consists of 4 operational areas: Cyber Security Operations Unit (CSOU) Cyber Delivery Unit (CDU). Cyber Improvement Programme. Chief Information Security Office Function (CISO) The role leads the CSOCs ThreatIntelligence team within NHS England CSOC comprised of four primary functions: Intelligence Collection & Analysis - Perform collection, aggregation, analysis and contextualisation of healthcare and security information to produce … actionable CTI. Cybersecurity Threat & Risk Assessment - Perform high-level risk assessments of current and emerging threats to the health & social care estate. Intelligence Dissemination & Reporting - Produce stakeholder-specific intelligence reporting for stakeholders. Specialist CTI Support - Provides specialist CTI support to CSOC during high complexity incidents. The post of Cyber Security Lead Analyst - ThreatIntelligence has … payment equal to 30% per annum. Please be aware that RRP is none contractual and subject to review. Main duties of the job As a Cyber Security Lead Analyst (ThreatIntelligence) you will: Ensure the objectives and activities of the ThreatIntelligence teams and Assessments are aligned with overarching CSOC strategy. Represent the function at operational More ❯
The Role As a SOC Detection Engineer, you will design, develop, and maintain high-quality detection content to improve threat visibility and reduce risk across customer environments. You apply expert knowledge of attacker tactics and telemetry sources to create and manage scalable, accurate, and resilient detection rules across SOC platforms. Operating as part of the SOC team, you support … operations by expanding detection coverage, improving rule performance, and collaborating with threatintelligence, incident response, and platform engineering teams to operationalise threat insights. You also contribute to internal process improvement, customer-facing engagements, and knowledge sharing across the wider SOC team. Key Responsibilities Detection Engineering and Delivery – You will develop, test, and deploy detection rules across SIEM … XDR, and other SOC platforms, supporting comprehensive, customer-aligned threat coverage. Lifecycle Management and Optimisation – You will monitor detection performance, tune rules to reduce false positives, and remediate logic or configuration issues caused by changing environments. Post-Incident Gap Analysis – You will perform detection reviews following incidents to identify missed coverage, determine root causes, and improve detection logic or More ❯
Customer Communications - You provide timely incident updates and lead bridging calls with customers during high-priority incidents, ensuring that communications are clear, evidence-led, and aligned to customer expectations. • Threat Hunting Oversight - You lead and coordinate proactive threat hunting across customer environments, using hypothesis-based approaches to identify undetected threats and validate detection coverage. Essential Duties • Advanced Investigation … all available tooling. o Reconstruct attack chains and identify root causes using MITRE ATT&CK. o Recommend and coordinate response actions to mitigate impact during active incidents. • IOC and Threat Analysis o Investigate indicators of compromise using commercial and open-source threat intelligence. o Validate alerts and determine their relevance to customer environments, providing context on adversary behaviour … and recommending follow-up actions when threats are confirmed. • Threat Hunting o Lead and participate in threat hunts using hypothesis-driven approaches mapped to TTPs and MITRE ATT&CK. o Leverage telemetry and queries in tooling to identify suspicious indicators not surfaced through existing detection logic. o Document hunting activities, findings, and detection coverage gaps to support tuning More ❯
