1 to 25 of 53 Permanent Threat Detection Jobs in England

/Cyber Threat Detection Analyst - SANS/GIAC Cyber Threat Detection Analyst Location: Wokingham, Berkshire (On-site) Salary: Competitive (dependent on experience) + excellent benefits & training Security Clearance: Ideally SC Cleared or eligible for SC Role Overview As a Cyber Threat Detection Analyst … will play a hands-on role within an advanced cyber defence function, focused on proactive threat hunting, adversary behaviour analysis, and high-fidelity threat detection across enterprise environments. This role goes beyond reactive alert handling. You will actively hunt for malicious activity using telemetry, SIEM data ...

well-established biotech company using large-scale genetic data and AI to predict disease risk and advance precision healthcare. We’re looking for a Threat Detection Engineer who thrives on innovation and technical ownership. This role is not a traditional SOC position, you’ll focus on building high … impact detection capabilities , shaping how security protects sensitive genomic and AI-driven data at scale. This role offers hybrid/remote working options, a salary range of £60,000 - £80,000 and benefits. Why This Role is Exciting High autonomy : Lead projects from idea to deployment Innovation-driven : Develop ...

well-established biotech company using large-scale genetic data and AI to predict disease risk and advance precision healthcare. We’re looking for a Threat Detection Engineer who thrives on innovation and technical ownership. This role is not a traditional SOC position, you’ll focus on building high … impact detection capabilities , shaping how security protects sensitive genomic and AI-driven data at scale. This role offers hybrid/remote working options, a salary range of £60,000 - £80,000 and benefits. Why This Role is Exciting High autonomy : Lead projects from idea to deployment Innovation-driven : Develop ...

Managed Security Services (MSSP) function, reporting directly to the Head of SOC Operations. You will act as the senior technical authority, driving excellence in threat detection, incident response, and security operations across a diverse, multi-client portfolio. While you will lead and mentor a team, this … training, coaching, and technical mentoring Ensure accurate and timely case management (HALO) and delivery against SLAs Technical Leadership & Continuous Improvement Provide expert guidance on threat detection, incident response, and threat hunting Lead escalations for complex or high-severity incidents across client environments Develop and optimise detection ...

critical in improving, developing and maintaining IT/OT vulnerability management programs and processes. This role performs and leads important tasks specialized at threat hunting, SIEM/SOAR, Network Security and other operational security tasks such as performance and availability monitoring, log monitoring, security incident detection and response … analysis. Designs and executes advanced vulnerability assessments using both automated and manual techniques; collaborates with stakeholders to prioritize remediation based on business risk and threat intelligence. Oversees continuous monitoring of threat intelligence feeds and security alerts, proactively identifying emerging risks and recommending strategic countermeasures. Interprets and synthesizes threat ...

within Central Government, the Public Sector, or highly regulated scientific environments. Key Responsibilities Define and lead the Cyber Security Operations Centre (CSOC), ensuring effective detection, response, and remediation of cyber incidents Own and continuously improve the cyber incident response plan, ensuring readiness across the organisation Provide strategic cyber security … advice to senior leadership on monitoring, logging, and threat response Establish a use-case driven monitoring and alerting capability to improve threat detection and response times Oversee threat intelligence, vulnerability management, and proactive risk mitigation across the estate Lead the analysis of network traffic and behaviours ...

week) £65,000 + benefits We're supporting a major organisation operating within a Critical National Infrastructure (CNI) environment to hire a Senior Cyber Threat Hunter Specialist. This is a hands-on, high-impact role Embedded within a mature Security Operations Centre, focused on protecting essential services. The Opportunity … play a key role in Real Time threat detection and response, working across a complex enterprise environment. This position combines SOC operations, threat hunting, and continuous improvement, giving you the chance to influence detection capability and response maturity. What You'll Be Doing Monitoring & Triage Analyse ...

Cyber Defence services to clients across the UK and beyond. Within their Security Practice, they provide a range of services including Managed Detection and Response (MDR), Vulnerability Management, Penetration Testing, Incident Response, and consultancy led Security Advisory services. You’ll be joining a team that values learning, celebrates innovation … will bring strong hands-on experience with Splunk Enterprise Security and a proven track record in delivering cybersecurity projects. This includes designing and implementing detection use cases, tuning alerts, and developing dashboards that provide clear, actionable insights for security operations teams. Experience with SOAR and UEBA technologies is advantageous ...

Cyber Defence services to clients across the UK and beyond. Within their Security Practice, they provide a range of services including Managed Detection and Response (MDR), Vulnerability Management, Penetration Testing, Incident Response, and consultancy led Security Advisory services. You'll be joining a team that values learning, celebrates innovation … will bring strong hands-on experience with Splunk Enterprise Security and a proven track record in delivering cybersecurity projects. This includes designing and implementing detection use cases, tuning alerts, and developing dashboards that provide clear, actionable insights for security operations teams. Experience with SOAR and UEBA technologies is advantageous ...

management of security and privacy risk across the firm’s technology environment. Working with third party service providers, it ensures the effective operation of threat detection, incident response, data protection controls, and operational workflows supporting UK GDPR compliance. This is a hands‐on technical role requiring strong analytical … detail, and a proactive mindset. The ideal candidate will have practical experience with Microsoft security and compliance technologies, an interest in learning advanced detection and automation techniques, and a desire to contribute to a growing, high‐performing security operations capability. Key Responsibilities Monitor security event identification via the third ...

Operations Manager to take full ownership of its security operations function, ensuring the organisation is protected, resilient, and continuously improving against an increasingly complex threat landscape. This is a high-impact position where you'll lead the security operations function end-to-end, driving improvements across threat detection … include: Leading the day-to-day operations of the Security Operations function, including oversight of any outsourced SOC Managing the full incident response lifecycle (detection through to recovery and post-incident review) Overseeing threat detection, vulnerability management, and cyber defence capabilities Driving improvements across SIEM, SOAR ...

QRadar SME/Consultant Role: QRadar Subject-Matter-Expert/QRadar Consultant Specialism(s) : IBM QRadar, SIEM, Log Source Analysis, Detection/Security Engineering, Upgrading & Patching, Tuning, Security Frameworks Type: Contract, Daily Rate Pay Rate: DoE Start: Mid-End May 2026 Location: Remote/Midlands Duration: 3 Months QRadar … support, optimize, and enhance our clients SIEM environment. This role will focus on reviewing the current QRadar deployment, improving log source coverage, strengthening detection capabilities, and ensuring the platform is maintained and upgraded in line with best practices. You’ll act as a subject matter expert, working closely with ...

operation of a centralised SIEM capability, aggregating and analysing logs across infrastructure, networks, and applications Define and drive the organisation’s approach to threat detection, log analysis, and incident response, establishing robust baselines and alerting strategies Take ownership of security incident investigation end-to-end, acting … ideal candidate will bring: Significant hands-on experience designing and operating SIEM platforms (e.g. ELK Stack, OpenSearch, Wazuh, Microsoft Defender), including real-world incident detection and response Deep expertise in Linux and Windows system hardening, with strong familiarity across frameworks such as CIS Benchmarks, STIGs, or equivalent Strong scripting ...

Lead 6 months Bath - hybrid x3 days onsite x2 remote Active SC/DV clearance required £700 per day outside IR35 The SOC Lead - Threat Hunting & Investigations is responsible for leading advanced threat detection, proactive threat hunting, and complex security investigations across the enterprise. This role ...

Cybersecurity Analyst to join its Cybersecurity Operations Group. This role plays a critical part in protecting a complex global technology environment through continuous monitoring, threat detection, and incident response. The successful candidate will work closely with security and IT stakeholders, contributing to the organisation's defensive capabilities while … remaining at the forefront of the evolving threat landscape. Key Responsibilities Monitor and analyse security events across networks, endpoints, and cloud environments using SIEM, EDR, and related security tools, in line with documented SLAs. Investigate, respond to, and resolve security incidents and alerts, ensuring timely detection, containment ...

Cybersecurity Analyst to join its Cybersecurity Operations Group. This role plays a critical part in protecting a complex global technology environment through continuous monitoring, threat detection, and incident response. The successful candidate will work closely with security and IT stakeholders, contributing to the organisation’s defensive capabilities while … remaining at the forefront of the evolving threat landscape. Key Responsibilities Monitor and analyse security events across networks, endpoints, and cloud environments using SIEM, EDR, and related security tools, in line with documented SLAs. Investigate, respond to, and resolve security incidents and alerts, ensuring timely detection, containment ...

operational security function responsible for protecting the organisation's information assets, technology services, and users. This role oversees all security operation functions, incident response, threat detection, vulnerability management, and continuous improvement of the organisation's security posture. Working closely with Infrastructure, Cloud, Architecture, Governance, Compliance and Risk teams … relationship with any outsourced SOC solution ensuring 24/7 monitoring and response coverage. Oversee cyber defence capabilities including SIEM, SOAR, EDR/XDR, threat intelligence, and identity protection. Develop and maintain operational procedures, playbooks, and response frameworks. Direct the full incident response lifecycle: detection, triage, containment, eradication ...

Lead or support incident response activities in line with internal procedures and security standards. Escalate major incidents appropriately and provide timely updates to stakeholders. Threat Detection & Prevention Identify emerging threats, vulnerabilities, and attack trends relevant to the organisation. Tune and optimise security tooling to improve detection capability ...

Your mandate is to take ownership of the Technical Implementation & Engineering Functions, shifting the SOC from a Reactive State to a Proactive, High-Fidelity Detection Powerhouse. You will have the autonomy to set the direction for the practice, architecting how the team utilises SIEM, EDR & IDS Tools. … SIEM Platforms (specifically Microsoft Sentinel) & EDR solutions. You should be comfortable managing these within Complex, Multi-Tenant Environments. The Engineering Edge: Good Background in Detection Engineering, Custom Rule Creation & Log Orchestration. You should be highly proficient in KQL & have good Scripting Capabilities (Python or PowerShell). Onboarding & Architecture: Proven ...

security teams to ensure the right controls, tooling and processes are in place to protect critical systems and data. You will take ownership of detection engineering, SIEM platform performance and the full lifecycle of security detection content, ensuring security monitoring remains effective, scalable and reliable. Key responsibilities include … Acting SME on Splunk Enterprise Security platforms Designing and maintaining log ingestion pipelines and data enrichment processes Developing and tuning detection rules aligned to MITRE ATT&CK techniques Managing the full lifecycle of detection content from design through to optimisation Automating security workflows using scripting, CI/ ...

secure design and operation of critical technology platforms collaborating with platform owners and engineering teams to embed security throughout the lifecycle Incident Response Threat Management Provide technical oversight for incident response threat detection and vulnerability management Lead root cause analysis and remediation of complex security incidents Stakeholder ...

testing and risk analysis to identify and mitigate potential threats. Design and enforce security controls based on identified requirements and gaps in existing structures. Threat Detection and Response Monitor and respond to security incidents ensuring rapid and effective action. Develop comprehensive incident response plans to maintain organisational resilience ...

newly implemented outsourced SOC (NCC Group), leveraging Splunk and CrowdStrike. You will provide senior-level technical expertise to enhance security operations, improve threat detection, and upskill the internal team. Key Responsibilities Lead CrowdStrike Falcon deployment, configuration, and optimisation Design and enhance Splunk SIEM dashboards, alerts, and data models … escalation point for major cyber incidents Develop SOAR automation workflows to improve response times Conduct proactive threat hunting using advanced queries Work closely with SOC partner to optimise security operations Provide training and knowledge transfer to internal teams Mandatory Requirements (Must Have) 5+ years’ experience in Cyber Security Engineering ...

secure design and operation of critical technology platforms collaborating with platform owners and engineering teams to embed security throughout the lifecycle Incident Response Threat Management Provide technical oversight for incident response threat detection and vulnerability management Lead root cause analysis and remediation of complex security incidents Stakeholder ...

Police Digital Services and provides visibility and control of information risks for policing. It supports the 24x7x365 nature of police operations, providing a threat detection and response capability for digital services before, during and after cyber-attacks, enabling stakeholders to understand and proactively manage risk across the technology … onboarding and maintenance of system log sources. Configuring and maintaining the NMC central Microsoft Azure, Lighthouse and Sentinel platform. Developing, maintaining, and deploying detection rules and other SIEM content. Creating custom solutions using both low-code and traditional development approaches. Providing support to forces for the configuration of Sentinel ...