1 to 25 of 29 Permanent SOAR Jobs in the UK

seeking an experienced Senior SOAR Engineer to join the Cyber Security function of a leading investment bank. This is a key technical role within the Security Engineering team, where you will act as the primary owner of the SOAR platform, driving its design, configuration, maintenance, and continuous enhancement. You will … and the ability to collaborate across Security Operations, Engineering, and DevOps teams. What you'll do: Act as the Subject Matter Expert (SME) for Security Orchestration, Automation and Response (SOAR). Lead the configuration, enhancement, and ongoing maintenance of the SOAR platform (Chronicle SOAR). Own and maintain architectural documentation ...

framework Knowledge of network security, firewalls, VPNs, endpoint security and malware analysis Experience with threat hunting and detection engineering Desirable Experience with SOAR platforms and security automation Scripting experience using PowerShell or Python Cloud security monitoring experience ( Azure preferred ) Relevant certifications such as CySA+, GIAC, GCIH, GCFA or Microsoft ...

framework Knowledge of network security, Firewalls, VPNs, endpoint security and malware analysis Experience with threat hunting and detection engineering Desirable Experience with SOAR platforms and security automation Scripting experience using PowerShell or Python Cloud security monitoring experience ( Azure preferred ) Relevant certifications such as CySA+, GIAC, GCIH, GCFA or Microsoft ...

investigate incidents and deliver containment, remediation, and root cause analysis; produce high-quality intel-informed incident reports. Create and tune detections (e.g., SIEM/SOAR, EDR) using intelligence signals (TTPs, behaviors, YARA/Sigma where applicable). Produce and present consumable intelligence outputs (e.g., flash alerts, threat overviews, executive briefs ...

enrichment, and define standardized and automated containment workflows. Develop and manage operational procedures and reporting methodology. Manage and oversee security technology platforms (e.g. SIEM, SOAR, EDR, and email security). Monitor ongoing control performance and coordinate remediation where gaps are found. Automate operation procedures and reporting processes and integrate outputs ...

developing and maintaining IT/OT vulnerability management programs and processes. This role performs and leads important tasks specialized at threat hunting, SIEM/SOAR, Network Security and other operational security tasks such as performance and availability monitoring, log monitoring, security incident detection and response, security event reporting, and content ...

generalist cyber security role. Key Responsibilities Administer and optimise Microsoft Sentinel (or equivalent SIEM), including log ingestion, parsing, normalisation, and retention. Develop and maintain SOAR workflows and automation using Azure Logic Apps, Python, PowerShell, Bash, and KQL. Onboard and manage security telemetry from a range of data sources. Design, implement … procedures. Skills & Experience Experience engineering and supporting SIEM platforms, ideally Microsoft Sentinel. Strong scripting and automation skills (Python, PowerShell, Bash, KQL). Experience with SOAR technologies and security automation. Knowledge of detection engineering and threat hunting. Strong understanding of Windows and Linux logging. Good networking knowledge including TCP/ ...

and remediation Support detection engineering including rule deployment, tuning, and validation Resolve data quality, alerting, and detection gaps impacting operational effectiveness Support automation and SOAR initiatives (e.g. Sentinel, Logic Apps) Collaborate with SOC providers to maintain SIEM configuration and log ingestion Maintain accurate engineering documentation, runbooks, and platform records Ensure ...

content lifecycle: design, test, deploy, monitor, tune and retire, using version control and rollback processes. Automate workflows and platform configurations using CI/CD, SOAR, scripting and Infrastructure as Code tools such as Terraform and Ansible. Ensure platform performance, stability and resilience through capacity planning, high availability, disaster recovery and ...

Palo Alto, Cisco), WAF/DDoS protection (Imperva), and Microsoft Gateways. Threat Detection & Response: Oversee email/web security gateways (Mimecast, Menlo), SIEM/SOAR platforms, and EDR/XDR alert response (CrowdStrike, Rapid7 IDR). Identity & Access Management: Administer MFA/SSO protocols using Okta and Microsoft Entra ...

working directly with security tooling in live environments Cloud security (Microsoft 365, Azure, AWS) Strong technical exposure to security tooling, such as: SIEM/SOAR, EDR/XDR, vulnerability scanners, patch management, CASB, DLP Good firewall experience Solid understanding of networking fundamentals (TCP/IP, firewall policies, VPNs) Desirable experience ...

environments • Configure and optimise security policies including DLP, CASB, FWaaS, segmentation, and secure web access • Integrate Zero Trust solutions with identity providers, SIEM/SOAR platforms, and endpoint security tooling • Conduct threat modelling, risk assessments, and security architecture reviews • Troubleshoot complex deployment and access issues across enterprise environments • Provide technical ...

hybrid environments Oversee patching, upgrades, and platform performance Drive platform improvements and engineering enhancements Support detection engineering, tuning, and platform optimisation Lead automation and SOAR initiatives to improve efficiency Collaborate with SOC providers on SIEM governance and data ingestion Ensure platforms meet regulatory and compliance requirements Maintain engineering documentation, standards ...

documents for security solutions. Strong understanding of Security Operations/SOCs. Hyperscaler experience (AWS, Azure, GCP); Professional Cloud Architect cert preferred. SIEM/SOAR tooling (e.g., Google SecOps/Chronicle). EDR/XDR/NDR experience (e.g., Crowdstrike, Corelight, Microsoft Defender XDR). What's on Offer Permanent ...

with clear RACI and coherent operating model. Govern the security tooling strategy and operating model (build vs. buy vs. MSSP); maximize value from SIEM, SOAR, IAM, PAM, EDR, DLP, DSPM, and CTI platforms. Security Operations & Incident Response Accountable for SOC performance (24×7 detection, response, threat hunting), DFIR, purple-team ...

Implement identity access control measures and DLP controls Respond to Tier 3 security incidents Monitor threat intelligence Participate in pentests Engineer Microsoft Sentinel detections & SOAR playbooks Cyber Security Engineer: Technical Experience Microsoft Security: Defender of Endpoint, Identity, Cloud Apps, Office 365 Azure AD Microsoft Purview Cloud & Endpoint Security Azure Sentinel ...

and optimisation of technologies such as Zscaler, Netskope, Prisma Access, or similar platforms • Oversee integration of Zero Trust solutions with identity providers, SIEM/SOAR tooling, endpoint security, and cloud environments • Conduct architecture reviews, threat modelling exercises, gap assessments, and security strategy workshops • Lead proof-of-concept exercises, vendor evaluations ...

FWaaS) Manage application segmentation, secure connector deployment, and client connector rollouts. Integrate Zero Trust platforms with identity providers, endpoint security tools, and SIEM/SOAR environments. Support the migration of legacy VPN, firewall, and proxy solutions toward cloud-native security architectures. Conduct proof-of-concept exercises, technical evaluations, and architecture ...

troubleshooting issues, and ensuring reliable performance across both Linux and Windows platforms. Alongside core system administration duties, you'll support security tooling (SIEM and SOAR), ensuring systems are correctly configured to collect, process, and deliver accurate data. You'll also help onboard new systems and data sources, ensuring they integrate ...

Microsoft 365, identity and endpoint ecosystems. - Strong understanding of ITIL based service management and operational governance. - Experience with DMS platforms (desired) - Familiarity with SIEM, SOAR and modern security tooling. Head of IT Infrastructure/Head of IT Platforms In accordance with the Employment Agencies and Employment Businesses Regulations 2003, this ...

Microsoft Security Copilot to support cybersecurity tasks including threat hunting, triage, investigations and response, and creating security incident response playbooks. Build and maintain SOAR playbooks integrated with various security platforms (e.g., SIEMs, EDRs, identity platforms) to streamline incident response and automation. Lead automation initiatives to eliminate manual processes, improve … and automated controls. Comfortable writing scripts using languages such as Python, PowerShell, or Bash, and experience with automation platforms such as Azure Logic Apps, SOAR tools (e.g., Microsoft Sentinel, Splunk SOAR, Cortex XSOAR). Experience building and tuning detections using SIEM platforms (e.g., KQL, SPL) and working with security telemetry ...

and optimise SIEM performance, coverage, and detection fidelity Assess and improve SIEM architecture, including ingestion pipelines, parsing, and correlation logic Implement automation and orchestration (SOAR) to streamline response activities Log Source Onboarding & Integration Identify and onboard new log sources across cloud, network, endpoint, and application environments Develop custom parsers, connectors … agents) Experience in detection engineering, threat modelling, and attacker behaviour analysis Proven ability to build and tune correlation rules, dashboards, and alerts Familiarity with SOAR tools and automation workflows Security Knowledge Solid understanding of networking, Windows/Linux systems, cloud platforms (Azure, AWS, GCP), identity systems, and endpoint security tools ...

Support – Assist with demos, scoping, and proof-of-value activities where required. Core Duties Automation Design & Development Build and maintain workflows across SIEM, EDR, and SOAR platforms Develop reusable scripts, templates, and components Ensure solutions support secure, multi-tenant environments Integration & Response Automation Orchestrate containment, enrichment, and remediation actions Integrate … cloud security, identity, and event-driven automation Strong communication and analytical skills Security clearance (NPPV and/or SC) may be required. Technical Knowledge Security orchestration and automation principles Scripting and integration patterns (APIs, webhooks) SOC detection and response workflows Threat intelligence integration and use case design Cloud and identity ...

engineering, cloud security, incident response, vulnerability management, and security architecture.Key Responsibilities Design, implement, and improve security controls across cloud and enterprise infrastructure Enhance SIEM, SOAR, and EDR/XDR capabilities including alerting, tuning, and integrations Build intelligent detection and response workflows Develop automation solutions using scripting and AI-assisted tooling … Monitor emerging threats and recommend improvements to security posture Technical EnvironmentThe team works across a modern cloud-first stack with exposure to: SIEM/SOAR platforms EDR/XDR tooling AWS cloud environments Identity & Access Management Vulnerability Management Security Automation & Scripting CSPM tooling AI-assisted security operations What ...

engineering, cloud security, incident response, vulnerability management, and security architecture.Key Responsibilities Design, implement, and improve security controls across cloud and enterprise infrastructure Enhance SIEM, SOAR, and EDR/XDR capabilities including alerting, tuning, and integrations Build intelligent detection and response workflows Develop automation solutions using scripting and AI-assisted tooling … Monitor emerging threats and recommend improvements to security posture Technical EnvironmentThe team works across a modern cloud-first stack with exposure to: SIEM/SOAR platforms EDR/XDR tooling AWS cloud environments Identity & Access Management Vulnerability Management Security Automation & Scripting CSPM tooling AI-assisted security operations What ...