1 to 25 of 87 Permanent MITRE ATT&CK Jobs in the UK

Coordinating incident response activities for complex security incidents. Monitoring threat intelligence sources, including open-source data, proprietary intelligence, and MSSP insights. Enhancing organizational situational awareness using Mitre ATT&CK modeling and offensive security experience. Identifying and refining security tools, IOCs, controls, and detections based on assessed threats, leading threat hunting activities. Developing and overseeing penetration … threat hunting. Deep knowledge of cyber threats and countermeasures. Advanced analysis skills for events, incidents, and threats. Expertise in Tactics, Techniques, and Procedures (TTP) such as MITRE ATT&CK and MITRE ATT&CK for ICS. Ability to identify security weaknesses and develop remediation strategies. Experience in internal threat hunting activities. More ❯

positives. Output activities from refinement sessions such as development and/or refinement of rules and workbooks. Optimisation activities such as log utilisation tracking and refinement. MITRE ATT&CK heat map coverage. Working with internal ITC teams and the Customer to identify any onboarding or offboarding projects of appropriate log sources necessary for effective security … LLD (co-management activity). Skills required: Hands-on MXDR/SIEM experience (e.g., Sentinel, Splunk, QRadar) Strong telemetry parsing/enrichment skills Solid grasp of MITRE ATT&CK & threat-detection best practices Clear communicator with a customer-focused mindset Passion for continuous improvement in cyber defence Please apply within for further details. Alex Reeder More ❯

using SIEM and EDR solutions. Fine-tune SIEM detection rules, correlation alerts, and log sources to reduce false positives. Analyse threat intelligence feeds, map findings to MITRE ATT&CK framework, and provide actionable security recommendations. Collaborate with SOC teams to investigate alerts, escalate incidents, and improve detection mechanisms. Conduct adversary simulation exercises to test and … minimal levels of supervision. Threat Hunting & Detection (IOC & IOA Analysis, TTP Profiling, Cyber Kill Chain) SIEM Fine-Tuning & Optimisation (QRadar, Splunk, Sentinel, ArcSight) Incident Response & Forensics (MITRE ATT&CK, DFIR, Log Analysis) Threat Intelligence Analysis Security Analytics & Automation (SOAR, YARA Rules, Sigma Rules) Malware Analysis & Reverse Engineering Network & Endpoint Security Monitoring (EDR, IDS/IPS More ❯

using SIEM and EDR solutions. Fine-tune SIEM detection rules, correlation alerts, and log sources to reduce false positives. Analyse threat intelligence feeds, map findings to MITRE ATT&CK framework, and provide actionable security recommendations. Collaborate with SOC teams to investigate alerts, escalate incidents, and improve detection mechanisms. Conduct adversary simulation exercises to test and … operations or on call. Threat Hunting & Detection (IOC & IOA Analysis, TTP Profiling, Cyber Kill Chain) SIEM Fine-Tuning & Optimisation (QRadar, Splunk, Sentinel, ArcSight) Incident Response & Forensics (MITRE ATT&CK, DFIR, Log Analysis) Threat Intelligence Analysis Security Analytics & Automation (SOAR, YARA Rules, Sigma Rules) Malware Analysis & Reverse Engineering Network & Endpoint Security Monitoring (EDR, IDS/IPS More ❯

vulnerabilities. Ability to coordinate and chair regular meetings and workshops with multiple stakeholders to provide guidance, collaboration and oversight of vulnerability remediation initiatives. Excellent understanding of MITRE ATT&CK framework, adversary tactics and techniques. Confidence in presenting information and acting as a source of SME knowledge and guidance. Analytical, conceptual thinking, planning and execution skills. … responsibility models. Strong communication skills with the ability to explain complex security issues to non-technical stakeholders. Knowledge of Zero Trust architecture and security frameworks (e.g., MITRE ATT&CK). Experience in red/blue team exercises. Familiarity with cloud-native security tools and infrastructure-as-code (e.g., Azure Policy, ARM/Bicep, Terraform). More ❯

strategies (e.g., Zscaler, Cisco Umbrella, Infoblox) and their role in threat containment Deep knowledge of Zero Trust Architecture, lateral movement prevention, and alignment to frameworks like MITRE ATT&CK and NIST CSF Excellent communication skills with the ability to influence technical and business stakeholders across all levels of an organization Experience supporting RFP/RFI … and implementation capabilities. Provide input to product teams on feature gaps or enhancements based on customer feedback. Stay abreast of the latest threat trends, frameworks (e.g., MITRE ATT&CK, Zero Trust), and regulatory requirements. Set yourself apart: Industry certifications such as CISSP, SC-200, PCNSE, Fortinet NSE, CCFR, or Zscaler Certified Expert Experience designing or More ❯

Line Management. Maintain, improve and develop team knowledge of SOC tools, security operations and triage. Analyse and improve detection rules and use cases in line with Mitre Att&ck and threat-informed defence. Maintain and update security incident documentation, including incident reports, analysis findings, and recommended mitigation strategies. Represent the SOC within Partners meetings. Ability … in Security Operations Centre. People management experience to help develop Analysts and lead careers. Demonstrable experience of using Microsoft Sentinel and Splunk. Knowledge and experience with Mitre Att&ck Framework. Solid grasp of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, and enterprise AntiVirus products. Good understanding of networking principles including TCP More ❯

Line Management. Maintain, improve and develop team knowledge of SOC tools, security operations and triage. Analyse and improve detection rules and use cases in line with Mitre Att&ck and threat-informed defence. Maintain and update security incident documentation, including incident reports, analysis findings, and recommended mitigation strategies. Represent the SOC within Partners meetings. Ability … in Security Operations Centre. People management experience to help develop Analysts and lead careers. Demonstrable experience of using Microsoft Sentinel and Splunk. Knowledge and experience with Mitre Att&ck Framework. Solid grasp of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, and enterprise AntiVirus products. Good understanding of networking principles including TCP More ❯

Operations Centre (SOC) environment Previous people management or line management experience Strong familiarity with SIEM platforms including Microsoft Sentinel and Splunk Knowledge and use of the Mitre Att&ck Framework for detection and threat analysis In-depth understanding of: Client-server applications and multi-tier web environments Relational databases , firewalls , VPNs , enterprise AntiVirus solutions Networking … capability and supporting career progression Enhancing team knowledge across SOC tooling , detection methodologies , and threat triage Analysing and optimising detection rules and use cases based on Mitre Att&ck Maintaining detailed and up-to-date incident documentation , findings, and mitigation strategies Acting as a representative of the SOC in key meetings and internal stakeholder engagements More ❯

of use cases, threat intelligence, and vulnerability management. Key Responsibilities Lead the DFIR function, overseeing incident detection, investigation, and response activities. Develop and implement IR methodologies (MITRE ATT&CK, Kill Chain, Threat Modelling, Diamond Model). Conduct forensic investigations on systems, networks, and endpoints. Refine threat hunting and threat intelligence capabilities. Support and mature security … cyber incident response teams. Deep technical knowledge of IR and forensic analysis (eg Wireshark, packet capture, host-based artifacts). Strong understanding of security monitoring frameworks (MITRE ATT&CK, NIST, etc.). Experience working in financial services or a regulated environment preferred. Hands-on experience with SIEM tools, network forensics, and endpoint detection. Knowledge of More ❯

for end-to-end incident response operations, including triage, containment, root cause analysis, and post-incident reporting. Perform threat hunting and proactive detection using frameworks like MITRE ATT&CK and threat intelligence. Maintain and enhance SOC playbooks, runbooks, and standard operating procedures to stay aligned with evolving threats and compliance requirements. Hands on with scripting … with security automation; scripting in Python is a strong advantage. Solid understanding of incident response processes, threat intelligence, and security monitoring. Familiarity with frameworks such as MITRE ATT&CK, NIST, and OWASP. Exposure to secure coding practices and DevSecOps environments is a strong plus (not mandatory) Experience working in large enterprise environments and supporting complex More ❯

risk exposure to cyber security, in support of operational and business planning activity across a range of different domains or sectors using established frameworks (e.g. NIST, MITRE ATT&CK, UK Government) Identify mitigations for cyber risk in a given business or operational scenario and threat environment Support development of cyber security risk cases in a … years of experience in security vulnerability, risk, audit & compliance Understand relevant NIST frameworks and ISO27001 standards and how to apply in practice Knowledge of MITRE ATT&CK Essential qualifications for the Cyber Security Risk Consultant: We value difference and we don't have a fixed idea when it comes to background or education, provided you More ❯

secure client environments Investigating threats using logs, network traffic, and endpoint telemetry Supporting response efforts during live security incidents Improving detection rules, playbooks, and tooling with MITRE ATT&CK-driven enhancements Producing clear incident reports for both technical and non-technical audiences Contributing to threat intelligence initiatives Staying ahead of the curve on emerging threats … To secure this SOC role: Proven experience in a Security Operations Centre (SOC) environment Hands-on knowledge of SIEM tools (Microsoft Sentinel, Splunk, etc.) Familiarity with MITRE ATT&CK and threat detection methodologies Strong analytical mindset with log, endpoint, and network analysis skills Understanding of network protocols (TCP/IP, DNS, HTTP, SMTP) Awareness of More ❯

investigate security alerts impacting critical infrastructure. Perform detailed analysis of logs, network traffic, and system events. Support development and improvement of detection use cases aligned with MITRE ATT&CK. Oversee incident documentation, reporting, and remediation advice. Represent the SOC in partner and stakeholder meetings. Contribute to SOC process improvement, skills development, and knowledge sharing. Skills/Must … Have: Strong experience working in a SOC environment. Proven team leadership or people management experience. Expertise in Microsoft Sentinel and Splunk. Familiarity with the MITRE ATT&CK framework. Sound understanding of network protocols (TCP/IP, HTTP, SMTP, etc.), firewalls, VPNs, AV products, and enterprise infrastructure. Desirable skills: Skills in malware analysis or reverse engineering. More ❯

with wider teams. Strong analytical mindset, self-motivated learner, and passionate about cloud security trends and technologies. Good understanding of security frameworks and methodologies such as MITRE ATT&CK, NIST, ISO/IEC 27001, CIS Benchmarks. Desired 5+ years of experience in a similar role such as Cloud Security Consultant, Cloud Security Engineer, or Cloud More ❯

services (e.g., Active Directory, Azure AD). Log Analysis &Forensics: Ability to analyse logs and artifacts from Windows, Linux, and cloud environments. Security Frameworks: Familiarity with MITRE ATT&CK, NIST CSF, CIS Controls. Preferred Qualifications: Industry certifications such as CompTIA CySA+, SSCP,CEH, GCIA, or equivalent. Experience with DevSecOps practices and CI/CD pipeline More ❯

KQL, Azure RBAC, Privileged Identity Management (PIM). Specific knowledge of AWS security stack would be beneficial including GuardDuty, CloudWatch and SecurityHub Familiarity with industry frameworks: MITRE ATT&CK, NIST, CIS, PCI-DSS. Excellent incident response, problem-solving, and communication skills. Preferred Certifications: Microsoft Certified: Cybersecurity Architect Expert (SC-100) Microsoft Certified: Security Operations Analyst More ❯

with SIEM, SOAR, EDR, UTM, and honeypots. Cloud Security: Understanding of cloud platform security measures (AWS, Azure, etc.) Security Frameworks: Advanced knowledge of frameworks such as MITRE ATT&CK, NIST, etc. Consulting Skills: Risk Management: Ability to assess, prioritize, and manage security risks aligned with client needs Strategic Planning: Capable of developing and executing end More ❯

UK. Desirable: Experience in a Managed Services or Managed Security Services Provider (MSP/MSSP). Certifications such as CompTIA Security+, CySA+, or equivalent. Familiarity with MITRE ATT&CK, threat hunting, or scripting (e.g., PowerShell, Python). What’s in It for You £40,000 – £55,000 base salary (depending on experience) Hybrid working model More ❯

and recovery. Experience with digital forensics, chain-of-custody procedures, and forensic tools. Awareness of incident response planning and tabletop exercises. Understanding of frameworks such as MITRE ATT&CK, the Lockheed Martin Kill Chain, or the Diamond Model. Ability to perform dynamic malware analysis. Desirable Qualifications & Skills: Certifications such as ECIH, Security+, BTL1, CySA+, SC More ❯

and KQL Strong knowledge of Active Directory, Windows/Linux systems, and cloud platforms (Azure, AWS, GCP) Proficiency in scripting (PowerShell, Python) Familiarity with security frameworks (MITRE ATT&CK, NIST, Kill Chain) Experience with EDR, DLP, Proxy, and SEG tools Desirable Qualifications Certifications: AZ-500, SC-200, SC-900, CompTIA Security+, CISSP, GCIA, GCIH, GCFA More ❯

and KQL Strong knowledge of Active Directory, Windows/Linux systems, and cloud platforms (Azure, AWS, GCP) Proficiency in scripting (PowerShell, Python) Familiarity with security frameworks (MITRE ATT&CK, NIST, Kill Chain) Experience with EDR, DLP, Proxy, and SEG tools Desirable Qualifications Certifications: AZ-500, SC-200, SC-900, CompTIA Security+, CISSP, GCIA, GCIH, GCFA More ❯

Depth model. Detective monitoring such as Splunk Vulnerability Management - patching techniques Suggested Experience in SOAR system (Phantom) Experience in Anomali Threat Intelligence Platform Analysis based on MITRE ATT&CK Framework Education/Qualifications: Essential Degree educated and/or equivalent experience. PERSONAL REQUIREMENTS Good communication skills A pro-active, motivated approach. The ability to operate More ❯

SOC, and the subsequent implementation of an agreed standard to improve this maturity where appropriate. Familiar with the following tools: Microsoft Sentinel Qualys VMDR Tenable VM MITRE ATT&CK Framework Desirable Certifications, Qualifications Experience: Computer Security Security Blue Team 1 or higher CompTIA Cyber Security Analyst SC-200 Microsoft Security Operations Analyst One of: CREST More ❯

using the ITIL framework. Ability to keep up to date with technology trends and to understand key technical drivers in the industry. Strong understanding of the MITRE ATT&CK and NIST Cybersecurity frameworks. Additional Information Your impact on Radius will be rewarded with the opportunity to develop and progress your career in many directions. You More ❯