1 to 25 of 59 Permanent Threat Detection Jobs in London

we are dedicated to protecting our organization from evolving threats. We are looking for a skilled and passionate Senior Security Engineer to focus on Threat Detection and Response in a dynamic, hybrid cloud environment. This is a unique opportunity to lead and enhance our capabilities in detecting, investigating … with cross-functional teams across the Information Security organization and external partners. We lead key initiatives, including security monitoring, incident response, vulnerability management, and threat intelligence, all aimed at strengthening our security posture and ensuring resilience against emerging threats. About the role & what you'll do: As a Senior … Security Engineer specializing in Threat Detection and Response, you will be at the forefront of our security efforts, leading incident response investigations, driving incidents to resolution, and implementing improvements based on lessons learned. Additionally, you will develop and automate detection and response workflows, elevating the efficiency and More ❯

A forward-thinking Financial Services firm is seeking a Threat Detection Automation Analyst to join its Threat Intelligence team. They are looking for an individual to join and help drive forward a baseline of threat detection use cases in their SIEM (Splunk). They have … just established a new detection-as-code pipeline from a GitHub repository and are in the next phase of populating new use cases. This role will involve writing new use cases based on the output and direction of the threat intelligence team, as well as testing use cases … with a new breach and attack simulation tool. Ideally, the individual joining will have experience of both SIEM detection engineering and using a BAS tool. Coupled with sound knowledge of the current Cyber threat landscape including groups, TTPs and attack vectors relevant to Financial Services. To be considered More ❯

Cyber Threat Intelligence (CTI) Manager 📍 Location: Hybrid – London 💼 Type: Permanent A high-impact greenfield role with a global aviation and travel leader, this is an opportunity to shape the CTI capability from the ground up. We’re supporting a well-established organisation in their search for a Cyber Threat Intelligence Manager to define and lead threat intel strategy across a complex, multi-entity environment. 🔧 The Role: As CTI Manager, you’ll be responsible for: Designing and building a greenfield CTI function to support proactive threat detection and strategic decision-making Developing a threat intelligence … strategy aligned with business risks and SOC priorities Collaborating with a newly selected MSSP to integrate threat feeds, TTPs, and IOCs into detection and response workflows Defining intelligence requirements, deliverables, and reporting outputs across OpCos and leadership teams Supporting SOC and CIRT operations through contextualised intelligence and threat More ❯

enhancing our cybersecurity framework by leading the integration and utilization of these key security tools. Responsibilities include designing and optimizing SIEM rules for superior threat detection and incident management, deploying SOAR tools for automated security responses, and ensuring robust API security. The engineer will oversee the performance and … with existing tools, utilizing them to elevate existing Security Operations Design and optimize SIEM (Security Information and Event Management) rules using FortiSIEM to enhance threat detection and streamline incident response activities Deploy and manage Endpoint Detection and Response (EDR) solutions, specifically FortiEDR, SentinelOne, and Defender for Endpoint … Proven experience with Microsoft Sentinel and Defender XDR products Strong background in SIEM rule design and optimization Extensive experience in implementing and overseeing Endpoint Detection and Response (EDR) solutions Experience with SOAR tools and automated security response implementations Familiarity with API security protocols and measures Ability to analyze large More ❯

Compliance services, including IAM, AWS Organizations, SCPs, Secrets Manager, AWS Config, GuardDuty, Security Hub, CloudTrail, and AWS KMS for encryption, ensuring robust cloud security Threat Detection & Compliance: Implementation of AWS security tools like Amazon Detective, AWS Shield, WAF, AWS Firewall Manager, enforcing security compliance standards such as ISO … Tools (Terraform, Helm, Ansible, Kustomize etc.) CI/CD & Security Automation Cloud Cost Optimization & FinOps (AWS Trusted Advisor, Compute Savings Plans, cost forecasting strategies) Threat Intelligence & Compliance (ISO 27001, SOC2, GDPR, NIST frameworks) AWS-native Security Services (Macie for sensitive data discovery, Inspector for vulnerability scanning, GuardDuty for threat detection) Programming & Scripting (proficiency in Python and Shell Scripting for automation, cloud resource management, and infrastructure monitoring) AWS Database Expertise AWS Networking Expertise (strong knowledge of VPC design, Subnetting, Route Tables, NAT Gateways, Transit Gateway, VPC Peering, Direct Connect, PrivateLink, ALB/NLB/CLB Load Balancers, AWS More ❯

managing SIEM tools such as QRadar and/or Sentinel. You’ll be working closely with end customer stakeholders, undertaking proactive risk management, and threat detection consulting. Key Responsibilities of the Role: Manage, build, and develop stakeholder relationships through regular meetings, strategic updates and consultative insights Lead comprehensive … and incident response processes acting as a point of escalation and point of contact for internal and external stakeholders Provide clear actionable guidance on threat detection while consulting with technical and non-technical stakeholders Review security posture of client businesses, perform gap analyses, and create and deliver reports More ❯

provides the deepest asset visibility and the broadest, built-for-CPS solution set in the market comprising exposure management, network protection, secure access, and threat detection - whether in the cloud with Claroty xDome or on-premise with Claroty Continuous Threat Detection (CTD). Backed by award … winning threat research and a breadth of technology alliances, The Claroty Platform enables organizations to effectively reduce CPS risk, with the fastest time-to-value and lower total cost of ownership. Our solutions are deployed by over 1,000 organizations at thousands of sites across all seven continents. A More ❯

Bumble is looking for a Threat Detection and Analysis Engineer to join our team and play a key role in fulfilling our mission to create a world where all relationships are healthy and equitable. Concretely this means you will be analysing data to prevent unintended uses for products … for our users, and improve the way Bumble operates. As a member of the Bumble Trust Engineering team, you are the first line of detection of bad actors using Bumble in unwanted and unexpected ways. As Bumble's customer base and suite of products grow, protecting customers from threats … sharing, and open-sourcing. What you will be doing: Analyse data across Bumble Inc products and implement logic for proactive discovery and prevention of threat actors and unwanted activity Develop new analytics and dashboards to visualise and surface data for analysis, reporting, and planning Develop and execute code to More ❯

in Cyber Security Operations Centre (SOC) practices. This role is ideal for someone with a strong ability to analyse and enhance SOC effectiveness, from threat detection to incident response, and provide clear and appropriate advice and guidance. Key Responsibilities of the SecOps Consultant Collaborate with clients to improve … SOC operations, particularly around threat detection, and IR. Conduct SOC readiness assessments, identifying capability gaps and recommending improvements Provide strategic guidance on SOC tool selection, configuration, and integration based on operational needs. Monitor emerging threats and trends, advising stakeholders on potential impacts and mitigation strategies. Deploy, configure, and … manage security tools to optimize detection, response, and reporting functions. Skills & Knowledge Solid... More ❯

leading business, contribute to cutting-edge security operations, and play a key role in enhancing security capabilities across global retail clients. Key Responsibilities Advanced threat detection and monitoring using industry-leading tools. Building and tuning detections using Kusto Query Language (KQL). Responding to and managing security incidents … effectively. Engineering robust detections and performing proactive threat hunts. Supporting security automation and infrastructure-as-code initiatives. Qualifications We're looking for someone with relevant experience in the following: Security Monitoring & Detection (e.g., XDR tools like Carbon Black, Microsoft Defender XDR, CrowdStrike) Strong KQL capabilities for log analysis … and detection tuning Cloud Security (Microsoft Azure, Google Cloud Platform) Kubernetes and container technologies (e.g., Docker) Threat Hunting, Detection Engineering, Incident Response Security Automation (SOAR), Hyper Automation practices Familiarity with the MITRE ATT&CK framework SIEM platforms (Microsoft Sentinel, Splunk, Google Chronicle, etc.) Experience with Zero Trust More ❯

leading business, contribute to cutting-edge security operations, and play a key role in enhancing security capabilities across global retail clients. Key Responsibilities Advanced threat detection and monitoring using industry-leading tools. Building and tuning detections using Kusto Query Language (KQL). Responding to and managing security incidents … effectively. Engineering robust detections and performing proactive threat hunts. Supporting security automation and infrastructure-as-code initiatives. Qualifications We're looking for someone with relevant experience in the following: Security Monitoring & Detection (e.g., XDR tools like Carbon Black, Microsoft Defender XDR, CrowdStrike) Strong KQL capabilities for log analysis … and detection tuning Cloud Security (Microsoft Azure, Google Cloud Platform) Kubernetes and container technologies (e.g., Docker) Threat Hunting, Detection Engineering, Incident Response Security Automation (SOAR), Hyper Automation practices Familiarity with the MITRE ATT&CK framework SIEM platforms (Microsoft Sentinel, Splunk, Google Chronicle, etc.) Experience with Zero Trust More ❯

A leading Financial Services firm seeks a Threat Intelligence Lead to spearhead their Global threat intelligence initiatives and enhance their Cyber Defence strategy. This is a hands-on, technical role focused on Threat hunting, Malware analysis, and tracking changes made by Threat Actors. This position plays … a key role in shaping the Cyber Defence strategy, driving deliverables, and focusing on Threat-led and Threat detection activities. The organisation is investing in new tooling, including the procurement of a new TIP solution. The individual in this role will be responsible for building and implementing More ❯

Detect, monitor and analyze security alerts from various sources to detect and respond to potential threats in real-time. Develop, implement, and fine-tune detection rules and correlation logic to improve threat detection capabilities. Conduct in-depth investigations of security incidents, perform forensic analysis, and coordinate incident … activities. Maintain and optimize security information and event management systems and other security tools used in the SOC. Collaborate with other teams to enhance threat intelligence, improve incident response procedures, and provide regular reports on security posture. A day in the life As a Security Engineer in Detections, your … Security Engineers with security engineering, security operations and incident response activities. You will be responsible for coordinating and facilitating security response activities, fine-tuning detection rules. You'll investigate potential incidents, collaborate with threat intelligence teams, and develop new detection algorithms. About the team AWS-SOC Team More ❯

controls, policies, and technologies effectively protect the organisation’s assets, infrastructure, and data. You will work closely with senior leadership, providing expert guidance on threat mitigation and security best practices. If you thrive in a dynamic environment and have a passion for building and evolving enterprise security programs, we … Lead vulnerability management and remediation efforts, ensuring timely identification and mitigation of risks across cloud and on-premises environments. Enhance and manage security monitoring, detection, and response capabilities using Microsoft security tools such as Microsoft Defender, Sentinel, and Entra ID security features. Drive the security architecture and engineering strategy … of securing Microsoft and Azure-based environments, including cloud, hybrid, and on-premises infrastructure. Hands-on experience in managing and responding to security incidents, threat hunting, and vulnerability remediation. Strong background in implementing and overseeing security monitoring and detection capabilities using SIEM, EDR, and XDR solutions. Experience leading More ❯

secure and scalable cloud environments for a high-priority central government digital initiative. This role will place you at the centre of cloud-native threat detection and response, with a specific focus on deploying, tuning, and operationalising GuardDuty . You will act as the subject matter expert for … integrating GuardDuty across multiple AWS accounts and ensuring that detection capabilities are aligned to threat models, incident response playbooks, and compliance objectives. Key Responsibilities: Act as SME for AWS GuardDuty : deployment, configuration, alert tuning, and integration with downstream response processes Work with platform, architecture, and SOC teams to … embed GuardDuty into security operations and agile delivery workflows Define detection rules and thresholds aligned to business risk and threat profiles Advise on triage processes, integration with SIEM tooling, and use of GuardDuty findings for incident investigation Support wider AWS security efforts including posture management, governance, and compliance More ❯

Cyber Security Engineering Lead acts as the technical authority across all domains of cloud and endpoint security, taking full ownership of hardening, automation, and threat mitigation. The role is not managerial in the traditional sense it exists to drive technical capability, mentor through engineering leadership, and deliver resilient, scalable … for Cloud, Purview DLP, Azure Firewall, and related services. Integrate security into DevOps pipelines, CI/CD, infrastructure-as-code, and container workflows. Automate threat detection and response using Microsoft Sentinel SOAR, custom playbooks, and telemetry pipelines. Platform Security Oversight Own and optimise endpoint security through Intune, ensuring … micro-perimeter security, and policy-based routing for hybrid network models. Oversee DNS, web access, and remote gateway protection at the edge. Security Operations & Threat Defence Act as the technical escalation point for complex threat investigations and incident response. Lead red-teaming simulations, vulnerability assessments, and threat More ❯

Detect, monitor and analyze security alerts from various sources to detect and respond to potential threats in real-time. Develop, implement, and fine-tune detection rules and correlation logic to improve threat detection capabilities. Conduct in-depth investigations of security incidents, perform forensic analysis, and coordinate incident … activities. Maintain and optimize security information and event management systems and other security tools used in the SOC. Collaborate with other teams to enhance threat intelligence, improve incident response procedures, and provide regular reports on security posture. A day in the life As a Security Engineer in Detections, your … Security Engineers with security engineering, security operations and incident response activities. You will be responsible for coordinating and facilitating security response activities, fine-tuning detection rules. You'll investigate potential incidents, collaborate with threat intelligence teams, and develop new detection algorithms. About the team AWS-SOC Team More ❯

responsibilities - Monitor and analyze security alerts from various sources to detect and respond to potential threats in real-time. - Develop, implement, and fine-tune detection rules and correlation logic to improve threat detection capabilities. - Conduct in-depth investigations of security incidents, perform forensic analysis, and coordinate incident … activities. - Maintain and optimize security information and event management systems and other security tools used in the SOC. - Collaborate with other teams to enhance threat intelligence, improve incident response procedures, and provide regular reports on security posture. A day in the life As a Security Engineer in Detections, your … Security Engineers with security engineering, security operations and incident response activities. You will be responsible for coordinating and facilitating security response activities, fine-tuning detection rules. You'll investigate potential incidents, collaborate with threat intelligence teams, and develop new detection algorithms. About the team Diverse Experiences Amazon More ❯

to come. About Us Our UK&I Advisory Practice is a leader in cyber security transformation, partnering with organizations to tackle the evolving digital threat landscape. We combine technical expertise with strategic business insight to deliver end-to-end cyber solutions that enable innovation and secure digital growth. Role … actionable strategies. Guide clients through compliance with DORA, NIS2, and UK regulatory frameworks. Design comprehensive cyber security architectures that integrate cloud, identity, data, and threat protection. Build actionable implementation roadmaps considering business objectives and constraints. Evaluate and integrate partner technologies (e.g., Microsoft, AWS, GCP) for optimal client outcomes. Deliver … business cases that communicate ROI and business enablement. Conduct maturity assessments using frameworks such as NIST CSF, ISO 27001, and industry-specific standards. Facilitate threat and risk workshops tailored to client environments. Showcase innovation through demos of emerging technologies like XDR, SASE, and SOAR. Practice Development Mentor consultants and More ❯

Tooling: Select, implement, and operate key tools across GCP , such as Cloud Armor , Cloud Identity , Security Command Center , and VPC Service Controls for ongoing threat detection and response. Integrate Security in SDLC: Collaborate with product and engineering teams to integrate security into every stage of the software development … lifecycle. Threat Modeling and Risk Analysis: Perform structured threat modeling using frameworks such as STRIDE and PASTA to proactively mitigate security risks. Champion Developer Education: Promote secure development practices by educating engineers on cloud and application security fundamentals. Mentor and Lead: Act as a mentor to future hires … including IAM , WAFs , SIEM , CSPM , and vulnerability scanners. Technical Skills: Proficiency in at least one scripting or programming language (e.g. Python, Go, Bash). Threat Modeling: Practical knowledge of frameworks like STRIDE and PASTA. Education: Bachelor's degree in Computer Science, Information Security, or a related technical field. Collaborative More ❯

security operations that protect the organisation's people, systems, and data. This includes direct ownership of security controls, security testing, vendor management, vulnerability and threat management, and incident response. You will work daily with the Group CISO to support consistent, high-assurance security practices across all regions, in-line … global Cyber Incidents by supporting the CISO team. Additionally, you will be: Working collaboratively with the SOC to ensure 24/7 visibility and threat detection across global environments, driving maturity and constant improvements to support the ever-changing threat landscape. Defining and monitoring KPIs for detection … Ensuring security controls are deployed, tuned, and monitored effectively across cloud and on-premises assets. Leading the organisation's global vulnerability management program, ensuring threat led and risk-based prioritization, along with collaboration with IT for timely remediation. Leading on and refining the incident response playbooks Support the Group More ❯

Lead security assessments and provide expert guidance on risk mitigation Design and implement robust security controls across systems and networks Support incident response and threat detection activities Collaborate with DevOps and infrastructure teams on secure design and delivery Advise clients on best practices aligned with industry standards and More ❯

of the latest technologies, cloud computing advancements, industry best practices, and emerging security solutions. Continuously expand expertise in areas such as hybrid cloud environments, threat detection, and vulnerability remediation to improve organisational capabilities. Firewall and Compliance Management: Oversee firewall configurations, internal and cloud security policies, and compliance enforcement … including achieving annual Cyber Essentials accreditation. Develop and implement corporate security policies to meet evolving organisational and regulatory requirements. Threat and Vulnerability Management: Monitor and mitigate threats using advanced detection and remediation strategies to maintain the security of infrastructure, data, and services. Infrastructure Stability and Development: Deliver and More ❯

Delivery Support Act as a technical mentor for development teams, ensuring best practices in cloud solution implementation. Oversee cloud security controls, including access management, threat detection, and incident response strategies. Troubleshoot and resolve complex cloud infrastructure and application architecture challenges. Your Profile Essential skills/knowledge/experience … of transitioning strategies from legacy to cloud-native applications. Security & Compliance - Strong understanding of cloud security controls, IAM, compliance frameworks (GDPR, SOC2, NIST), and threat mitigation strategies. Strategic Collaboration - Experience working with CIOs and IT leaders to define digital transformation roadmaps. TOGAF Certification Microsoft Azure Solutions Architect SABSA (Security More ❯

Lead security assessments and provide expert guidance on risk mitigation Design and implement robust security controls across systems and networks Support incident response and threat detection activities Collaborate with DevOps and infrastructure teams on secure design and delivery Advise clients on best practices aligned with industry standards and More ❯