threat detection, anomaly detection, and behavioural analysis. Playbook Development & Automation Design and implement incident response playbooks for scenarios such as phishing, lateral movement, and data exfiltration. Integrate playbooks with SOAR platforms (e.g., Microsoft Logic Apps, XSOAR) to streamline triage and automate response. Refine playbooks based on threat intelligence and incident insights. Threat Detection & Response Monitor and analyse security alerts andMore ❯
ATT&CK, threat actor tactics, and experience in incident detection, triage, and analysis within a SOC or similar environment Desirable Criteria Exposure to cloud security monitoring (AWS, Azure, GCP), SOAR platforms, andautomation playbook creation Experience with threat intelligence integration, rule writing (YARA, Sigma, Snort/Suricata), and container/Kubernetes security Familiarity with offensive security methodologies and scripting for More ❯
ATT&CK, threat actor tactics, and experience in incident detection, triage, and analysis within a SOC or similar environment Desirable Criteria Exposure to cloud security monitoring (AWS, Azure, GCP), SOAR platforms, andautomation playbook creation Experience with threat intelligence integration, rule writing (YARA, Sigma, Snort/Suricata), and container/Kubernetes security Familiarity with offensive security methodologies and scripting for More ❯
Leeds, Yorkshire, United Kingdom Hybrid / WFH Options
Catorfaen
In 2022 we built out an exciting SIEM/SOARand ManagedDetection andResponse service called SEP2.security, built upon Google CloudSecurity's Chronicle stack. Due to customer demand, we are now looking to hire aPrincipal Cyber Security Engineer to join this every growing team. The Security Intelligence Services team, that this role issituated in, provides security monitoring and use case … customer facing situations. Qualifications and Experience Experienceas a Cyber SOC Analyst/or similar role. Provenexperience in deploying SIEM (Security Information and Event Management)andSOAR (Securityorchestration, automation, andresponse) solutions toachieve positive outcomes. Our tools include Google ChronicleSIEM/Siemplify SOARand LogRhythm, but experience with other platformssuch as Microsoft Sentinel, Splunk, Qradar, or Humio/Logscale is More ❯
skills, attention to detail, The ability to execute response actions such as endpoint isolation, IOC blocking, malware scans, and user containment Threat monitoring and detection Threat intelligence and hunting SOARandautomation Skills MS Sentinel/Defender for Endpoint Understanding Mitre Att&ck framework Required 2+ years exp in a SOC environment Experience from MSSP/MSP supporting multiple clients More ❯
West Midlands, United Kingdom Hybrid / WFH Options
Stackstudio Digital Ltd
/Experience: Strong knowledge in Authentication, Endpoint Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), PKI, DLP, IAM, and SOC technologies such as EDR andSOAR Good knowledge of SIEM tools like Google Chronicle, Splunk ES, or QRadar In-depth familiarity with security policies based on industry standards and best practices Experienced in security operations, incident More ❯
re looking for: Strong experience in security operations, incident response, or SOC roles. Hands-on knowledge of SIEM, EDR, DLP, or similar security tools. Experience with automation (Python, PowerShell, SOAR) and integrating AI tools into workflows. Understanding of capital markets, trading platforms, or fintech environments is a plus. Excellent analytical skills and the ability to work collaboratively across teams. Why More ❯
re looking for: Strong experience in security operations, incident response, or SOC roles. Hands-on knowledge of SIEM, EDR, DLP, or similar security tools. Experience with automation (Python, PowerShell, SOAR) and integrating AI tools into workflows. Understanding of capital markets, trading platforms, or fintech environments is a plus. Excellent analytical skills and the ability to work collaboratively across teams. Why More ❯
london (city of london), south east england, united kingdom
Radley James
re looking for: Strong experience in security operations, incident response, or SOC roles. Hands-on knowledge of SIEM, EDR, DLP, or similar security tools. Experience with automation (Python, PowerShell, SOAR) and integrating AI tools into workflows. Understanding of capital markets, trading platforms, or fintech environments is a plus. Excellent analytical skills and the ability to work collaboratively across teams. Why More ❯
currently embarking a programme of work focused on maturity/designing and implementing security posture utilising SIEM tools such as Google Chronicle & implementing UEBA/SOAR (SecurityOrchestration, Automation, andResponse/User and Entity Behaviour Analytics) built on GCP/Google Cloud so Google SecOps/Security Operations experience is highly desirable. Key Responsibilities; - Enable and validate UEBA alerting … and managing reference data - Conduct current state assessment of detection engineering capabilities and log source coverage - Design and implement detection use cases aligned to MITRE ATT&CK framework - Enable SOAR integration by identifying high-fidelity detections and mapping Key Technical/IT Security Skills; - Chronicle SIEM - Google SecOps - UEBA Tooling - Windows Event Logs - BindPlane - MITRE ATT&CK - Strong SOC background … SOAR playbooks - GCP Finer Details; - Outside IR35 - Contract until End of December, possibly longer - Hybrid, 4 times a month in the London office Please apply for consideration More ❯
london (city of london), south east england, united kingdom
SF Technology Solutions
currently embarking a programme of work focused on maturity/designing and implementing security posture utilising SIEM tools such as Google Chronicle & implementing UEBA/SOAR (SecurityOrchestration, Automation, andResponse/User and Entity Behaviour Analytics) built on GCP/Google Cloud so Google SecOps/Security Operations experience is highly desirable. Key Responsibilities; - Enable and validate UEBA alerting … and managing reference data - Conduct current state assessment of detection engineering capabilities and log source coverage - Design and implement detection use cases aligned to MITRE ATT&CK framework - Enable SOAR integration by identifying high-fidelity detections and mapping Key Technical/IT Security Skills; - Chronicle SIEM - Google SecOps - UEBA Tooling - Windows Event Logs - BindPlane - MITRE ATT&CK - Strong SOC background … SOAR playbooks - GCP Finer Details; - Outside IR35 - Contract until End of December, possibly longer - Hybrid, 4 times a month in the London office Please apply for consideration More ❯
currently embarking a programme of work focused on maturity/designing and implementing security posture utilising SIEM tools such as Google Chronicle & implementing UEBA/SOAR (SecurityOrchestration, Automation, andResponse/User and Entity Behaviour Analytics) built on GCP/Google Cloud so Google SecOps/Security Operations experience is highly desirable. Key Responsibilities; - Enable and validate UEBA alerting … and managing reference data - Conduct current state assessment of detection engineering capabilities and log source coverage - Design and implement detection use cases aligned to MITRE ATT&CK framework - Enable SOAR integration by identifying high-fidelity detections and mapping Key Technical/IT Security Skills; - Chronicle SIEM - Google SecOps - UEBA Tooling - Windows Event Logs - BindPlane - MITRE ATT&CK - Strong SOC background … SOAR playbooks - GCP Finer Details; - Outside IR35 - Contract until End of December, possibly longer - Hybrid, 4 times a month in the London office Please apply for consideration More ❯
and custom detections Familiarity with adversary TTPs and the MITRE ATT&CK framework Experience with endpoint forensics, malware analysis, andsecurity event correlation Hands-on experience with SIEM andSOAR platforms Solid understanding of operating system internals (macOS, Windows, Linux) Experience with security in a SaaS environment and working closely with engineering teams Background in using DevOps toolsets and programming More ❯
of security (incident response, threat analysis and intelligence) and open source. Ability to collaborate cross functionally. Ability to communicate well. You may have other skills or credentials, including: SIEM SOARand/or other Automation experience (Python, Terraform, Ansible). Networking and System Admin/Support Fundamentals. We know that talent comes from all backgrounds and experience levels. We encourage More ❯
Farnborough, Hampshire, South East, United Kingdom Hybrid / WFH Options
Leidos Innovations UK Limited
through both predictive and reactive analysis, articulating emerging trends to leadership and staff. Use data collected from Cyber Defence tools firewalls, IDS, network traffic, UEBA (User Entity Behaviour Analysis), SecurityOrchestrationand Automated Response (SOAR) etc. to analyse events that occur within the environments. Respond to and correlate alerts from various detective and preventative Cyber Security tools such as SecurityMore ❯
work to support on. We're looking for well-rounded Cyber Specialists with proven expertise within the Microsoft Ecosystem, including Azure Sentinel & Active Directory , as well as experience with SOAR . Contract Details: Cyber Specialist 6 Months - extensions likely Hybrid - 1x per week in Brighton ASAP Start - as soon as Monday 13th October. £550 - 650/day Inside IR35 Please More ❯
work to support on. We're looking for well-rounded Cyber Specialists with proven expertise within the Microsoft Ecosystem, including Azure Sentinel & Active Directory , as well as experience with SOAR . Contract Details: Cyber Specialist 6 Months - extensions likely Hybrid - 1x per week in Brighton ASAP Start - as soon as Monday 13th October. £550 - 650/day Inside IR35 Please More ❯
Bristol, Avon, South West, United Kingdom Hybrid / WFH Options
NCC
secure storage/access principles. Familiarity with endpoint protection platforms and vulnerability management tools. Experience securing hybrid identity solutions and federated authentication models Understanding of securityautomation concepts, including securityorchestrationandresponse (SOAR) including ability to script or automate repetitive tasks. What do we offer in return? Flexible working patterns as standard, annual salary reviews, company paid private medical More ❯
Role: 10+ years of experience in Cyber security Designing & implementation on Network Security, SIEM, SOAR & Threat Intelligence. Key Responsibilities: Lead Sentinel Deployment for OT SOC Architect and implement Microsoft Sentinel across global OT environments to centralize security monitoring and incident response. Log Source Integration Configure and onboard diverse log sources including Nozomi Networks, firewalls, EDR (e.g., Defender for Endpoint), VMDR … OT landscape. Incident ResponseAutomation Design and implement playbooks using Logic Apps to automate incident response workflows for common OT security events. Execution of the use cases on SIEM, SOAR & Threat Intelligence Build custom workbooks and dashboards to visualize OT security posture, threat trends, and SOC performance metrics More ❯
Role: 10+ years of experience in Cyber security Designing & implementation on Network Security, SIEM, SOAR & Threat Intelligence. Key Responsibilities: Lead Sentinel Deployment for OT SOC Architect and implement Microsoft Sentinel across global OT environments to centralize security monitoring and incident response. Log Source Integration Configure and onboard diverse log sources including Nozomi Networks, firewalls, EDR (e.g., Defender for Endpoint), VMDR … OT landscape. Incident ResponseAutomation Design and implement playbooks using Logic Apps to automate incident response workflows for common OT security events. Execution of the use cases on SIEM, SOAR & Threat Intelligence Build custom workbooks and dashboards to visualize OT security posture, threat trends, and SOC performance metrics More ❯
Role: 10+ years of experience in Cyber security Designing & implementation on Network Security, SIEM, SOAR & Threat Intelligence. Key Responsibilities: Lead Sentinel Deployment for OT SOC Architect and implement Microsoft Sentinel across global OT environments to centralize security monitoring and incident response. Log Source Integration Configure and onboard diverse log sources including Nozomi Networks, firewalls, EDR (e.g., Defender for Endpoint), VMDR … OT landscape. Incident ResponseAutomation Design and implement playbooks using Logic Apps to automate incident response workflows for common OT security events. Execution of the use cases on SIEM, SOAR & Threat Intelligence Build custom workbooks and dashboards to visualize OT security posture, threat trends, and SOC performance metrics More ❯
Farnborough, Hampshire, South East, United Kingdom Hybrid / WFH Options
Talent Locker
SOC operations, task prioritisation and shift management Acting as the escalation point for complex incidents and investigations Reviewing, tuning and enhancing detection rules, alerts and playbooks in SIEM/SOAR tools Providing mentorship and technical guidance to SOC analysts Driving post-incident reviews, root cause analysis and continuous improvement Conducting proactive threat hunting and supporting compliance/audit requirements Collaborating … capability What you'll bring 3+ years' experience in a SOC or security operations role Strong knowledge of incident detection, responseand threat analysis Hands-on experience with SIEM, SOARand endpoint detection tools Excellent problem-solving, analytical and communication skills A degree in a relevant subject or equivalent experience Relevant certifications such as GCIA, GCIH, CEH or CompTIA CySA+ More ❯
