across Vercel's platform and enterprise security functions. This role will focus on operational resilience, incident response readiness, and fostering alignment across security and engineering teams. You will oversee threatdetection, response processes, and security best practices, while guiding Security Operations Engineers to ensure operational excellence. If you're based within a pre-determined commuting distance of one … fully remote. For location-specific details, please connect with our recruiting team. What You Will Do: Lead and manage Security Operations for platform and enterprise security functions, ensuring effective detection and response capabilities. Develop and refine incident response protocols and threatdetection processes, ensuring rapid and effective mitigation of security incidents. Own internal attack surface management, including … operational overhead. Support compliance initiatives (PCI, SOC2, ISO) by ensuring audit readiness and security visibility across critical systems. About You: Extensive experience leading security operations functions, including incident response, threatdetection, and security monitoring at scale. Strong technical expertise in SIEM, logging infrastructure, and cloud security (AWS, Kubernetes, serverless architectures). Proven leadership in mentoring and managing Security More ❯
London, South East, England, United Kingdom Hybrid / WFH Options
QBE Management Services (UK) Limited
Primary Details Time Type: Full time Worker Type: Employee Senior ThreatDetection Specialist Location: London Happy to talk flexible working The Opportunity As we focus on transformation across the organisation, we’re also investing in our cyber security capabilities to keep our people, data, and customers safe. That’s why we’re building a new Detection Engineering … function—and we’re looking for a talented and driven ThreatDetection Senior Specialist to help us lead the way. In this key role, you’ll support the GSOC Manager in shaping the future of detection engineering, developing the strategy, and designing detection capabilities that protect our global environment. Your new role Lead the coordination and … operation of the internal detection engineering function. Design and implement cyber detection rules and use cases to identify threats across our IT infrastructure. Identify and log visibility gaps, working to improve detection coverage and accuracy. Build and tune custom detection logic for complex environments and emerging threats. Monitor evolving attacker tactics (TTPs), integrating insights into detectionMore ❯
organisation is seeking a VP-level DFIR Manager to lead its Digital Forensics and Incident Response (DFIR) team. This is a hands-on leadership role focused on incident response, threatdetection, and forensics within a complex, regulated environment. You'll be responsible for advancing the organisation's incident response capabilities, leading investigations, and driving threatdetection maturity through development of use cases, threat intelligence, and vulnerability management. Key Responsibilities Lead the DFIR function, overseeing incident detection, investigation, and response activities. Develop and implement IR methodologies (MITRE ATT&CK, Kill Chain, Threat Modelling, Diamond Model). Conduct forensic investigations on systems, networks, and endpoints. Refine threat hunting and threat intelligence capabilities. … Support and mature security monitoring use cases (SIEM, packet inspection, IOCs). Coordinate cross-functional security incident response with SOC, Threat Intelligence, and Red/Blue teams. Engage with technical and business teams on cyber risk reduction strategies. Contribute to vulnerability management and remediation plans. Required Skills & Experience Proven experience managing DFIR or cyber incident response teams. Deep technical More ❯
Loughton, Essex, South East, United Kingdom Hybrid / WFH Options
Profile 29
software delivery lifecycle. A key part of this position will also involve mentoring an internal engineer, developing structured security policies, and managing Sentinel, Defender and SOAR solutions for automated threat response. Additionally, the role requires liaising with third-party support partners to coordinate security solutions, manage incidents, and enhance overall cybersecurity posture. Responsibilities Infrastructure Security: Architect and secure Azure … and optimize Azure DevOps pipelines with security embedded at every stage. Cloud Security Implementation: Leverage Azure Security Centre, Microsoft Defender for Cloud, and Microsoft Sentinel for advanced security monitoring. ThreatDetection & SOAR Automation: Oversee Security Orchestration, Automation, and Response (SOAR) solutions including SOC Prime. Network & Application Security: Manage Web Application Firewalls (WAF) and Intrusion Prevention Systems (IPS). … to prevent cyber threats. Incident Response: Formulating and documenting a solid process utilising a 3rd party support partner Security Monitoring & Logging: Develop SIEM solutions, logging strategies, and real-time threat intelligence. Monitor, audit, and improve infrastructure security posture using automated tooling. Policy & Procedures: Define and enforce security policies, incident response strategies, and structured action plans for proactive risk mitigation. More ❯
Loughton, Essex, England, United Kingdom Hybrid / WFH Options
Profile 29
software delivery lifecycle. A key part of this position will also involve mentoring an internal engineer, developing structured security policies, and managing Sentinel, Defender and SOAR solutions for automated threat response. Additionally, the role requires liaising with third-party support partners to coordinate security solutions, manage incidents, and enhance overall cybersecurity posture. Responsibilities Infrastructure Security: Architect and secure Azure … and optimize Azure DevOps pipelines with security embedded at every stage. Cloud Security Implementation: Leverage Azure Security Centre, Microsoft Defender for Cloud, and Microsoft Sentinel for advanced security monitoring. ThreatDetection & SOAR Automation: Oversee Security Orchestration, Automation, and Response (SOAR) solutions including SOC Prime. Network & Application Security: Manage Web Application Firewalls (WAF) and Intrusion Prevention Systems (IPS). … to prevent cyber threats. Incident Response: Formulating and documenting a solid process utilising a 3rd party support partner Security Monitoring & Logging: Develop SIEM solutions, logging strategies, and real-time threat intelligence. Monitor, audit, and improve infrastructure security posture using automated tooling. Policy & Procedures: Define and enforce security policies, incident response strategies, and structured action plans for proactive risk mitigation. More ❯
Audit and Risk Committee (ARC). Your Mission: Set Vision and Strategy: Define and own the Group-wide cyber security strategy aligned with business ambition, ESG goals, and evolving threat landscapes. Lead from the Front: Inspire, build, and mentor a high-performing global cyber team-across defensive security, threat intelligence, and cyber engineering. Board-Level Influence: Serve as … with authority and clarity. Drive Transformation: Lead security by design across cloud, data, AI, IoT, and operational technology landscapes-embedding security in every initiative. Stay Ahead of Threats: Oversee threatdetection, incident response, and resilience programs with precision and global coordination. Shape Culture: Champion a cyber-aware culture across 100,000+ employees, embedding secure behaviours in the DNA … a bias for action, pragmatism, and delivery. scale. Gravitas and credibility with boards, senior management, regulators, auditors, and external stakeholders. Hands-on understanding of security architecture, cloud, identity and threat intelligence. Resilience under pressure - the ability to make calm, fast decisions in high-stakes situations. Specifically, the role covers: Leadership: Industry leading vision and communication to the business on More ❯
Oxford, Oxfordshire, United Kingdom Hybrid / WFH Options
Sophos Group
bringing together two pioneers that have redefined the cybersecurity industry with their innovative, native AI-optimized services, technologies, and products. Sophos is now the largest pure-play Managed Detection and Response (MDR) provider, supporting more than 28,000 organizations. In addition to MDR and other services, Sophos' complete portfolio includes industry-leading endpoint, network, email, and cloud security that … interoperate and adapt to defend through the Sophos Central platform. Secureworks provides the innovative, market-leading Taegis XDR/MDR, identity threatdetection and response (ITDR), next-gen SIEM capabilities, managed risk, and a comprehensive set of advisory services. Sophos sells all these solutions through reseller partners, Managed Service Providers (MSPs), and Managed Security Service Providers (MSSPs) worldwide … defending more than 600,000 organizations from phishing, ransomware, data theft, and other cybercrimes. The solutions are powered by threat intelligence from Sophos X-Ops and the Counter Threat Unit (CTU). Sophos is headquartered in Oxford, U.K. More information is available at . Role Summary We're looking for a Senior Software Engineer 2 with deep expertise More ❯
Birmingham, West Midlands, West Midlands (County), United Kingdom Hybrid / WFH Options
ECS Resource Group Ltd
the risk register. To Be Considered for This Role, You Will Need: Cybersecurity Experience: Demonstrated experience in implementing and managing security controls across hybrid environments. Familiarity with endpoint protection, threatdetection, and vulnerability management tools. Incident Response & Problem Solving: Ability to respond swiftly and effectively to security incidents. Skilled in structured analysis and incident remediation to ensure rapid … recovery. Threat Awareness & Risk Mitigation: Proficient in identifying vulnerabilities, assessing risks, and applying up-to-date security practices. Ability to defend against evolving cyber threats. Infrastructure Awareness: Solid understanding of core infrastructure components including servers, networks, and storage systems. Experience in supporting and securing both on-premise and cloud-based environments. Skills & Tools, Familiarity with the following tools is … advantageous: Palo Alto, Microsoft Defender for Endpoint Tenable, Microsoft Sentinel, Zscaler, Tanium, Illumio Strong understanding of cybersecurity principles, including threatdetection, firewalls, intrusion prevention systems, and encryption. Working knowledge of network protocols with the ability to interpret and troubleshoot connectivity and security issues across diverse environments. Awareness of data storage concepts (e.g., SAN, NAS) and secure data handling More ❯
Cheadle, Staffordshire, United Kingdom Hybrid / WFH Options
Pets at Home
security controls, tools, monitoring, and incident response processes. Work with modern cloud technologies, especially Microsoft Azure, to secure scalable microservices and infrastructure. Help shape and implement security best practices, threatdetection, and incident response strategies. What you'll be doing Designing and implementing security controls & tooling across our hybrid-based infrastructure, with a focus on Microsoft Azure. Monitoring … and responding to threats using tools like SIEM and XDR, ensuring rapid detection and resolution of security incidents. Collaborating in an Agile environment with multiple teams to embed security best practices throughout the business. Conducting regular vulnerability assessments, supporting patch management, and improving our overall security posture. Creating and maintaining clear, concise documentation for security processes, configurations, and incident … cloud environments such as Microsoft Azure. A broad understanding of common infrastructure services and operating systems (Windows based, AD, DNS, DHCP, etc) Familiarity with SIEM and XDR tools for threatdetection, monitoring, and incident response. A solid understanding of network security, identity and access management (IAM), and vulnerability management. A proactive mindset with a passion for staying ahead More ❯
projects to industry frameworks and compliance requirements, such as NIST800-53, ISO27001, NIST CSF, NIS 2, DORA. Expertise in emerging technologies such as AI, IoT, cloud solutions, and advanced threatdetection systems. Experience in advising on their application, assessing their suitability for specific environments, determining the optimal timing and approach for implementation. Expertise in delivering large-scale programmatic … milestone delivery and issue and escalation management. Originate cyber risk management and technology resilience opportunities. Own key client relationships, supported with account, sales and marking plans. Position our cyber threat intelligence, assurance and incident response practices. Provide clear, brand-enhancing, and energetic consulting leadership in EMEA, actively promoting Control Risks as an advisor on cyber and technology risk in … projects to industry frameworks and compliance requirements, such as NIST800-53, ISO27001, NIST CSF, NIS 2, DORA. Expertise in emerging technologies such as AI, IoT, cloud solutions, and advanced threatdetection systems. Experience in advising on their application, assessing their suitability for specific environments, determining the optimal timing and approach for implementation. Expertise in delivering large-scale programmatic More ❯
London, South East, England, United Kingdom Hybrid / WFH Options
Method Resourcing
Senior Machine Learning Engineer - Behavioural Modeling & ThreatDetection - £160,000+ - Fully Remote UK BASED CANDIDATES ONLY My client is looking for an experienced Machine Learning Engineer ready to play a pivotal role in shaping the technical direction of their behavioural modelling and threatdetection systems. This position offers the opportunity to influence not just their engineering … and verbal communication skills, especially in cross-functional contexts. Bonus Experience (Nice to Have) Exposure to large language models (LLMs) or foundational model adaptation. Previous work in cybersecurity, anomaly detection, or behavioural analytics. Familiarity with orchestration frameworks (Airflow or similar). Experience with scalable ML systems, pipelines, or real-time data processing. Advanced degree or equivalent experience in ML More ❯
Manchester, North West, United Kingdom Hybrid / WFH Options
IBEX RECRUITMENT LTD
Threat and Incident Response Lead Analyst Permanent or Contract | Hybrid 12 Days in Office (North West) Threat and Incident Response Lead Analyst is needed for a growing Cyber team who are looking to strengthen its cyber defence capabilities with the hire of a Threat and Incident Response Lead Analyst . This is a pivotal, hands-on role … in a growing cyber team. Youll lead threat intelligence and incident response efforts, shape defensive strategy and play a critical role in ensuring the organisation stays ahead of evolving threats. What Youll Be Doing: Lead all aspects of Threat Intelligence and Incident Response Perform gap analysis across tooling, processes and detection capabilities Implement and embed modern IR … and threatdetection best practices Develop and maintain incident response playbooks and threat hunting strategies Stay informed on emerging threats, TTPs, and adversarial behaviours Tune detection rules and improve response workflows Work with tools such as Microsoft Sentinel, Defender, Splunk, or similar What Were Looking For: Proven experience in hands-on incident response and cyber threatMore ❯
Farnborough, Hampshire, United Kingdom Hybrid / WFH Options
The Talent Locker Ltd
key role in deploying and configuring modern security tooling across complex platforms. This is a great opportunity for someone who enjoys hands-on engineering, improving SOC effectiveness, and shaping threatdetection capabilities at scale. What you'll be doing Deploying and configuring security tools including SIEM, vulnerability scanning and endpoint monitoring Developing use cases, alerts, and dashboards to … support active threatdetection Writing and maintaining SOC playbooks and triage workflows Performing 2nd line security monitoring, incident triage and investigation Supporting security assurance activities and documentation across the programme lifecycle Working with cross-functional teams in a high-assurance, cloud-native environment What you'll bring Strong experience configuring and optimising SIEM tooling (e.g. Splunk, Elastic) Proven More ❯
Farnborough, Hampshire, South East, United Kingdom Hybrid / WFH Options
Talent Locker
key role in deploying and configuring modern security tooling across complex platforms. This is a great opportunity for someone who enjoys hands-on engineering, improving SOC effectiveness, and shaping threatdetection capabilities at scale. What you'll be doing Deploying and configuring security tools including SIEM, vulnerability scanning and endpoint monitoring Developing use cases, alerts, and dashboards to … support active threatdetection Writing and maintaining SOC playbooks and triage workflows Performing 2nd line security monitoring, incident triage and investigation Supporting security assurance activities and documentation across the programme lifecycle Working with cross-functional teams in a high-assurance, cloud-native environment What you'll bring Strong experience configuring and optimising SIEM tooling (e.g. Splunk, Elastic) Proven More ❯
Manchester, Lancashire, United Kingdom Hybrid / WFH Options
Smart DCC
Analystto play a key leadership role in shaping and advancing our Security Operations Centre (SOC). You'll drive our incident response strategy, lead major investigations, develop cutting-edge detection content, and help grow a highly capable security team through training and exercises. This is a critical role in our Cyber Security Team, offering the opportunity to work on … day-to-day SOC activities, ensuring timely escalation and resolution of incidents. Mentor junior analysts, support skills development, and facilitate tabletop exercises and simulations. Drive use-case development and threatdetection content using advanced analytics, including machine learning and security automation. Maintain and update SOC processes, procedures, and documentation. Help build and mature threat intelligence capabilities and … foster collaboration across the smart metering community. Translate threat trends into actionable insights and drive improvements across the organisation. Evaluate and recommend tools that enhance detection and response capabilities. Conduct forensic investigations and perform root cause analysis of security incidents. What are we looking for? Proven experience in incident response and leading investigations in complex environments. Strong understanding More ❯
London, South East, England, United Kingdom Hybrid / WFH Options
Precise Placements
is a rare opportunity to play a key role in the operation and enhancement of a 24/7 SOC , handling incident response and contributing to the development of detection, automation, and reporting tools. Key Responsibilities: Lead and support incident response (IR) and investigation of security threats across a complex enterprise estate. Manage, tune, and develop SIEM and EDR … technologies to enhance threatdetection and response capabilities. Implement and refine playbooks , automations , and alerting rules in collaboration with security partners. Contribute to threat hunting and proactive detection strategies. Produce actionable reporting and metrics for stakeholders, including executive leadership. Desired Experience: Proven experience working in or alongside a 24/7 Security Operations Centre . Strong … technical exposure to SIEM (ideally Splunk), EDR (CrowdStrike preferred), and SOAR tools. Expertise in incident handling , threat analysis , and digital forensics . Scripting or automation experience (Python, PowerShell, etc.) is highly beneficial. Knowledge of MITRE ATT&CK , NIST CSF , and related security frameworks. Legal, financial, or similarly high-compliance industry experience is a bonus. Why Apply? Join a global More ❯
deliver runtime-isolated, reproducible models that are easy to deploy, monitor, and update without connectivity. Work closely with data scientists to define clear KPIs and success criteria-such as detection accuracy, latency, false positive/negative rates, explainability, and robustness-to determine what constitutes a production-grade, releasable model. Align model performance goals with the operational realities of the … into actionable requirements. Excellent communication and stakeholder management skills. Comfortable working in a fast-paced, iterative, and agile environment. Preferred Experience: Solid understanding of cyber security concepts such as threatdetection, SIEM, anomaly detection, and incident response. Experience with tools for tracking ML models in production (e.g., MLflow). We encourage you to apply even if your More ❯
London, South East, England, United Kingdom Hybrid / WFH Options
Searchability
a key role in deploying Microsoft security solutions and supporting client audits, assessments, and vulnerability remediation efforts. Responsibilities include: Delivering Microsoft security technologies including Defender XDR, Sentinel, and Endpoint Detection & Response Supporting Cyber Essentials and Cyber Essentials Plus audits and assessments Acting as an escalation point for cyber incidents, security alerts, and engineering tasks Conducting vulnerability remediation and assessments … of email security tools (e.g., Mimecast, Egress) Understanding of Azure Firewall and Defender for Cloud/Cloud Apps Experience conducting offensive security/web application assessments Strong understanding of threatdetection and incident response Certifications (any of the following highly desirable): SC-200: Microsoft Certified - Security Operations Analyst Associate SC-300: Microsoft Certified - Identity and Access Administrator Associate More ❯
a key role in deploying Microsoft security solutions and supporting client audits, assessments, and vulnerability remediation efforts. Responsibilities include: Delivering Microsoft security technologies including Defender XDR, Sentinel, and Endpoint Detection andamp; Response Supporting Cyber Essentials and Cyber Essentials Plus audits and assessments Acting as an escalation point for cyber incidents, security alerts, and engineering tasks Conducting vulnerability remediation and … of email security tools (e.g., Mimecast, Egress) Understanding of Azure Firewall and Defender for Cloud/Cloud Apps Experience conducting offensive security/web application assessments Strong understanding of threatdetection and incident response Certifications (any of the following highly desirable): SC-200: Microsoft Certified - Security Operations Analyst Associate SC-300: Microsoft Certified - Identity and Access Administrator Associate More ❯
Birmingham, Staffordshire, United Kingdom Hybrid / WFH Options
BT Group
play a critical role in designing, developing, and maintaining our security information and event management (SIEM) system. Your focus will be on leveraging Elasticsearch and related technologies to enhance threatdetection, incident response, and overall security posture. This role is hybrid (3 days in office) and can be based in one of the following offices: Birmingham, Manchester, Ipswich … you'll be doing SIEM Solution Development: Collaborate with security analysts and architects to design and implement SIEM solutions using Elasticsearch. Optimize SIEM rules, alerts, and dashboards for efficient threat detection. Collaborate effectively with others to drive forward key security objectives Presentation and documentation writing (to both technical and business audiences) Query Optimization and Performance Tuning: Write efficient Elasticsearch … informed about emerging threats and security best practices. Data Ingestion and Enrichment: Configure Elasticsearch pipelines for data ingestion from various sources, primarily from Kafka Enhance data enrichment by integrating threat intelligence feeds and contextual information. Keep abreast of relevant technologies in the area Reading, attending briefings and talks. Contribute to the running of your team. Knowledge-sharing, In team More ❯
Crewe, Cheshire, England, United Kingdom Hybrid / WFH Options
DCS Recruitment
growing bonus What you'll be doing Drive improvements to cyber security posture across internal and customer-facing platforms Design and secure cloud-based infrastructure and customer applications Perform threatdetection, incident response , and vulnerability remediation Maintain security architecture documentation and collaborate with third-party vendors Conduct threat intelligence research and recommend ongoing improvements What you'll More ❯
City of London, London, United Kingdom Hybrid / WFH Options
British Business Bank
Enhance the Banks security posture through governance, assurance, architecture, and operations. Manage the relationship and performance of our Managed Security Services Provider (MSSP). Oversee security operations including monitoring, threatdetection, incident response, and threat hunting. Lead investigations, forensic analysis, and ensure lessons learned from incidents. Drive project delivery to mitigate key risks and ensure audit-readiness. More ❯
Sheffield, South Yorkshire, Yorkshire, United Kingdom Hybrid / WFH Options
British Business Bank
Enhance the Banks security posture through governance, assurance, architecture, and operations. Manage the relationship and performance of our Managed Security Services Provider (MSSP). Oversee security operations including monitoring, threatdetection, incident response, and threat hunting. Lead investigations, forensic analysis, and ensure lessons learned from incidents. Drive project delivery to mitigate key risks and ensure audit-readiness. More ❯
the Bank's security posture through governance, assurance, architecture, and operations. Manage the relationship and performance of our Managed Security Services Provider (MSSP). Oversee security operations including monitoring, threatdetection, incident response, and threat hunting. Lead investigations, forensic analysis, and ensure lessons learned from incidents. Drive project delivery to mitigate key risks and ensure audit-readiness. More ❯
Sheffield, Yorkshire, United Kingdom Hybrid / WFH Options
British Business Bank plc
the Bank's security posture through governance, assurance, architecture, and operations. Manage the relationship and performance of our Managed Security Services Provider (MSSP). Oversee security operations including monitoring, threatdetection, incident response, and threat hunting. Lead investigations, forensic analysis, and ensure lessons learned from incidents. Drive project delivery to mitigate key risks and ensure audit-readiness. More ❯