26 to 50 of 119 Threat Detection Jobs in England

IR35 - 3 days a week on-site** Key Responsibilities SIEM Management & Optimization: Design, implement, and maintain Microsoft Sentinel workspaces, connectors, analytics rules, and playbooks Develop advanced KQL queries for threat hunting and reporting Optimize SIEM performance, cost, and data retention policies Troubleshoot log ingestion and parsing issues Log Source Integration: Onboard and configure critical log sources (AD, firewalls, servers … cloud infrastructure) Manage event collection and forwarding infrastructure Implement data filtering and custom log parsing Threat Detection & Use Case Development: Develop and refine detection rules based on threat intelligence and attack patterns Continuously improve detection efficacy and reduce false positives Security Monitoring & Incident Response: Monitor systems for anomalies and malicious activity Contribute to threat More ❯

role requires deep expertise in SIEM platforms, including Splunk, IBM QRadar, Microsoft Defender, Microsoft Sentinel, and Google Chronicle, with a strong focus on playbook development, analytical rule creation, and threat modelling. You will be instrumental in building and optimizing our detection and response strategies. Job Duties SIEM Engineering & Management Deploy, configure, and maintain SIEM platforms (Splunk, QRadar, Sentinel … Defender, Chronicle). Onboard and normalize log sources across cloud and on-prem environments. Develop and optimize analytical rules for threat detection, anomaly detection, and behavioural analysis. Skills Must be able to obtain SC Clearance or already hold SC clearance. SIEM Expertise: Hands-on experience with at least two of the following: Splunk IBM QRadar Microsoft Defender More ❯

and fast-paced problem-solving—and want your work to have a real impact—this could be the perfect role for you. Key Responsibilities Lead security incident response and threat detection efforts, prioritising the protection of customer data and experience Build automated detection and remediation workflows using SOAR, SIEM, and scripting (Python, SQL) Apply deep cloud security … with Fraud and Customer Experience teams to mitigate risks such as account takeover and loyalty fraud Onboard key customer-facing and payment systems into the security monitoring platform Perform threat hunting and detection engineering to identify and address emerging risks Support security audits, compliance (PCI-DSS), and post-incident reviews Mentor junior team members and contribute to a … to assess threats and act quickly to protect customer trust Strong Communicator: Confident working with technical teams, fraud analysts, and senior stakeholders Retail-Specific Insight: Familiar with customer-centric threat vectors like loyalty abuse and payment fraud Automation-First Mindset: Keen to reduce manual work through scripting and process automation Agile Approach: Comfortable working in cross-functional teams with More ❯

security into everything we dofrom infrastructure to application design. Key Responsibilities Design and implement security controls across cloud platforms (AWS, Azure, or GCP) Develop and maintain security tooling for threat detection, vulnerability management, and incident response Lead threat modelling and risk assessments for critical systems and services Collaborate with engineering teams to integrate security best practices into More ❯

Analystto play a key leadership role in shaping and advancing our Security Operations Centre (SOC). You'll drive our incident response strategy, lead major investigations, develop cutting-edge detection content, and help grow a highly capable security team through training and exercises. This is a critical role in our Cyber Security Team, offering the opportunity to work on … day-to-day SOC activities, ensuring timely escalation and resolution of incidents. Mentor junior analysts, support skills development, and facilitate tabletop exercises and simulations. Drive use-case development and threat detection content using advanced analytics, including machine learning and security automation. Maintain and update SOC processes, procedures, and documentation. Help build and mature threat intelligence capabilities and … foster collaboration across the smart metering community. Translate threat trends into actionable insights and drive improvements across the organisation. Evaluate and recommend tools that enhance detection and response capabilities. Conduct forensic investigations and perform root cause analysis of security incidents. What are we looking for? Proven experience in incident response and leading investigations in complex environments. Strong understanding More ❯

role, you will be at the forefront of our efforts to protect and defend against malicious cyber-attacks. Our modern, proactive operational Cyber Security team is dedicated to providing: Threat Hunting: Actively seek out potential threats before they can cause harm. This involves continuous monitoring and analysis of network traffic, system logs, and other data sources to identify unusual … protect against malicious content. Configure and maintain web and email filtering solutions to block phishing attempts, malware, and other threats. EDR and XDR Technologies: Administer and respond to Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) technologies to swiftly mitigate threats. Monitor alerts, investigate incidents, and take appropriate actions to contain and remediate threats. Security … and Statutory and Regulatory obligations. SIEM Management: Manage, monitor, and respond to security incidents and events using the Council's Security Incident and Event Monitoring (SIEM) platform. Ensure timely detection, analysis, and response to security incidents to minimise impact and support recovery efforts. As part of our team, the successful candidate will play a crucial role in ensuring the More ❯

weaknesses and enhancing defensive capabilities Contributes to the development of Active Defence, Red Team capabilities through people, process, and technology where appropriate Maintains a broad understanding of the external threat environment and attacker tactics, techniques, and procedures Your skills and experiences: Essential: Demonstrable experience in penetration testing Proficient in penetration testing tools such as Burp Suite, Nmap, Metasploit etc … and shopping discounts - you may also be eligible for an annual incentive. The Cyber Operations Team Cyber Operations is responsible for protecting BAE Systems from Cyber Attacks by various threat actors. Not only do we protect BAE Systems and its employees, indirectly we protect those who protect us - who serve in our military and rely on the products and … services we create. Across Threat Intelligence, Threat Detection, Incident Response and Active Defence we work to evolve cyber operations as a world class capability. This role will sit under the Active Defence, Red Team who are responsible for delivering the following capabilities in support of Cyber Operations: Red Teaming, Purple Teaming, Security Critical Control Testing, Threat More ❯

NCSC, NIS2), and actively manages SIEM/XDR tools such as IBM QRadar, Microsoft Sentinel, and Defender XDR. This role involves deeper client interaction, proactive risk management, and advanced threat detection consulting. Candidates must have demonstrated customer-facing experience (preferably in cybersecurity). Responsibilities: Manage and strengthen client relationships with regular strategic interactions. Lead comprehensive cybersecurity risk assessments … NIST frameworks and related standards. Oversee and implement SIEM/XDR deployments, custom rule development, and incident response processes. Provide guidance on best practices for SIEM/XDR and threat detection. Conduct security posture reviews and gap analysis. Prepare reports and present findings to client stakeholders. Location London, UK Good understanding of cybersecurity frameworks (NIST CSF, NCSC CAF, NIS2 … Security Operations Analyst Associate, EC-Council ECIH (Incident Handling), Multi-cloud Security Fundamentals training (AWS/Azure/GCP). Empowering CISOs to visualise and mitigate cyber risks. Construction Threat Landscape Report 2024 Global Threat Insight Summer Report 2024 MITRE Engenuity ATT&CK Evaluations & The Question of How to Measure Quality in a Managed Security Service More ❯

applications. Deploy and Manage Security Tooling: Select, implement, and operate key tools across GCP , such as Cloud Armor , Cloud Identity , Security Command Center , and VPC Service Controls for ongoing threat detection and response. Integrate Security in SDLC: Collaborate with product and engineering teams to integrate security into every stage of the software development lifecycle. Threat Modeling and … Risk Analysis: Perform structured threat modeling using frameworks such as STRIDE and PASTA to proactively mitigate security risks. Champion Developer Education: Promote secure development practices by educating engineers on cloud and application security fundamentals. Mentor and Lead: Act as a mentor to future hires, helping scale a high-impact cloud security function as the business grows. What you'll … with core cloud security components including IAM , WAFs , SIEM , CSPM , and vulnerability scanners. Technical Skills: Proficiency in at least one scripting or programming language (e.g. Python, Go, Bash). Threat Modeling: Practical knowledge of frameworks like STRIDE and PASTA. Education: Bachelor's degree in Computer Science, Information Security, or a related technical field. Collaborative Expertise: Clear and effective communication More ❯

deliver runtime-isolated, reproducible models that are easy to deploy, monitor, and update without connectivity. Work closely with data scientists to define clear KPIs and success criteria-such as detection accuracy, latency, false positive/negative rates, explainability, and robustness-to determine what constitutes a production-grade, releasable model. Align model performance goals with the operational realities of the … into actionable requirements. Excellent communication and stakeholder management skills. Comfortable working in a fast-paced, iterative, and agile environment. Preferred Experience: Solid understanding of cyber security concepts such as threat detection, SIEM, anomaly detection, and incident response. Experience with tools for tracking ML models in production (e.g., MLflow). We encourage you to apply even if your More ❯

lead in customer-facing engagements, translating complex security needs into effective solution architectures Design Zero Trust-aligned network and endpoint architectures, including segmentation, micro-segmentation, NAC, and DNS-layer threat protection Lead conversations around network modernization , helping clients evolve from legacy architectures to software-defined, cloud-integrated, and policy-driven network designs Deliver workshops, product demonstrations, and proof-of … endpoint protection and EDR platforms such as CrowdStrike, SentinelOne, Microsoft Defender, or Tanium Familiarity with DNS security tools and strategies (e.g., Zscaler, Cisco Umbrella, Infoblox) and their role in threat containment Deep knowledge of Zero Trust Architecture, lateral movement prevention, and alignment to frameworks like MITRE ATT&CK and NIST CSF Excellent communication skills with the ability to influence … as the technical lead in pre-sales engagements focused on network and endpoint security. Conduct client discovery sessions, workshops, and assessments with an emphasis on segmentation strategies, visibility, and threat defence. Deliver compelling technical presentations and product demonstrations to both technical and business audiences. Solution Design & Architecture Design and validate secure architectures incorporating network segmentation/micro segmentation, DNS More ❯

networking (SDN), and AI-driven automation. Ensure end-to-end network automation to improve operational efficiency, agility, and reliability. Drive zero-trust network security principles, ensuring compliance and proactive threat mitigation. Establish a global observability and telemetry framework for real-time network insights. Align network strategies with business growth, cloud-first initiatives, and digital transformation. Network Infrastructure & Cloud Networking … Code (IaC) for network automation, ensuring agility and operational efficiency. IT Service Management & Operational Excellence: Establish network reliability objectives, including SLOs, SLIs, and error budgets. Implement real-time incident detection and response using AI-driven network analytics. Ensure high availability, network resilience, and 24x7 operational support. Develop a follow-the-sun support model, ensuring global network performance optimization. Implement … trust security frameworks, ensuring secure and resilient network access. Ensure adherence to ISO 27001, NIST, SOC 2, GDPR, and industry best practices. Collaborate with cybersecurity teams to enhance network threat detection and mitigation. Implement automated security policy enforcement, reducing human intervention in risk mitigation. Financial & Vendor Management: Optimize network infrastructure spending, ensuring cost-effective, high-performance connectivity. Lead More ❯

helping us maintain customer trust and regulatory compliance as we scale. What You'll Do Monitor systems and infrastructure for potential vulnerabilities, threats, and breaches Own and improve incident detection, response, and recovery processes Implement and manage SIEM, intrusion detection, vulnerability scanners, and other security tooling Collaborate with DevOps and Engineering to embed security into CI/CD … tools such as SIEM, EDR, vulnerability management tools, and log aggregation platforms Strong knowledge of security frameworks, standards, and best practices (ISO 27001, SOC 2, GDPR) Proven incident response, threat detection, and investigation experience Experience with cloud platforms (preferably Azure), identity & access management, and secure networking Scripting or automation experience (e.g. PowerShell, Python, Bash) Clear, proactive communicator with More ❯

Infrastructure Security Design & Implementation: Develop, implement, and maintain robust security architectures and controls for cloud and on-premises infrastructures, supporting business growth while ensuring security best practices are followed. Threat Management: Proactively monitor and respond to security incidents, vulnerabilities, and threats, applying advanced techniques to safeguard systems from cyber-attacks. System Hardening & Configuration: Ensure that all infrastructure systems (e.g. … VPNs, IDS/IPS, and other network security technologies to secure connectivity and prevent unauthorized access across the company's digital assets. Incident Response & Remediation:Lead efforts in incident detection, response, and remediation for infrastructure-related security incidents, ensuring rapid mitigation and future prevention. Collaboration & Integration: Work closely with our IT and software engineering teams to integrate security into … relevant data protection laws (e.g., GDPR), security frameworks, and internal policies, contributing to audits and risk assessments where required. Automation & Optimisation: Identify opportunities for automation within security operations, from threat detection to patch management, to drive efficiency and scalability. Continuous Improvement: Stay up to date with emerging security trends, vulnerabilities, and technologies, and continually improve security processes and More ❯

for candidates with deep experience and understanding of continuous delivery, container security, SAST/DAST, secrets management, Identity and Access Management (IAM) governance, privilege management, encryption and key management, threat detection, logging, cloud infrastructure security and policy-as-code.What You'll Do: Assess Acadian's cloud IAAS environments for Indicators of Misconfiguration (IOMs) utilizing AWS built-in and More ❯

in production with a strong focus on performance, explainability, and cost-efficiency. What You'll Bring: Deep applied experience in ML/DL , with bonus points for work in threat detection , phishing , or abuse detection Proven ability to design and deploy full-stack AI pipelines in production Strong experience in backend engineering , ideally with Go and ML … frameworks like PyTorch or TensorFlow Familiarity with MLOps , cloud infrastructure (AWS) , Kubernetes , and Terraform Experience evaluating and deploying models (including anomaly detection, RAG, and clustering) in noisy, evolving data environments Nice to Have: Experience with Perl Knowledge of threat intelligence integration and MCP architectures Location: Remote Salary: Up to £120,000 , depending on experience RSG Plc is acting More ❯

SOC Analyst, you will: Monitoring and triaging alerts across secure client environments Investigating threats using logs, network traffic, and endpoint telemetry Supporting response efforts during live security incidents Improving detection rules, playbooks, and tooling with MITRE ATT&CK-driven enhancements Producing clear incident reports for both technical and non-technical audiences Contributing to threat intelligence initiatives Staying ahead … secure this SOC role: Proven experience in a Security Operations Centre (SOC) environment Hands-on knowledge of SIEM tools (Microsoft Sentinel, Splunk, etc.) Familiarity with MITRE ATT&CK and threat detection methodologies Strong analytical mindset with log, endpoint, and network analysis skills Understanding of network protocols (TCP/IP, DNS, HTTP, SMTP) Awareness of enterprise security architecture: firewalls More ❯

bringing together two pioneers that have redefined the cybersecurity industry with their innovative, native AI-optimized services, technologies and products. Sophos is now the largest pure-play Managed Detection and Response (MDR) provider, supporting more than 28,000 organizations. In addition to MDR and other services, Sophos' complete portfolio includes industry-leading endpoint, network, email, and cloud security that … interoperate and adapt to defend through the Sophos Central platform. Secureworks provides the innovative, market-leading Taegis XDR/MDR, identity threat detection and response (ITDR), next-gen SIEM capabilities, managed risk, and a comprehensive set of advisory services. Sophos sells all these solutions through reseller partners, Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) worldwide … defending more than 600,000 organizations worldwide from phishing, ransomware, data theft, other every day and state-sponsored cybercrimes. The solutions are powered by historical and real-time threat intelligence from Sophos X-Ops and the newly added Counter Threat Unit (CTU). Sophos is headquartered in Oxford, U.K. More information is available at . Role Summary As More ❯

to obtain UK Developed Vetting (DV) security clearance; British Citizenship is required for this role. Preferred qualifications: Certifications in Security (e.g., GSEC, CISSP, CISM, OSCP). Experience with Kubernetes threat detection and anomaly detection. Experience with service mesh security concepts (e.g., Istio, Linkerd) and workload identity. Experience in detection engineering, logging pipeline development, or SIEM tuning in … security platforms with a strong emphasis on Kubernetes-based environments. You'll be at the intersection of security and engineering-developing scalable tooling, automating security controls, and enabling robust detection and response capabilities across our cloud infrastructure. This is an engineering-centric role that requires deep technical expertise in cloud environments, Kubernetes security, and platform automation. You'll work … the weekend to ensure security incidents can be swiftly resolved. Responsibilities Deploy, configure, and manage cloud security platform tools and technologies, including Security Information and Event Management (SIEM), Intrusion Detection/Prevention Systems (IDS/IPS), and Cloud Workload Protection Platforms (CWPP). Develop and implement security monitoring and logging strategies. Investigate and analyse security incidents, including identifying root More ❯

play a critical role in designing, developing, and maintaining our security information and event management (SIEM) system. Your focus will be on leveraging Elasticsearch and related technologies to enhance threat detection, incident response, and overall security posture. This role is hybrid (3 days in office) and can be based in one of the following offices: Birmingham, Manchester, Ipswich … you'll be doing SIEM Solution Development: Collaborate with security analysts and architects to design and implement SIEM solutions using Elasticsearch. Optimize SIEM rules, alerts, and dashboards for efficient threat detection. Collaborate effectively with others to drive forward key security objectives Presentation and documentation writing (to both technical and business audiences) Query Optimization and Performance Tuning: Write efficient Elasticsearch … informed about emerging threats and security best practices. Data Ingestion and Enrichment: Configure Elasticsearch pipelines for data ingestion from various sources, primarily from Kafka Enhance data enrichment by integrating threat intelligence feeds and contextual information. Keep abreast of relevant technologies in the area Reading, attending briefings and talks. Contribute to the running of your team. Knowledge-sharing, In team More ❯

play a critical role in designing, developing, and maintaining our security information and event management (SIEM) system. Your focus will be on leveraging Elasticsearch and related technologies to enhance threat detection, incident response, and overall security posture. This role is hybrid (3 days in office) and can be based in one of the following offices: Birmingham, Manchester, Ipswich … you’ll be doing SIEM Solution Development: Collaborate with security analysts and architects to design and implement SIEM solutions using Elasticsearch. Optimize SIEM rules, alerts, and dashboards for efficient threat detection. Collaboration: Collaborate effectively with others to drive forward key security objectives Presentation and documentation writing (to both technical and business audiences) Query Optimization and Performance Tuning: Write efficient … informed about emerging threats and security best practices. Data Ingestion and Enrichment: Configure Elasticsearch pipelines for data ingestion from various sources, primarily from Kafka Enhance data enrichment by integrating threat intelligence feeds and contextual information. Keep abreast of relevant technologies in the area Reading, attending briefings and talks. Contribute to the running of your team. Knowledge-sharing, In team More ❯

growing bonus What you'll be doing Drive improvements to cyber security posture across internal and customer-facing platforms Design and secure cloud-based infrastructure and customer applications Perform threat detection, incident response , and vulnerability remediation Maintain security architecture documentation and collaborate with third-party vendors Conduct threat intelligence research and recommend ongoing improvements What you'll More ❯

NAO's digital future. We're on the lookout for passionate, curious, and collaborative security professionals across a wide range of specialisms. Whether your expertise lies in governance, engineering, threat detection, or cloud security, you'll find real scope to make an impact-both within InfoSec and across the wider organisation. Be part of a diverse and expanding More ❯

the Bank's security posture through governance, assurance, architecture, and operations. Manage the relationship and performance of our Managed Security Services Provider (MSSP). Oversee security operations including monitoring, threat detection, incident response, and threat hunting. Lead investigations, forensic analysis, and ensure lessons learned from incidents. Drive project delivery to mitigate key risks and ensure audit-readiness. More ❯

the Bank's security posture through governance, assurance, architecture, and operations. Manage the relationship and performance of our Managed Security Services Provider (MSSP). Oversee security operations including monitoring, threat detection, incident response, and threat hunting. Lead investigations, forensic analysis, and ensure lessons learned from incidents. Drive project delivery to mitigate key risks and ensure audit-readiness. More ❯