51 to 75 of 128 Threat Detection Jobs in England

resilience and enable smarter security operations. You will: Architect & Design : Build and evolve secure frameworks using Microsoft Security (Defender, Sentinel, Purview, Entra) and integrate Qualys vulnerability management for continuous threat detection and remediation. Automate & Innovate: Lead the charge on automation (SOAR, IaC, workflow automation) and embed Gen AI into security operations, threat intelligence, and reporting. Set Standards More ❯

ideal candidate will embed security throughout the delivery lifecycle, working closely with infrastructure engineers, architects, and project/programme managers. You’ll define and enforce secure configuration baselines, conduct threat modelling and risk assessments, integrate monitoring and alerting, and produce clear security artefacts that guide operational teams. Candidates must be eligible to obtain SC security clearance Duties and responsibilities … Design, implement and optimise security controls across hybrid/on-prem Microsoft and Azure-centric environments. Define/enforce hardening standards (e.g., CIS Benchmarks, Microsoft Security Baselines). Perform threat modelling, risk assessments, and security validation/UAT; support incident response. Maintain SBOMs to support vulnerability management and supply-chain assurance. Integrate and enhance security monitoring, logging and alerting … including SIEM/threat detection). Create security documentation (designs, risk assessments, mitigation plans, ops procedures). Collaborate with project/programme managers and stakeholders to ensure effective control implementation. Skills/experience (essential) Must be SC-eligible. 5+ years in cybersecurity or infrastructure security roles. Strong technical knowledge of Microsoft and Azure-based environments (cloud & on-prem More ❯

key to detecting, preventing, and responding to cybersecurity threats in a proactive and efficient manner. Key Responsibilities: Security Architecture & Implementation Design, deploy, and manage security solutions including firewalls, intrusion detection/prevention systems, endpoint protection, SIEM, and identity management platforms. Implement secure network architecture and enforce segmentation and least-privilege access controls. Support secure cloud environments across Azure, AWS … or GCP (e.g., IAM, security groups, encryption, KMS). Threat Detection & Incident Response Monitor and analyze security alerts and network traffic for threats or suspicious activity. Lead or support incident response activities: investigation, containment, eradication, recovery, and reporting. Conduct root cause analysis and implement security hardening improvements. Vulnerability & Risk Management Run regular vulnerability scans and penetration testing activities More ❯

key to detecting, preventing, and responding to cybersecurity threats in a proactive and efficient manner. Key Responsibilities: Security Architecture & Implementation Design, deploy, and manage security solutions including firewalls, intrusion detection/prevention systems, endpoint protection, SIEM, and identity management platforms. Implement secure network architecture and enforce segmentation and least-privilege access controls. Support secure cloud environments across Azure, AWS … or GCP (e.g., IAM, security groups, encryption, KMS). Threat Detection & Incident Response Monitor and analyze security alerts and network traffic for threats or suspicious activity. Lead or support incident response activities: investigation, containment, eradication, recovery, and reporting. Conduct root cause analysis and implement security hardening improvements. Vulnerability & Risk Management Run regular vulnerability scans and penetration testing activities More ❯

key to detecting, preventing, and responding to cybersecurity threats in a proactive and efficient manner. Key Responsibilities: Security Architecture & Implementation Design, deploy, and manage security solutions including firewalls, intrusion detection/prevention systems, endpoint protection, SIEM, and identity management platforms. Implement secure network architecture and enforce segmentation and least-privilege access controls. Support secure cloud environments across Azure, AWS … or GCP (e.g., IAM, security groups, encryption, KMS). Threat Detection & Incident Response Monitor and analyze security alerts and network traffic for threats or suspicious activity. Lead or support incident response activities: investigation, containment, eradication, recovery, and reporting. Conduct root cause analysis and implement security hardening improvements. Vulnerability & Risk Management Run regular vulnerability scans and penetration testing activities More ❯

with a wide range of internal teams, from IT colleagues to Train Engineers, to ensure security best practices are understood and integrated into their processes and systems. Key Accountabilities Threat and Vulnerability Management Develop incidence response and security measures for protection. Complete risk and exploitability assessments against vulnerabilities and live threats. Serve as a subject matter expert in vulnerability … in IT infrastructure, cloud services, and cyber security. Proven continuous development in both technical and soft domains. Proficiency with security tools and technologies such as SIEM, DLP, network protection, threat detection, and endpoint protection. An understanding of network infrastructure such as VPNs, firewalls, switches, routers, LANs, Intrusion Detection, and vulnerability scanning. Understanding of IT and cyber security More ❯

with a wide range of internal teams, from IT colleagues to Train Engineers, to ensure security best practices are understood and integrated into their processes and systems. Key Accountabilities Threat and Vulnerability Management Develop incidence response and security measures for protection. Complete risk and exploitability assessments against vulnerabilities and live threats. Serve as a subject matter expert in vulnerability … in IT infrastructure, cloud services, and cyber security. Proven continuous development in both technical and soft domains. Proficiency with security tools and technologies such as SIEM, DLP, network protection, threat detection, and endpoint protection. An understanding of network infrastructure such as VPNs, firewalls, switches, routers, LANs, Intrusion Detection, and vulnerability scanning. Understanding of IT and cyber security More ❯

WAN, SD-WAN, data-center design, virtualization, storage, backup); cloud and datacenter (IaaS/PaaS, public, private, hybrid architectures; migration and modernization); cybersecurity (identity, endpoints, network, identity & access management, threat detection, incident response); application support and managed services for critical business applications. Security and compliance: Build security-by-design into solution proposals; incorporate best practices for data protection … center design, virtualization, storage, backups, disaster recovery, networking (LAN/WAN, SD-WAN), cloud connectivity. Cloud and Datacenter: IaaS/PaaS migrations, cloud governance, hybrid architectures, cloud security. Cybersecurity: threat prevention/detection, IAM, endpoint protection, SOC-oriented operations, incident response planning. Solution architecture and proposal skills: ability to translate business needs into standardized reference architectures, bill of More ❯

WAN, SD-WAN, data-center design, virtualization, storage, backup); cloud and datacenter (IaaS/PaaS, public, private, hybrid architectures; migration and modernization); cybersecurity (identity, endpoints, network, identity & access management, threat detection, incident response); application support and managed services for critical business applications. Security and compliance: Build security-by-design into solution proposals; incorporate best practices for data protection … center design, virtualization, storage, backups, disaster recovery, networking (LAN/WAN, SD-WAN), cloud connectivity. Cloud and Datacenter: IaaS/PaaS migrations, cloud governance, hybrid architectures, cloud security. Cybersecurity: threat prevention/detection, IAM, endpoint protection, SOC-oriented operations, incident response planning. Solution architecture and proposal skills: ability to translate business needs into standardized reference architectures, bill of More ❯

Knowledge of security controls such as IAM, firewalls, and endpoint protection. Familiarity with frameworks like NIST, CIS, ISO 27001, and Cyber Essentials Plus. Experience with monitoring and SIEM tools, threat detection, and incident response. Strong communication and stakeholder management skills. Desirable experience: Security certifications (e.g. CISSP, CISM, Microsoft security certs). Cloud security or architecture qualifications. Knowledge of More ❯

SOC Specialist | London based 2-3x a week | £85,000 + Benefits Role Brief Join a global Security Operations Center team providing 24/7 threat detection and incident response. As a SOC Specialist, you’ll act as a frontline defender—monitoring alerts, leading investigations, and conducting proactive threat hunts. You'll work with a range … of technologies, contribute to detection improvements, and collaborate with wider cyber teams. This role is a 9-5 position, with occasional requirement to be on on-call rota Essential Skills Solid grasp of incident response fundamentals Understanding of common attack techniques (phishing, lateral movement, DDoS, etc.) Experience with log and packet (PCAP) analysis Familiarity with Windows and/or … Linux investigations Clear and structured documentation of technical findings Desired Skills Basic scripting (e.g., Python, Bash, PowerShell) Experience creating SIEM rules or detection logic Exposure to cloud environments and related attack vectors Knowledge of threat hunting methods and MITRE ATT&CK Interest or experience in cross-functional collaboration (e.g., Threat Intel, Red Teams More ❯

SOC Specialist | London based 2-3x a week | £85,000 + Benefits Role Brief Join a global Security Operations Center team providing 24/7 threat detection and incident response. As a SOC Specialist, you’ll act as a frontline defender—monitoring alerts, leading investigations, and conducting proactive threat hunts. You'll work with a range … of technologies, contribute to detection improvements, and collaborate with wider cyber teams. This role is a 9-5 position, with occasional requirement to be on on-call rota Essential Skills Solid grasp of incident response fundamentals Understanding of common attack techniques (phishing, lateral movement, DDoS, etc.) Experience with log and packet (PCAP) analysis Familiarity with Windows and/or … Linux investigations Clear and structured documentation of technical findings Desired Skills Basic scripting (e.g., Python, Bash, PowerShell) Experience creating SIEM rules or detection logic Exposure to cloud environments and related attack vectors Knowledge of threat hunting methods and MITRE ATT&CK Interest or experience in cross-functional collaboration (e.g., Threat Intel, Red Teams More ❯

in a Senior SOC Analyst or Tier 2/3 role Familiarity with industry-standard incident response frameworks (e.g., NIST, SANS) Experience with both network-based and host-based threat detection and analysis Proficiency in writing detection queries (Splunk preferred) and working with SIEM/EDR/SOAR tools At least 5 years of experience in Information More ❯

SOC Analyst, you will: Monitoring and triaging alerts across secure client environments Investigating threats using logs, network traffic, and endpoint telemetry Supporting response efforts during live security incidents Improving detection rules, playbooks, and tooling with MITRE ATT&CK-driven enhancements Producing clear incident reports for both technical and non-technical audiences Contributing to threat intelligence initiatives Staying ahead … secure this SOC role: Proven experience in a Security Operations Centre (SOC) environment Hands-on knowledge of SIEM tools (Microsoft Sentinel, Splunk, etc.) Familiarity with MITRE ATT&CK and threat detection methodologies Strong analytical mindset with log, endpoint, and network analysis skills Understanding of network protocols (TCP/IP, DNS, HTTP, SMTP) Awareness of enterprise security architecture: firewalls More ❯

robust, efficient and globally coordinated security operations that protect the organisation's people, systems, and data. This includes direct ownership of security controls, security testing, vendor management, vulnerability and threat management, and incident response. You will work daily with the Group CISO to support consistent, high-assurance security practices across all regions, in-line with regional regulation and to … for the management of any global Cyber Incidents by supporting the CISO team. Additionally, you will be: Working collaboratively with the SOC to ensure 24/7 visibility and threat detection across global environments, driving maturity and constant improvements to support the ever-changing threat landscape. Defining and monitoring KPIs for detection, response, and containment performance. … vendors responsible for supporting CFC. Ensuring security controls are deployed, tuned, and monitored effectively across cloud and on-premises assets. Leading the organisation's global vulnerability management program, ensuring threat led and risk-based prioritization, along with collaboration with IT for timely remediation. Leading on and refining the incident response playbooks Support the Group CISO to define security maturity More ❯

per day. Key Skills : Microsoft Defender XDR: Endpoint, Identity, Office 365, Cloud Apps Microsoft Sentinel: KQL, playbook development, SIEM optimisation Privileged Identity Management (PIM) and change control workflows Advanced threat detection, incident response, and threat hunting Log collection via Azure Monitoring Agent and Firewall Management Centre Responsibilities: Configure and fine-tune Microsoft Defender XDR in line with … approved designs Participate in Microsoft FastTrack engagements Integrate Defender XDR with Sentinel SIEM for enhanced detection and response Develop Kusto queries and automation playbooks Support PoC setup for Microsoft Copilot for Security Connect syslogs from on-prem servers and firewalls to Sentinel If this Security Engineer role sounds like a good fit, please apply with your most up to More ❯

end-to-end security controls across ION Markets on-premises infrastructure and other internal platforms. The role spans security architecture, engineering, and operations with a strong focus on automation, detection and secure by design principles. Additionally, as part of the role you will be participating in threat detection, incident response and vulnerability management remediation. You will be … best practices. Stay up to date with the latest security threats, news, intelligence, tactics, techniques, and vulnerabilities; conduct research and analysis to assess potential impact and exposure. Perform proactive threat hunting activities, and manage the triage, investigation, and escalation of security alerts. Develop Standard operating procedures for operations & architecture activities. Required Skills, Experience and Qualifications Degree/diploma/ More ❯

using tools such as Splunk, Flexera, and other industry-standard SIEM platforms. You'll investigate security incidents, coordinate with other IT and security teams, and support continuous improvement of threat detection and response processes. Key Requirements: Previous experience in a SOC Analyst or similar cybersecurity role Strong expertise in Splunk or similar SIEM tools Familiarity with Flexera for … vulnerability management Understanding of firewalls, network protocols, intrusion detection/prevention systems Relevant certifications (e.g., CISSP, CEH, Splunk) advantageous Must be eligible for Developed Vetting (DV) clearance , requiring 10 years continuous UK residency Please Note: All offers will be subject to standard pre-employment checks including ID, employment history (last 3 years), immigration status, and an unspent criminal record More ❯

customer experience. Own and govern IAM standards (RBAC, joiner/mover/leaver, privileged access, MFA, SSO) across corporate, store and customer facing platforms. Oversee operational security activities, including threat detection, vulnerability management, and incident response. Coordinate penetration testing, red team, and vulnerability remediation across applications, infrastructure, and cloud environments. Develop and maintain incident response playbooks and lead … investigations where required. Partner with our Managed SOC and technology teams to strengthen detection, response, and automation capabilities. Embed secure by design principles and DevSecOps practices across engineering and delivery teams. Partner with Legal and the DPO on DPIAs, data transfer assessments and privacy by design: Define and maintain the information classification and handling standard. Ensure security controls for More ❯

end users, our mission is to enable secure cloud and end-user services guided by our Zero Trust Security Model. Our teams specialise in Identity Verification, Managed Endpoints, Threat Detection, Secure Remote Access, and Adaptive Security Policies—balancing exceptional user experience with enterprise-grade security. We operate under an ISO/IEC 27001-certified ISMS and an ITIL … and AWS including, but not limited to, private hosted environment (VPC/Vnet), private connectivity (endpoint, VPN services, etc.) Physical/Virtual/WebApp Firewalls for access controls, and threat detection. Automate provisioning and configuration using Terraform, Ansible, Azure CLI, and PowerShell. Contribute to CI/CD integration for infrastructure as code. Support and evolve exiting topologies and connectivity More ❯

end users, our mission is to enable secure cloud and end-user services guided by our Zero Trust Security Model. Our teams specialise in Identity Verification, Managed Endpoints, Threat Detection, Secure Remote Access, and Adaptive Security Policies—balancing exceptional user experience with enterprise-grade security. We operate under an ISO/IEC 27001-certified ISMS and an ITIL … and AWS including, but not limited to, private hosted environment (VPC/Vnet), private connectivity (endpoint, VPN services, etc.) Physical/Virtual/WebApp Firewalls for access controls, and threat detection. Automate provisioning and configuration using Terraform, Ansible, Azure CLI, and PowerShell. Contribute to CI/CD integration for infrastructure as code. Support and evolve exiting topologies and connectivity More ❯

HA, DPI). Knowledge of FortiManager and FortiAnalyzer for centralised management and logging. Understanding of Forti Authenticator and Endpoint Management Server Experience managing security policies, NAT, SSL inspection, and threat protection profiles. Familiarity with firewall migrations and multi-tenant environments. Wi-Fi & Wireless Networks - Knowledge of wireless network configurations and troubleshooting, especially with systems like Cisco Meraki or Extreme … Endpoint Management – Microsoft Intune for device compliance, policy deployment, and remote support. Security Awareness – Understanding of fundamental security principles, such as MFA, conditional access, secure password practices, and basic threat detection or response processes. Technical Certifications Engineers should be working towards or have attained some of the certifications below. Current certifications would be a distinct advantage. Cisco – CCNA More ❯

HA, DPI). Knowledge of FortiManager and FortiAnalyzer for centralised management and logging. Understanding of Forti Authenticator and Endpoint Management Server Experience managing security policies, NAT, SSL inspection, and threat protection profiles. Familiarity with firewall migrations and multi-tenant environments. Wi-Fi & Wireless Networks - Knowledge of wireless network configurations and troubleshooting, especially with systems like Cisco Meraki or Extreme … Endpoint Management – Microsoft Intune for device compliance, policy deployment, and remote support. Security Awareness – Understanding of fundamental security principles, such as MFA, conditional access, secure password practices, and basic threat detection or response processes. Technical Certifications Engineers should be working towards or have attained some of the certifications below. Current certifications would be a distinct advantage. Cisco – CCNA More ❯

Ready to take the lead in safeguarding complex digital ecosystems? Join a specialised cybersecurity consultancy dedicated to protecting organisations through advanced threat detection, incident response, and security architecture expertise. The organisation is recognised for its proactive approach to risk management and its commitment to delivering resilient, compliant, and secure technology environments. The team is hiring a Senior Cyber More ❯

SecOps Engineer to join our customers team based in London. This is a permanent position paying up to £70,000 depending on experience. Proactively monitor security solutions including SIEM, threat detection and data security, endpoint protection, network analytics etc. for alerts, conducting event analysis, and incident and problem management Triage, analysis, and prioritisation of security incidents Document technical More ❯