is essential Role purpose/summary SIEM Deployment & Management - Set up, configure, and maintain SIEM tools like ArcSight, Splunk, or QRadar. Threat Detection & Analysis - Monitor security logs, detect anomalies, and investigate potential threats. Incident Response - Work with security teams to analyze and mitigate security incidents. Custom Rule Creation - Develop and … fine-tune detection rules and alerts to identify malicious activities. Security Reporting - Generate reports on security events, trends, and system performance. Collaboration - Work with IT and security teams to improve overall cybersecurity posture. Required Skills & Qualifications Technical Expertise - Strong knowledge of SIEM platforms, network security, and cybersecurity frameworks. Certifications - CISSP, CEH, GIAC, or vendor-specific SIEM certifications. Programming & Scripting More ❯

experience onboarding and managing log sources in Azure Sentinel . Hands-on experience configuring data connectors and diagnostic settings in Azure . Solid understanding of use case development and detection engineering . Knowledge of PowerShell, KQL (Kusto Query Language), and JSON formatting . Familiarity with identity-related logs (Azure AD, ADFS, M365 Defender, etc.) . Experience working in a … Security Operations environment or supporting SOC functions . Understanding of network and host-based telemetry relevant for threat detection Desirable . Azure certifications (SC-200, AZ-500, MS-500) . Experience with LogRhythm SIEM Platform . Knowledge of SOAR tools and automation (Logic Apps, Sentinel Playbooks) Please be aware that this role can only be worked within the More ❯

and LogRhythm to join our Security Operations Center team. The ideal candidate will be responsible for monitoring, analyzing, and responding to security incidents, optimizing SIEM configurations, and contributing to threat detection and response strategies. This role requires hands-on experience with both platforms and a deep understanding of cybersecurity principles and incident management. Key Responsibilities: Monitor and investigate … security alerts from Microsoft Sentinel and LogRhythm . Analyze logs, network traffic, and other data sources to detect threats and suspicious activities. Develop and tune detection rules, analytics, and alerting logic in both SIEM platforms. Collaborate with incident response teams to contain and remediate security incidents. Create dashboards, workbooks, and reports for stakeholders. Perform threat hunting activities and More ❯

month contract I am looking for an experienced Cyber Security specialist to join a busy Security Team for our client in central Glasgow. You will be enhancing their threat detection and incident response capabilities by designing and maintaining SIEM content, build SOAR automations, and integrate security tools to streamline their SOC operations. Key responsibilities: Develop and optimise detection … Maintain and monitor SIEM/SOAR platforms for performance and stability. Essential skills: Proven background in cyber security, including SOC or incident response roles. Excellent skills and experience in detection engineering or incident response. Ability in developing SOAR automations. Strong Python scripting and query language skills (SPL, EQL, SQL). Excellent knowledge of MITRE ATT&CK, TCP/IP More ❯

and draw out an improvement plan based on findings. Address known/newly identified configuration weaknesses within out WAF/F5 deployment that may impact the effectiveness of our threat detection and mitigation controls e.g, several recommended protection policies need to be reviewed due to complex nature of our deployment web application estate. We need a robust solution More ❯