1 to 25 of 33 Permanent Threat Detection Jobs in the UK excluding London

exciting opportunity has arisen for a T hreat Detection Engineer to join a well-established biotech company using large-scale genetic data and AI to predict disease risk and advance precision healthcare. As a T hreat Detection Engineer, you will be responsible for developing and enhancing threat detection capabilities within a modern cloud-first setting. This role offers hybrid/remote working options, a salary range of £60,000 - £80,000 and benefits. You will be responsible for: Designing and implementing threat-led detection logic informed by threat intelligence and hunting activities. ...

SecOps Lead, you will manage security monitoring and incident response activities while providing strategic direction for security tools including SIEM and Endpoint Detection & Response (EDR) platforms. You will work closely with internal teams and external security partners to strengthen our threat detection capabilities and improve the organisation … overall cyber resilience. This is an excellent opportunity for a security professional who enjoys leading teams, improving security operations, and driving proactive threat detection strategies. Key Responsibilities Lead and mentor the internal Security Operations team, overseeing daily operational activities and performance Define and implement the strategy and operational ...

complex enterprise security environment. The successful consultant will play a key role in strengthening the organisation’s security operations capability, helping to modernise threat detection, automate response workflows, and improve visibility across the security ecosystem. Key Responsibilities Lead the implementation and configuration of Palo Alto XSIAM within … enterprise SOC environment Design and optimise full-spectrum XDR capabilities, improving detection and response across endpoints, networks, and cloud workloads Integrate SIEM and security telemetry sources into XSIAM to create a unified security operations platform Develop and maintain automation workflows and playbooks to streamline incident response and reduce manual ...

primary onsite representative for SOC operations, working closely with senior stakeholders while coordinating with offshore security analysts to ensure effective monitoring, threat detection, and incident response. The successful candidate will play a vital role in strengthening cybersecurity operations, improving detection capabilities, and ensuring operational excellence across … business teams. Guide and support SOC analysts across L1, L2, and L3 functions to ensure effective 24/7 security operations. Drive improvements across threat detection, incident response processes, and SOC operational maturity. Skills & Experience Extensive experience working in Security Operations Centres (SOC), including leadership or managerial responsibilities. ...

will have genuine influence. Own the end-to-end performance of a mature, multi-client SOC Drive real improvements to tooling, playbooks, and threat detection capability Mentor and develop a team of skilled Analysts and Incident Responders Engage directly with senior stakeholders and shape security strategy Work within … performance reviews and create structured development plans Foster a culture of continuous improvement and operational excellence Incident Management Oversee the full incident lifecycle, from detection through containment and resolution Ensure SLA adherence, clear escalation paths, and consistent client communication Maintain, test, and continuously improve incident response plans and playbooks ...

seeking an experienced Security Operations Manager/SOC Lead to lead and develop their cyber security operations capability. The role will oversee SOC operations, threat detection, and incident response, while driving improvements across security monitoring, automation, and response processes. Key experience required: Strong experience in cyber security operations … Strong experience of leading or mentoring SOC teams Strong knowledge of incident response and threat detection Experience with SIEM platforms such as LogRhythm, Splunk, or Microsoft Sentinel Familiarity with SOAR platforms, EDR/XDR tools (eg CrowdStrike, Defender, SentinelOne) and cloud security monitoring across Azure ...

initial We are looking for an experienced Senior Security Engineer to join a growing cyber security team, helping to strengthen security controls, monitoring and threat detection capabilities across the organisation’s technology estate. This role will play a key part in the operation and improvement of core security … detect threats, improve visibility and enhance the overall security posture. Key Responsibilities: Implement, configure and optimise core security tooling across the environment Enhance threat detection, monitoring and response capabilities Investigate security alerts and support incident response activities Improve integration and automation between security platforms Support vulnerability management ...

engineers to optimise the effectiveness of security tools and platforms. Consuming and operationalising modern security technologies, including XDR and SIEM solutions, to enhance visibility, threat detection, and response effectiveness for clients Performing research and investigations to solve client’s technical security problems. Preparing impactful reports on security posture … organisational domains and common industry frameworks such as NIST CSF and ISO27001. Demonstrable experience of operating a key security process, such as vulnerability management, threat detection and response, or cyber security attack surface management, Hands-on expertise across a range of modern security technologies such as XDR, SIEM ...

Cyber Security Engineering Lead acts as the technical authority across all domains of cloud and endpoint security, taking full ownership of hardening, automation, and threat mitigation. The role is not managerial in the traditional sense it exists to drive technical capability, mentor through engineering leadership, and deliver resilient, scalable … Cloud, Purview DLP, Azure Firewall, and related services. Integrate security into DevOps pipelines, CI/CD, infrastructure-as-code, and container workflows. Automate threat detection and response using Microsoft Sentinel SOAR, custom playbooks, and telemetry pipelines. Platform Security Oversight Own and optimise endpoint security through Intune, ensuring device ...

security teams to ensure the right controls, tooling and processes are in place to protect critical systems and data. You will take ownership of detection engineering, SIEM platform performance and the full lifecycle of security detection content, ensuring security monitoring remains effective, scalable and reliable. Key responsibilities include … Acting SME on Elastic Security and Splunk Enterprise Security platforms Designing and maintaining log ingestion pipelines and data enrichment processes Developing and tuning detection rules aligned to MITRE ATT&CK techniques Managing the full lifecycle of detection content from design through to optimisation Automating security workflows using scripting ...

response. Embed recognised frameworks such as ISO 27001, NIST CSF, NIS2, and DORA into policies, processes, and technology platforms. Oversee security operations, including monitoring, threat detection, incident response, and vulnerability management. Conduct and support risk assessments, ensuring robust controls are implemented and maintained. Partner with Technology, Risk, Compliance ...

security teams to ensure the right controls, tooling and processes are in place to protect critical systems and data. You will take ownership of detection engineering, SIEM platform performance and the full lifecycle of security detection content, ensuring security monitoring remains effective, scalable and reliable. Key responsibilities include … Acting SME on Elastic Security and Splunk Enterprise Security platforms Designing and maintaining log ingestion pipelines and data enrichment processes Developing and tuning detection rules aligned to MITRE ATT&CK techniques Managing the full lifecycle of detection content from design through to optimisation Automating security workflows using scripting ...

DFIR) readiness and drive our Adversarial Exposure Validation (AEV) program. This role is a unique hybrid of defensive response and proactive testing, ensuring our detection controls are validated against real-world threat actor Tactics, Techniques, and Procedures (TTPs). This is an ideal "next step" role … experienced Cyber Analyst with a deep passion for high-stakes incident response, digital forensics, and threat mitigation. Compensation & Logistics Salary: £50,000 - £60,000 (depending on experience). Working Pattern: Dynamic (hybrid) working; minimum 2 days per week on-site due to workload classification. Security Clearance: Candidates must ...

gain deeper exposure to modern Microsoft security tooling. You’ll work alongside experienced cyber professionals investigating security alerts, supporting incident response, and helping improve detection capability across client environments. Responsibilities Monitor and investigate alerts within a SIEM environment Analyse logs and identify potential security incidents Triage alerts and escalate … incidents where required Assist with incident investigation and reporting Support the development and tuning of detection rules Collaborate with senior analysts and engineers on security operations Key Skills & Experience 1–2 years’ experience in a SOC Analyst or security monitoring role Experience working with SIEM platforms (Microsoft Sentinel beneficial ...

organisation's SIEM platform Perform initial triage and investigation of security alerts Escalate potential security incidents to senior analysts Assist with incident response and threat detection activities Support vulnerability management and security monitoring Maintain accurate incident records and documentation Work collaboratively with IT and security teams Required Skills … Basic understanding of cyber security principles and threat landscapes Familiarity with SIEM tools or security monitoring platforms Knowledge of networking fundamentals and operating systems Strong analytical and problem-solving skills Interest in developing a career within cyber security Nice to Have: Experience with Splunk, Sentinel, QRadar or Elastic Exposure ...

information security controls and countermeasures, ensuring alignment with the risks they are intended to mitigate Work with an outsourced Security Operations Centre (SOC), maintaining threat detection and response processes in conjunction with the InfoSec team to ensure its continued effectiveness Effectively operate established technical information security controls … functional collaboration as needed Conduct security incident investigations, collaborating with technical and non-technical stakeholders as appropriate, with the aim of identifying root cause, threat vector utilised, scope of compromise and related remedial and preventative actions Implement and administer technical security tooling (Such as Defender for Cloud, Defender ...

monitoring, incident resolution, and continuous service improvement. Support in operational leadership, providing insight on risks, capacity, and technology readiness. Lead cyber security operations, including threat detection, vulnerability management, and incident response. Ensure the stability, resilience, and scalability of core infrastructure, networks, cloud platforms, and end-user devices. Oversee ...

customer needs. Define technical requirements and architectures for services such as 24x7 SOC monitoring, incident response workflows, identity management solutions, cloud security (SASE), and threat protection services. Translate customer needs into detailed technical proposals, statements of work, and solution diagrams/documentation. Develop and validate pricing for proposed solutions. … public sector clients. Act as a subject matter expert across our cybersecurity services portfolio. Provide domain expertise in areas such as incident response, threat monitoring, identity and access management, cloud security architectures (SASE), and application security to guide customers in solution decisions. Who are we looking for? Proven experience ...

Police Digital Services and provides visibility and control of information risks for policing. It supports the 24x7x365 nature of police operations, providing a threat detection and response capability for digital services before, during and after cyber-attacks, enabling stakeholders to understand and proactively manage risk across the technology … ensure security issues are addressed quickly upon discovery. NMC Cyber Detect Analyst duties involve but are not limited to: Initial Triage of alerts - evaluation & detection Confirmation of false positive Incident data gathering and feedback on any gaps and issues in respect to Platform Content or tuning opportunities Reflection ...

Engineer to play a key role in protecting their systems, infrastructure, and data. This is a hands-on position where you'll lead on threat detection, incident response, and continuous security improvement across the business. What You'll Be Doing Monitoring and analysing security events (SIEM, endpoints, networks ...

Engineer to play a key role in protecting their systems, infrastructure, and data. This is a hands-on position where you'll lead on threat detection, incident response, and continuous security improvement across the business. What You'll Be Doing Monitoring and analysing security events (SIEM, endpoints, networks ...

exceptional service delivery. Provide expert, hands-on support across cloud environments such as Microsoft 365, Azure, and AWS. Drive security service delivery, including threat detection, incident response, vulnerability remediation, and security configuration. Manage complex technical escalations to ensure outstanding security outcomes. Act as a trusted security advisor, helping ...

will be the technical engine behind the organisation's global digital integrity. Your responsibilities will include: Managing the Global SOC to ensure proactive threat hunting and rapid incident response across all global time zones. Implementing a cutting-edge DevSecOps approach to ensure security is automated and embedded within … 1.ISO27001 Implementation (Must have personally achieved certification from scratch) 2.DevSecOps (Embedding security into CI/CD pipelines and automated workflows) 3.SOC Management (Overseeing global threat detection and incident response) 4.NIST Framework (Applying security standards for the Americas region) 5.Essential 8 (Understanding and implementing Australian security protocols) 6.Vulnerability Management ...

training across a range of modern cyber security and AI topics, including: Cyber security fundamentals such as networks, firewalls, encryption, and the CIA triad Threat detection, vulnerability management, and incident response Ethical hacking concepts and security testing approaches Artificial intelligence and machine learning fundamentals Security risks associated with ...

support penetration testing activities, and drive remediation planning. Implement and optimise SAST, DAST and IAST tooling to identify risks earlier in the SDLC. Monitoring & Threat Detection Develop monitoring and alerting capabilities to detect threats and anomalies. Implement SIEM and cloud-native monitoring solutions (e.g. Elastic, Datadog) to provide ...