1 to 25 of 33 Permanent Threat Detection Jobs in the UK excluding London

/Cyber Threat Detection Analyst - SANS/GIAC Cyber Threat Detection Analyst Location: Wokingham, Berkshire (On-site) Salary: Competitive (dependent on experience) + excellent benefits & training Security Clearance: Ideally SC Cleared or eligible for SC Role Overview As a Cyber Threat Detection Analyst … will play a hands-on role within an advanced cyber defence function, focused on proactive threat hunting, adversary behaviour analysis, and high-fidelity threat detection across enterprise environments. This role goes beyond reactive alert handling. You will actively hunt for malicious activity using telemetry, SIEM data ...

well-established biotech company using large-scale genetic data and AI to predict disease risk and advance precision healthcare. We’re looking for a Threat Detection Engineer who thrives on innovation and technical ownership. This role is not a traditional SOC position, you’ll focus on building high … impact detection capabilities , shaping how security protects sensitive genomic and AI-driven data at scale. This role offers hybrid/remote working options, a salary range of £60,000 - £80,000 and benefits. Why This Role is Exciting High autonomy : Lead projects from idea to deployment Innovation-driven : Develop ...

critical in improving, developing and maintaining IT/OT vulnerability management programs and processes. This role performs and leads important tasks specialized at threat hunting, SIEM/SOAR, Network Security and other operational security tasks such as performance and availability monitoring, log monitoring, security incident detection and response … analysis. Designs and executes advanced vulnerability assessments using both automated and manual techniques; collaborates with stakeholders to prioritize remediation based on business risk and threat intelligence. Oversees continuous monitoring of threat intelligence feeds and security alerts, proactively identifying emerging risks and recommending strategic countermeasures. Interprets and synthesizes threat ...

within Central Government, the Public Sector, or highly regulated scientific environments. Key Responsibilities Define and lead the Cyber Security Operations Centre (CSOC), ensuring effective detection, response, and remediation of cyber incidents Own and continuously improve the cyber incident response plan, ensuring readiness across the organisation Provide strategic cyber security … advice to senior leadership on monitoring, logging, and threat response Establish a use-case driven monitoring and alerting capability to improve threat detection and response times Oversee threat intelligence, vulnerability management, and proactive risk mitigation across the estate Lead the analysis of network traffic and behaviours ...

week) £65,000 + benefits We're supporting a major organisation operating within a Critical National Infrastructure (CNI) environment to hire a Senior Cyber Threat Hunter Specialist. This is a hands-on, high-impact role Embedded within a mature Security Operations Centre, focused on protecting essential services. The Opportunity … play a key role in Real Time threat detection and response, working across a complex enterprise environment. This position combines SOC operations, threat hunting, and continuous improvement, giving you the chance to influence detection capability and response maturity. What You'll Be Doing Monitoring & Triage Analyse ...

Operations Manager to take full ownership of its security operations function, ensuring the organisation is protected, resilient, and continuously improving against an increasingly complex threat landscape. This is a high-impact position where you'll lead the security operations function end-to-end, driving improvements across threat detection … include: Leading the day-to-day operations of the Security Operations function, including oversight of any outsourced SOC Managing the full incident response lifecycle (detection through to recovery and post-incident review) Overseeing threat detection, vulnerability management, and cyber defence capabilities Driving improvements across SIEM, SOAR ...

Lead 6 months Bath - hybrid x3 days onsite x2 remote Active SC/DV clearance required £700 per day outside IR35 The SOC Lead - Threat Hunting & Investigations is responsible for leading advanced threat detection, proactive threat hunting, and complex security investigations across the enterprise. This role ...

Cyber Security Engineering Lead acts as the technical authority across all domains of cloud and endpoint security, taking full ownership of hardening, automation, and threat mitigation. The role is not managerial in the traditional sense it exists to drive technical capability, mentor through engineering leadership, and deliver resilient, scalable … Cloud, Purview DLP, Azure Firewall, and related services. Integrate security into DevOps pipelines, CI/CD, infrastructure-as-code, and container workflows. Automate threat detection and response using Microsoft Sentinel SOAR, custom playbooks, and telemetry pipelines. Platform Security Oversight Own and optimise endpoint security through Intune, ensuring device ...

Cybersecurity Analyst to join its Cybersecurity Operations Group. This role plays a critical part in protecting a complex global technology environment through continuous monitoring, threat detection, and incident response. The successful candidate will work closely with security and IT stakeholders, contributing to the organisation's defensive capabilities while … remaining at the forefront of the evolving threat landscape. Key Responsibilities Monitor and analyse security events across networks, endpoints, and cloud environments using SIEM, EDR, and related security tools, in line with documented SLAs. Investigate, respond to, and resolve security incidents and alerts, ensuring timely detection, containment ...

operational security function responsible for protecting the organisation's information assets, technology services, and users. This role oversees all security operation functions, incident response, threat detection, vulnerability management, and continuous improvement of the organisation's security posture. Working closely with Infrastructure, Cloud, Architecture, Governance, Compliance and Risk teams … relationship with any outsourced SOC solution ensuring 24/7 monitoring and response coverage. Oversee cyber defence capabilities including SIEM, SOAR, EDR/XDR, threat intelligence, and identity protection. Develop and maintain operational procedures, playbooks, and response frameworks. Direct the full incident response lifecycle: detection, triage, containment, eradication ...

Your mandate is to take ownership of the Technical Implementation & Engineering Functions, shifting the SOC from a Reactive State to a Proactive, High-Fidelity Detection Powerhouse. You will have the autonomy to set the direction for the practice, architecting how the team utilises SIEM, EDR & IDS Tools. … SIEM Platforms (specifically Microsoft Sentinel) & EDR solutions. You should be comfortable managing these within Complex, Multi-Tenant Environments. The Engineering Edge: Good Background in Detection Engineering, Custom Rule Creation & Log Orchestration. You should be highly proficient in KQL & have good Scripting Capabilities (Python or PowerShell). Onboarding & Architecture: Proven ...

Lead or support incident response activities in line with internal procedures and security standards. Escalate major incidents appropriately and provide timely updates to stakeholders. Threat Detection & Prevention Identify emerging threats, vulnerabilities, and attack trends relevant to the organisation. Tune and optimise security tooling to improve detection capability ...

security teams to ensure the right controls, tooling and processes are in place to protect critical systems and data. You will take ownership of detection engineering, SIEM platform performance and the full lifecycle of security detection content, ensuring security monitoring remains effective, scalable and reliable. Key responsibilities include … Acting SME on Splunk Enterprise Security platforms Designing and maintaining log ingestion pipelines and data enrichment processes Developing and tuning detection rules aligned to MITRE ATT&CK techniques Managing the full lifecycle of detection content from design through to optimisation Automating security workflows using scripting, CI/ ...

secure design and operation of critical technology platforms collaborating with platform owners and engineering teams to embed security throughout the lifecycle Incident Response Threat Management Provide technical oversight for incident response threat detection and vulnerability management Lead root cause analysis and remediation of complex security incidents Stakeholder ...

secure design and operation of critical technology platforms collaborating with platform owners and engineering teams to embed security throughout the lifecycle Incident Response Threat Management Provide technical oversight for incident response threat detection and vulnerability management Lead root cause analysis and remediation of complex security incidents Stakeholder ...

Police Digital Services and provides visibility and control of information risks for policing. It supports the 24x7x365 nature of police operations, providing a threat detection and response capability for digital services before, during and after cyber-attacks, enabling stakeholders to understand and proactively manage risk across the technology … onboarding and maintenance of system log sources. Configuring and maintaining the NMC central Microsoft Azure, Lighthouse and Sentinel platform. Developing, maintaining, and deploying detection rules and other SIEM content. Creating custom solutions using both low-code and traditional development approaches. Providing support to forces for the configuration of Sentinel ...

step into a Shift Lead role within a fast-paced Managed Security Operations Centre. This is a hands-on leadership position combining incident response, threat detection, and team mentoring across multiple critical client environments. Due to the nature of the role, a very high level of security clearance … team of SOC Analysts in a live 24/7 environment. The role offers genuine variety, technical depth, and the opportunity to help shape detection capability and SOC maturity. Key responsibilities: Lead and support SOC Analysts during shift operations Triage, investigate, and escalate security incidents Analyse logs, alerts ...

Assist in reviewing weaknesses across applications and infrastructure and support risk-based prioritisation.* Partner with engineering teams to resolve issues efficiently and pragmatically.* Refine detection tooling by tuning logic and reducing unnecessary or inaccurate alerts.Operational Readiness & Observability* Strengthen visibility across systems through improved log pipelines, alerting pathways, and monitoring … working within assurance-focused frameworks including ISO 27001, SOC 2, or NIST.* Familiarity with automated governance and policy-driven cloud controls.* Exposure to investigative, detection, or security operations workflows.Qualifications That Would Be Beneficial* Industry security certifications such as CISSP, CISM, CCSP, or GSEC.* Cloud-focused qualifications like AWS Security ...

building a more resilient and secure environment. Key Responsibilities Take ownership of monitoring and developing SIEM activity across the environment, helping to improve detection capability over time Manage and enhance endpoint and threat detection tooling (including EDR, XDR, and MDR platforms) to strengthen overall security posture Lead … GDPR Deliver and support security awareness initiatives across the business, including phishing campaigns and user education Keep up to date with the evolving threat landscape and proactively suggest improvements to tools and processes Contribute to the organisation’s wider resilience strategy, including backup, disaster recovery, and data protection measures ...

risk and contributing to the continuous improvement of the company's overall security posture. Responsibilities: Monitor security tools including SIEM (QRadar) and respond to threat detection alerts Triage, analyse and prioritise security (via ServiceNow) Investigate root causes of security issues and design effective remediation solutions Oversee Patch Management ...

recruiting a Tier 2 SOC Analyst to support advanced cyber threat detection and response within an established Security Operations Centre. The successful candidate will manage escalated security incidents, perform detailed investigations, tune security tooling, and provide direct client support during active cyber events. This role is ideal … analysts Carry out root cause and post-incident analysis Lead incident containment and remediation activities Support firewall alert analysis and network troubleshooting Improve detection accuracy through tuning and optimisation Develop SOC playbooks and automation workflows Maintain high-quality incident documentation Required Experience Previous experience in a SOC or security ...

application hardening standards, ensuring strong, consistent security configurations across environments Act as an on-call responder for security incidents, taking full ownership from detection through to resolution and post-incident improvement Collaborate with Information Security and leadership teams to ensure compliance with relevant standards and frameworks (e.g. Cyber Essentials … parsing, and alerting rule development Experience working within compliance-driven or regulated environments A strong security mindset, with a focus on access control, threat detection, and auditability The ability to balance robust security controls with operational efficiency High levels of autonomy and sound judgement, with the ability ...

Engineer to play a key role in protecting their systems, infrastructure, and data. This is a hands-on position where you'll lead on threat detection, incident response, and continuous security improvement across the business. What You'll Be Doing Monitoring and analysing security events (SIEM, endpoints, networks ...

Defence sectors, you will be working across a Kubernetes platform, responsible for deploying, running and improving the tools that provide visibility, detection and control. This is hands on and sits right between platform engineering and security, with a big focus on getting security embedded properly into how things … built and run. You'll spend your time securing Kubernetes environments, running and tuning Splunk for logging and threat detection, and managing Nessus to track and drive vulnerability remediation. A big part of the role is integrating security into CI/CD pipelines and automating as much ...

Security Technology What You’ll Be Doing: Designing and maintaining secure infrastructure within Kubernetes environments Managing and optimising security tooling for monitoring, logging, and threat detection Running vulnerability scanning processes and supporting remediation efforts Embedding security into CI/CD pipelines and cloud-native workflows Automating security tasks … SIEM, observability, and vulnerability management practices Scripting or automation capability (Python, Bash, or similar) Understanding of container security and DevSecOps principles Familiarity with threat frameworks and security best practices Experience with tools such as Microsoft Defender or similar security platforms Exposure to infrastructure-as-code and CI/ ...