1 to 25 of 48 Permanent Threat Detection Jobs in the UK

exciting opportunity has arisen for a T hreat Detection Engineer to join a well-established biotech company using large-scale genetic data and AI to predict disease risk and advance precision healthcare. As a T hreat Detection Engineer, you will be responsible for developing and enhancing threat detection capabilities within a modern cloud-first setting. This role offers hybrid/remote working options, a salary range of £60,000 - £80,000 and benefits. You will be responsible for: Designing and implementing threat-led detection logic informed by threat intelligence and hunting activities. ...

functions and a relentless focus on operational excellence, the Head of Security Services builds and empowers high-performing teams to deliver 24/7 threat detection, rapid incident response, and proactive risk management. This includes ownership of security controls, security testing, tech assurance and vulnerability and threat … Leadership Team. Operations & Service Delivery • Oversee daily operations of technical security functions, working collaboratively with the SOCs to provide 24/7 visibility and threat detection ensuring services are resilient, risk-aware, and aligned with business needs. • Regularly review and modernise SOC processes, technologies, and talent. • Partner with ...

that reduce risk with quantifiable results. We’re comprised of top talent from private industry, government, intelligence, and law enforcement who are specialists in threat detection, incident response, digital forensics, offensive security, risk management, and cyber resilience. As a subsidiary of specialty insurance giant, Beazley, we’ve been … unique client challenges. Summary: The SOC Operations Engineer is responsible for the operational management, optimisation, and lifecycle maintenance of Beazley Group’s core Endpoint Detection and Response (EDR) and Network Detection and Response (NDR) platforms. Working within the IT Security function and in close collaboration with the Beazley ...

SecOps Lead, you will manage security monitoring and incident response activities while providing strategic direction for security tools including SIEM and Endpoint Detection & Response (EDR) platforms. You will work closely with internal teams and external security partners to strengthen our threat detection capabilities and improve the organisation … overall cyber resilience. This is an excellent opportunity for a security professional who enjoys leading teams, improving security operations, and driving proactive threat detection strategies. Key Responsibilities Lead and mentor the internal Security Operations team, overseeing daily operational activities and performance Define and implement the strategy and operational ...

complex enterprise security environment. The successful consultant will play a key role in strengthening the organisation’s security operations capability, helping to modernise threat detection, automate response workflows, and improve visibility across the security ecosystem. Key Responsibilities Lead the implementation and configuration of Palo Alto XSIAM within … enterprise SOC environment Design and optimise full-spectrum XDR capabilities, improving detection and response across endpoints, networks, and cloud workloads Integrate SIEM and security telemetry sources into XSIAM to create a unified security operations platform Develop and maintain automation workflows and playbooks to streamline incident response and reduce manual ...

primary onsite representative for SOC operations, working closely with senior stakeholders while coordinating with offshore security analysts to ensure effective monitoring, threat detection, and incident response. The successful candidate will play a vital role in strengthening cybersecurity operations, improving detection capabilities, and ensuring operational excellence across … business teams. Guide and support SOC analysts across L1, L2, and L3 functions to ensure effective 24/7 security operations. Drive improvements across threat detection, incident response processes, and SOC operational maturity. Skills & Experience Extensive experience working in Security Operations Centres (SOC), including leadership or managerial responsibilities. ...

significant modernisation of its technology and security environment. As part of this programme, the organisation is strengthening its Security Operations capability to improve threat detection, response, and operational automation across its infrastructure and cloud platforms. This role sits within a small, hands-on Security Operations team reporting into … Head of SecOps. The team works closely with an external MSSP that provides 24/7 monitoring support, while internal engineers focus on detection quality, incident response, and improving operational capabilities. The position is intentionally broad - blending elements of detection engineering, alert investigation, threat hunting, and automation ...

will have genuine influence. Own the end-to-end performance of a mature, multi-client SOC Drive real improvements to tooling, playbooks, and threat detection capability Mentor and develop a team of skilled Analysts and Incident Responders Engage directly with senior stakeholders and shape security strategy Work within … performance reviews and create structured development plans Foster a culture of continuous improvement and operational excellence Incident Management Oversee the full incident lifecycle, from detection through containment and resolution Ensure SLA adherence, clear escalation paths, and consistent client communication Maintain, test, and continuously improve incident response plans and playbooks ...

seeking an experienced Security Operations Manager/SOC Lead to lead and develop their cyber security operations capability. The role will oversee SOC operations, threat detection, and incident response, while driving improvements across security monitoring, automation, and response processes. Key experience required: Strong experience in cyber security operations … Strong experience of leading or mentoring SOC teams Strong knowledge of incident response and threat detection Experience with SIEM platforms such as LogRhythm, Splunk, or Microsoft Sentinel Familiarity with SOAR platforms, EDR/XDR tools (eg CrowdStrike, Defender, SentinelOne) and cloud security monitoring across Azure ...

seeking an experienced Security Operations Manager/SOC Lead to lead and develop their cyber security operations capability. The role will oversee SOC operations, threat detection, and incident response, while driving improvements across security monitoring, automation, and response processes. Key experience required: Strong experience in cyber security operations … Strong experience of leading or mentoring SOC teams Strong knowledge of incident response and threat detection Experience with SIEM platforms such as LogRhythm, Splunk, or Microsoft Sentinel Familiarity with SOAR platforms, EDR/XDR tools (eg CrowdStrike, Defender, SentinelOne) and cloud security monitoring across Azure ...

Permanent An opportunity has arisen for a Cyber Security Consultant specialising in Microsoft security technologies, with a strong focus on data protection, compliance, and threat protection across the Microsoft ecosystem. This role will involve working with enterprise environments to design and implement modern data protection strategies, leveraging the Microsoft … configure Microsoft Defender security solutions, including Defender for Endpoint, Defender for Identity and Defender for Cloud Apps Deploy and configure Microsoft Sentinel to support threat detection, monitoring and incident response Develop and maintain data classification, labelling and retention policies across enterprise environments Implement Data Security Posture Management (DSPM ...

detail‐driven Senior Cyber Operations Analyst to join their team. This is a fantastic opportunity to work with cutting‐edge tooling, contribute to threat‐driven defensive security, and shape advanced SecOps capabilities across enterprise environments. About the Role As a Senior Cyber Operations Analyst at Associate Manager level … heart of a thriving Cyber Practice covering Assurance, Compliance, SecOps, Offensive Security and Research. You’ll play a pivotal part in threat detection, incident response, detection engineering, and security monitoring — helping defend major UK organisations. This role is perfect for someone who thrives in technical depth, enjoys ...

initial We are looking for an experienced Senior Security Engineer to join a growing cyber security team, helping to strengthen security controls, monitoring and threat detection capabilities across the organisation’s technology estate. This role will play a key part in the operation and improvement of core security … detect threats, improve visibility and enhance the overall security posture. Key Responsibilities: Implement, configure and optimise core security tooling across the environment Enhance threat detection, monitoring and response capabilities Investigate security alerts and support incident response activities Improve integration and automation between security platforms Support vulnerability management ...

engineers to optimise the effectiveness of security tools and platforms. Consuming and operationalising modern security technologies, including XDR and SIEM solutions, to enhance visibility, threat detection, and response effectiveness for clients Performing research and investigations to solve client’s technical security problems. Preparing impactful reports on security posture … organisational domains and common industry frameworks such as NIST CSF and ISO27001. Demonstrable experience of operating a key security process, such as vulnerability management, threat detection and response, or cyber security attack surface management, Hands-on expertise across a range of modern security technologies such as XDR, SIEM ...

Cyber Security Engineering Lead acts as the technical authority across all domains of cloud and endpoint security, taking full ownership of hardening, automation, and threat mitigation. The role is not managerial in the traditional sense it exists to drive technical capability, mentor through engineering leadership, and deliver resilient, scalable … Cloud, Purview DLP, Azure Firewall, and related services. Integrate security into DevOps pipelines, CI/CD, infrastructure-as-code, and container workflows. Automate threat detection and response using Microsoft Sentinel SOAR, custom playbooks, and telemetry pipelines. Platform Security Oversight Own and optimise endpoint security through Intune, ensuring device ...

real-world security impact. The successful candidate will work closely with customers, engineers, and operational security teams to deliver meaningful improvements across identity, detection engineering, endpoint security, and cloud security posture. This is a hands-on role involving the design and implementation of modern security architectures, solving complex technical … detections, automation workflows, and runbooks. Conduct technical assessments across identity, endpoint, cloud posture, logging, and security operations. Develop, optimise, and tune KQL queries for detection engineering and threat hunting. Review and enhance security configurations across cloud and SIEM/SOAR platforms. Manage engagements through architecture, deployment, tuning, documentation ...

security teams to ensure the right controls, tooling and processes are in place to protect critical systems and data. You will take ownership of detection engineering, SIEM platform performance and the full lifecycle of security detection content, ensuring security monitoring remains effective, scalable and reliable. Key responsibilities include … Acting SME on Elastic Security and Splunk Enterprise Security platforms Designing and maintaining log ingestion pipelines and data enrichment processes Developing and tuning detection rules aligned to MITRE ATT&CK techniques Managing the full lifecycle of detection content from design through to optimisation Automating security workflows using scripting ...

response. Embed recognised frameworks such as ISO 27001, NIST CSF, NIS2, and DORA into policies, processes, and technology platforms. Oversee security operations, including monitoring, threat detection, incident response, and vulnerability management. Conduct and support risk assessments, ensuring robust controls are implemented and maintained. Partner with Technology, Risk, Compliance ...

security teams to ensure the right controls, tooling and processes are in place to protect critical systems and data. You will take ownership of detection engineering, SIEM platform performance and the full lifecycle of security detection content, ensuring security monitoring remains effective, scalable and reliable. Key responsibilities include … Acting SME on Elastic Security and Splunk Enterprise Security platforms Designing and maintaining log ingestion pipelines and data enrichment processes Developing and tuning detection rules aligned to MITRE ATT&CK techniques Managing the full lifecycle of detection content from design through to optimisation Automating security workflows using scripting ...

DFIR) readiness and drive our Adversarial Exposure Validation (AEV) program. This role is a unique hybrid of defensive response and proactive testing, ensuring our detection controls are validated against real-world threat actor Tactics, Techniques, and Procedures (TTPs). This is an ideal "next step" role … experienced Cyber Analyst with a deep passion for high-stakes incident response, digital forensics, and threat mitigation. Compensation & Logistics Salary: £50,000 - £60,000 (depending on experience). Working Pattern: Dynamic (hybrid) working; minimum 2 days per week on-site due to workload classification. Security Clearance: Candidates must ...

gain deeper exposure to modern Microsoft security tooling. You’ll work alongside experienced cyber professionals investigating security alerts, supporting incident response, and helping improve detection capability across client environments. Responsibilities Monitor and investigate alerts within a SIEM environment Analyse logs and identify potential security incidents Triage alerts and escalate … incidents where required Assist with incident investigation and reporting Support the development and tuning of detection rules Collaborate with senior analysts and engineers on security operations Key Skills & Experience 1–2 years’ experience in a SOC Analyst or security monitoring role Experience working with SIEM platforms (Microsoft Sentinel beneficial ...

organisation's SIEM platform Perform initial triage and investigation of security alerts Escalate potential security incidents to senior analysts Assist with incident response and threat detection activities Support vulnerability management and security monitoring Maintain accurate incident records and documentation Work collaboratively with IT and security teams Required Skills … Basic understanding of cyber security principles and threat landscapes Familiarity with SIEM tools or security monitoring platforms Knowledge of networking fundamentals and operating systems Strong analytical and problem-solving skills Interest in developing a career within cyber security Nice to Have: Experience with Splunk, Sentinel, QRadar or Elastic Exposure ...

information security controls and countermeasures, ensuring alignment with the risks they are intended to mitigate Work with an outsourced Security Operations Centre (SOC), maintaining threat detection and response processes in conjunction with the InfoSec team to ensure its continued effectiveness Effectively operate established technical information security controls … functional collaboration as needed Conduct security incident investigations, collaborating with technical and non-technical stakeholders as appropriate, with the aim of identifying root cause, threat vector utilised, scope of compromise and related remedial and preventative actions Implement and administer technical security tooling (Such as Defender for Cloud, Defender ...

implementing technical information security controls and countermeasures aligned with specific risks. SOC Collaboration: Working with an outsourced Security Operations Centre (SOC) to maintain effective threat detection and response. Tooling & Incident Response: Administering technical security tooling (such as Defender for Cloud, Defender for Endpoint, and Nessus) and conducting security ...

implementing technical information security controls and countermeasures aligned with specific risks. SOC Collaboration: Working with an outsourced Security Operations Centre (SOC) to maintain effective threat detection and response. Tooling & Incident Response: Administering technical security tooling (such as Defender for Cloud, Defender for Endpoint, and Nessus) and conducting security ...