threat detection, anomaly detection, and behavioural analysis. Playbook Development & Automation Design and implement incident response playbooks for scenarios such as phishing, lateral movement, and data exfiltration. Integrate playbooks with SOAR platforms (e.g., Microsoft Logic Apps, XSOAR) to streamline triage and automate response. Refine playbooks based on threat intelligence and incident insights. Threat Detection & Response Monitor and analyse security alerts andMore ❯
record of team development and cross-functional collaboration Preferred Qualifications Security certifications such as CISSP, GCIH, GCFA, OSCP, or SIEM-specific certifications Experience leading SOC optimization projects and implementing SOAR solutions Background in offensive security (Red Team/Purple Team) is a plus Why Join? Opportunity to lead and build cutting-edge SOC operations Work with top-tier security professionals More ❯
Leeds, Yorkshire, United Kingdom Hybrid / WFH Options
Catorfaen
In 2022 we built out an exciting SIEM/SOARand ManagedDetection andResponse service called SEP2.security, built upon Google CloudSecurity's Chronicle stack. Due to customer demand, we are now looking to hire aPrincipal Cyber Security Engineer to join this every growing team. The Security Intelligence Services team, that this role issituated in, provides security monitoring and use case … customer facing situations. Qualifications and Experience Experienceas a Cyber SOC Analyst/or similar role. Provenexperience in deploying SIEM (Security Information and Event Management)andSOAR (Securityorchestration, automation, andresponse) solutions toachieve positive outcomes. Our tools include Google ChronicleSIEM/Siemplify SOARand LogRhythm, but experience with other platformssuch as Microsoft Sentinel, Splunk, Qradar, or Humio/Logscale is More ❯
Cloud technologies ESSENTIAL Other requirements: Proven experience with Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft Purview in real-world environments. Strong understanding of cloud security architecture, SIEM/SOAR, compliance frameworks (e.g., ISO 27001, NIST, GDPR), and data protection. Familiarity with Azure, Microsoft 365, and hybrid cloud environments. Understanding of security operations, incident response, and threat intelligence. CORE COMPETENCIES More ❯
Sentinel within a critical operational technology (OT) environment. The ideal candidate will possess deep hands-on expertise in Sentinel and a strong background in broader cybersecurity domains, particularly SIEM, SOAR, and Threat Intelligence. This is a technical professional (TP) contract role. Primary Role and Responsibilities: The candidate will serve as the Technical SME for Microsoft Sentinel and is expected to … Language (KQL) for detection rule development and log analysis. Proven experience in Log Source Integration across diverse environments, including OT, network, and endpoint security tools. Strong practical knowledge of SecurityOrchestration, Automation, andResponse (SOAR) , particularly using Azure Logic Apps or similar platforms. If interested, or you know someone that could be, please reach out and we can arrange a More ❯
skills, attention to detail, The ability to execute response actions such as endpoint isolation, IOC blocking, malware scans, and user containment Threat monitoring and detection Threat intelligence and hunting SOARandautomation Skills MS Sentinel/Defender for Endpoint Understanding Mitre Att&ck framework Required 2+ years exp in a SOC environment Experience from MSSP/MSP supporting multiple clients More ❯
West Midlands, United Kingdom Hybrid / WFH Options
Stackstudio Digital Ltd
/Experience: Strong knowledge in Authentication, Endpoint Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), PKI, DLP, IAM, and SOC technologies such as EDR andSOAR Good knowledge of SIEM tools like Google Chronicle, Splunk ES, or QRadar In-depth familiarity with security policies based on industry standards and best practices Experienced in security operations, incident More ❯
City of London, London, United Kingdom Hybrid / WFH Options
TDA TELECOM LIMITED
architecture role. Background working with or for a VAR, Systems Integrator, or Security Vendor highly desirable . Technical Expertise Strong understanding of enterprise security technologies, including firewalls, SIEM/SOAR, IAM, DLP, SASE, Zero Trust, and cloud security. Working knowledge of AWS, Azure, and GCP security services. Broad understanding of networking, virtualisation, and enterprise infrastructure. CISSP, CCSP, or equivalent securityMore ❯
london, south east england, united kingdom Hybrid / WFH Options
Anthropic
with little guidance The ability to pick up new languages and technologies quickly Experience handling security incidents and investigating anomalies as part of a team Knowledge of EDR, SIEM, SOAR, or related security tools Strong Candidates May Also Have Experience With Experience performing security operations or investigations involving large-scale Kubernetes environments A high level of proficiency in Python andMore ❯
Security Operations working within or alongside Security Operations Centre(s). Experience working in all hyperscaler environments, preferably holding Professional Cloud Architect or equivalent Certification. Experience with multiple SIEM & SOAR Tooling, preferably Google SecOps (formerly Chronicle/Simplify). Strong written, verbal and presentation skills. Excellent communication and interpersonal skills, with the ability to build strong relationships with clients andMore ❯
scripts in Python JavaScript or PowerShell is a plus Experience with security design and architecture, content development, workload automationand use-cases Experienced with technologies such as EDR, SIEM, SOAR, NGFW and their ecosystems Familiarity with cloud technologies, providers (such as GCP, AWS, Azure) Familiarity with attack surface management is a plus Experience in customer-facing roles (internal or external More ❯
experience leading and managing technical teams. Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO/IEC 27001, IAM). Proficiency with cybersecurity tools and platforms (e.g., SIEM, SOAR, SAS, Sandboxes, EDR solutions and cloud technologies). Working of knowledge of access control principles, cloud technologies (CNAPP, CSPM), data retention, and encryption methodologies. Excellent problem-solving, investigative mindset, andMore ❯
operations, insider threat programs, or related investigative/analytical roles (SOC, threat detection, or risk analysis). Hands-on experience with tools such as SIEM, DLP, UEBA, EDR, or SOAR . Strong understanding of data protection, behavioral analysis, and incident response principles. Experience managing sensitive investigations with HR, Legal, or Compliance teams. Knowledge of privacy and regulatory frameworks (GDPR, HIPAA More ❯
london, south east england, united kingdom Hybrid / WFH Options
Torq
sure our customers are eager to use Torq's solution exponentially. Triaging and Prioritizing reported customers Incidents What We're Looking For 2+ years of hands-on experience with SOAR/Automation technologies or a similar role. 5+ years in customer-facing positions such as post-sales engineering, customer success engineering, or technical services. Proven expertise in security, automation, scripting More ❯
currently embarking a programme of work focused on maturity/designing and implementing security posture utilising SIEM tools such as Google Chronicle & implementing UEBA/SOAR (SecurityOrchestration, Automation, andResponse/User and Entity Behaviour Analytics) built on GCP/Google Cloud so Google SecOps/Security Operations experience is highly desirable. Key Responsibilities; - Enable and validate UEBA alerting … and managing reference data - Conduct current state assessment of detection engineering capabilities and log source coverage - Design and implement detection use cases aligned to MITRE ATT&CK framework - Enable SOAR integration by identifying high-fidelity detections and mapping Key Technical/IT Security Skills; - Chronicle SIEM - Google SecOps - UEBA Tooling - Windows Event Logs - BindPlane - MITRE ATT&CK - Strong SOC background … SOAR playbooks - GCP Finer Details; - Outside IR35 - Contract until End of December, possibly longer - Hybrid, 4 times a month in the London office Please apply for consideration More ❯
currently embarking a programme of work focused on maturity/designing and implementing security posture utilising SIEM tools such as Google Chronicle & implementing UEBA/SOAR (SecurityOrchestration, Automation, andResponse/User and Entity Behaviour Analytics) built on GCP/Google Cloud so Google SecOps/Security Operations experience is highly desirable. Key Responsibilities; - Enable and validate UEBA alerting … and managing reference data - Conduct current state assessment of detection engineering capabilities and log source coverage - Design and implement detection use cases aligned to MITRE ATT&CK framework - Enable SOAR integration by identifying high-fidelity detections and mapping Key Technical/IT Security Skills; - Chronicle SIEM - Google SecOps - UEBA Tooling - Windows Event Logs - BindPlane - MITRE ATT&CK - Strong SOC background … SOAR playbooks - GCP Finer Details; - Outside IR35 - Contract until End of December, possibly longer - Hybrid, 4 times a month in the London office Please apply for consideration More ❯
currently embarking a programme of work focused on maturity/designing and implementing security posture utilising SIEM tools such as Google Chronicle & implementing UEBA/SOAR (SecurityOrchestration, Automation, andResponse/User and Entity Behaviour Analytics) built on GCP/Google Cloud so Google SecOps/Security Operations experience is highly desirable. Key Responsibilities; - Enable and validate UEBA alerting … and managing reference data - Conduct current state assessment of detection engineering capabilities and log source coverage - Design and implement detection use cases aligned to MITRE ATT&CK framework - Enable SOAR integration by identifying high-fidelity detections and mapping Key Technical/IT Security Skills; - Chronicle SIEM - Google SecOps - UEBA Tooling - Windows Event Logs - BindPlane - MITRE ATT&CK - Strong SOC background … SOAR playbooks - GCP Finer Details; - Outside IR35 - Contract until End of December, possibly longer - Hybrid, 4 times a month in the London office Please apply for consideration More ❯
currently embarking a programme of work focused on maturity/designing and implementing security posture utilising SIEM tools such as Google Chronicle & implementing UEBA/SOAR (SecurityOrchestration, Automation, andResponse/User and Entity Behaviour Analytics) built on GCP/Google Cloud so Google SecOps/Security Operations experience is highly desirable. Key Responsibilities; - Enable and validate UEBA alerting … and managing reference data - Conduct current state assessment of detection engineering capabilities and log source coverage - Design and implement detection use cases aligned to MITRE ATT&CK framework - Enable SOAR integration by identifying high-fidelity detections and mapping Key Technical/IT Security Skills; - Chronicle SIEM - Google SecOps - UEBA Tooling - Windows Event Logs - BindPlane - MITRE ATT&CK - Strong SOC background … SOAR playbooks - GCP Finer Details; - Outside IR35 - Contract until End of December, possibly longer - Hybrid, 4 times a month in the London office Please apply for consideration More ❯
london (city of london), south east england, united kingdom
SF Technology Solutions
currently embarking a programme of work focused on maturity/designing and implementing security posture utilising SIEM tools such as Google Chronicle & implementing UEBA/SOAR (SecurityOrchestration, Automation, andResponse/User and Entity Behaviour Analytics) built on GCP/Google Cloud so Google SecOps/Security Operations experience is highly desirable. Key Responsibilities; - Enable and validate UEBA alerting … and managing reference data - Conduct current state assessment of detection engineering capabilities and log source coverage - Design and implement detection use cases aligned to MITRE ATT&CK framework - Enable SOAR integration by identifying high-fidelity detections and mapping Key Technical/IT Security Skills; - Chronicle SIEM - Google SecOps - UEBA Tooling - Windows Event Logs - BindPlane - MITRE ATT&CK - Strong SOC background … SOAR playbooks - GCP Finer Details; - Outside IR35 - Contract until End of December, possibly longer - Hybrid, 4 times a month in the London office Please apply for consideration More ❯
and custom detections Familiarity with adversary TTPs and the MITRE ATT&CK framework Experience with endpoint forensics, malware analysis, andsecurity event correlation Hands-on experience with SIEM andSOAR platforms Solid understanding of operating system internals (macOS, Windows, Linux) Experience with security in a SaaS environment and working closely with engineering teams Background in using DevOps toolsets and programming More ❯
to detail. Service Architecture: Experience in design, implementation and costing of managed security solutions, preferably in the area of Managed Detection andResponse (MDR) and/or SIEM/SOAR/SOC. Network: The candidate has an extensive network in the cybersecurity industry. Willingness to travel: The role requires sporadic travel activities for partner as well as internal appointments. Why More ❯
united kingdom, united kingdom Hybrid / WFH Options
LT Harper - Cyber Security Recruitment
supply chain security risks. Tech Stack: Cloud: AWS, GCP, Azure, and private data centres Container Orchestration: Kubernetes, Helm, Flux Languages/Platforms: Golang, CockroachDB, NATS Security Tools: SIEM/SOAR, EDR, CNAPP + open-source integrations For more information on this role, apply online or reach out to Feel free to ask any questions More ❯
