1 to 25 of 46 Threat Detection Jobs in London

Glasgow, Scotland - United Kingdom Type: Permanent Senior SOC Engineer A leading organisation is seeking a Senior SOC Engineer to strengthen its security operations capability and drive continuous improvement across detection, response, and automation. This pivotal role requires deep expertise in IBM QRadar, with a strong focus on playbook development, analytical rule creation, and threat modelling. The Senior SOC … Engineer will play a key role in building and optimising detection and response strategies, ensuring robust protection against evolving threats. Key Responsibilities SIEM Engineering & Management Deploy, configure, and maintain the QRadar SIEM platform. Onboard and normalise log sources across on-premises and cloud environments. Develop and optimise analytical rules for threat detection, anomaly detection, and behavioural … scenarios such as phishing, lateral movement, and data exfiltration. Integrate playbooks with SOAR platforms (e.g., Microsoft Logic Apps, XSOAR) to streamline triage and automate response. Refine playbooks based on threat intelligence and incident insights. Threat Detection & Response Monitor and analyse security alerts and events to identify potential threats. Conduct investigations and coordinate incident response activities. Collaborate with More ❯

Primary Details Time Type: Full time Worker Type: Employee Senior Threat Detection Specialist Location: London Happy to talk flexible working The Opportunity As we focus on transformation across the organisation, we’re also investing in our cyber security capabilities to keep our people, data, and customers safe. That’s why we’re building a new Detection Engineering … function—and we’re looking for a talented and driven Threat Detection Senior Specialist to help us lead the way. In this key role, you’ll support the GSOC Manager in shaping the future of detection engineering, developing the strategy, and designing detection capabilities that protect our global environment. Your new role Lead the coordination and … operation of the internal detection engineering function. Design and implement cyber detection rules and use cases to identify threats across our IT infrastructure. Identify and log visibility gaps, working to improve detection coverage and accuracy. Build and tune custom detection logic for complex environments and emerging threats. Monitor evolving attacker tactics (TTPs), integrating insights into detection More ❯

+ Benefits Clearance: Must hold or be eligible for SC Clearance Sponsorship: Not available We're seeking a highly skilled SOC Solutions Engineer to enhance security operations and strengthen detection & response strategies. This is a hands-on engineering role focused on IBM QRadar, playbook automation, and advanced threat modelling to deliver cutting-edge security solutions. What you'll … do: SIEM Engineering & Management: Deploy, configure, and optimise QRadar. Onboard log sources from cloud/on-prem environments. Build detection and anomaly rules. Playbook Development & Automation: Design and implement automated response playbooks (phishing, lateral movement, exfiltration) with SOAR tools (e.g., Logic Apps, XSOAR). Threat Detection & Response: Investigate alerts, enrich detection logic with threat intel … coordinate incident response. Threat Modelling & Use Case Development: Apply MITRE ATT&CK, STRIDE, and Kill Chain frameworks to build detection use cases. Reporting & Collaboration: Build security dashboards, produce reporting packs, and guide junior analysts and engineers. Client & Project Support: Support presales, contribute to new SOC solution scoping, and lead demos where required. What we're looking for: Must More ❯

Staff Threat Detection & Response Engineer London, UK About the AI Security Institute The AI Security Institute is the world's largest and best-funded team dedicated to understanding advanced AI risks and translating that knowledge into action. We're in the heart of the UK government with direct lines to No. 10, and we work with frontier developers … founding the Security Engineering team in a largely greenfield cloud environment, we treat security as a measurable, researcher centric product. Secure by design platforms, automated governance, and intelligence led detection that protects our people, partners, models, and data. We work shoulder to shoulder with research units and core technology teams, and we optimise for enablement over gatekeeping, proportionate controls … assurance mapped to relevant standards, reducing audit toil and improving signal Create detections and response playbooks tailored to model evaluations and research workflows, and run exercises to validate them Threat model new evaluation pipelines with research and core technology teams, fixing classes of issues at the platform layer Assess third party services and hardware/software supply chains; introduce More ❯

Key Responsibilities Design, develop and deploy detection logic across SIEM, EDR and cloud security platforms. Build detections aligned with frameworks such as MITRE ATT&CK and continuously tune for accuracy and performance. Conduct threat modelling and participate in purple team exercises to assess and improve detection effectiveness. Use Detection-as-Code principles to manage detection rules via version control, CI/CD pipelines and automated testing frameworks. Reduce false positives through tuning, enrichment and contextual awareness. Skills Expertise in detection engineering, threat hunting, or a related Cyber Security field. Proficiency in Sentinel, KQL, XDR and Splunk is required. Experience with SIEM platforms (e.g. Splunk, Sentinel, Elastic), EDR tools (e.g. CrowdStrike, SentinelOne), and …/or cloud-native security services (e.g. AWS GuardDuty, GCP Chronicle). Ability to create and iterate on detection content (e.g. SIEM rules, correlation searches and detection-as-code signatures) to proactively identify malicious behaviour and improve threat visibility and reduce false positives Familiarity with MITRE ATT&CK framework and threat detection lifecycle. More ❯

Intigriti platform. You are a passionate individual who enjoys building defences against today's cyber threats, targeting infrastructure, data, and employees. You should be able to analyse the current threat environment and Intigriti's security posture, then design and implement controls in line with our risk appetite. This position requires strategic thinking, technical expertise, and a deep understanding of … infrastructure, ensuring the confidentiality, integrity, and availability of company data. Collaborate with the IT System Administrator to manage and enhance the overall network and system security. Incident Response and Threat Detection Develop and implement incident response plans to address security incidents promptly and effectively. Work closely with the Threat Detection Engineer to monitor, analyse, and respond … security. Cloud or application security expertise is favoured. Experience designing, building and implementing security controls. Programming skills are required. Experience in application security-inclusive of secure coding practices-and threat and vulnerability management are desirable. Strong communication and interpersonal skills. Ability to influence and drive security initiatives at both the tactical and strategic levels. Familiarity with relevant laws, regulations More ❯

of View job & apply Location: London Salary: £110,000 base + up to £20,000 bonus Job type: Permanent Financial Service firm seeks a highly skilled and motivated Insider Threat Lead to join. This rol View job & apply Location: Frankfurt Salary: 80,000 + Benefits Job type: Permanent Sector: Banking Join a critical function managing access governance and identity … Services I'm currently working with a business that is looking to hire a Group Cyber GRC Manager. This is We are seeking a highly motivated and skilled Insider Threat Investigations Lead to join a newly formed Insider Threat Team. This role focuses on identifying, preventing, and responding to risks posed by individuals with authorized access to organisational … This role suits someone with strong investigative skills, an analytical mindset, the ability to interpret and act on data, and the capability to execute initiatives that strengthen the insider threat programme. Key Responsibilities Support the delivery of the insider threat programme, including developing tools, standards, and procedures to detect, prevent, and respond to insider threats. Utilise advanced detection More ❯

and endpoint environments, including laptops, mobile phones, corporate-managed, BYOD, and server-side devices. This critical role leads the engineering and enablement of endpoint protection technologies, ensuring device compliance, threat detection, and automated response capabilities. The role combines strong technical leadership, deep expertise in endpoint protection platforms, and a collaborative approach to operationalize security across all user and … across all device types and operating systems. Engineer and operate scalable solutions for endpoint protection, data loss prevention (DLP), and compliance checking. Build automated controls for device posture, encryption, threat detection, and remediation. Own and optimize integrations with tools such as Microsoft Defender, Purview, Symantec, CrowdStrike, or equivalent. Platform Integration & Automation: Drive automation for device onboarding, compliance validation … secure device baselines and policies. Build self-healing, zero-trust-aligned architectures for secure device management. Observability & Event Management: Implement real-time observability of endpoint health, risk exposure, and threat posture. Integrate with cybersecurity event and incident management pipelines for early detection and rapid response. Collaborate with the cyber and incident response teams to streamline investigation and containment. More ❯

the design and implementation of scalable, automated security solutions that integrate seamlessly into enterprise platforms and user experiences. Establish a global security architecture and engineering roadmap focused on prevention, detection, and rapid response. Drive continuous improvement of security posture while aligning with business needs, regulatory requirements, and user experience expectations. Champion DevSecOps practices to embed security early into development … Engineering: Lead end-to-end engineering for identity and access management (IAM), including authentication, authorization, and privileged access controls. Oversee endpoint security architecture and enforcement, ensuring comprehensive coverage for threat detection, malware prevention, and device compliance. Build and operate scalable data protection solutions, including data loss prevention (DLP), secrets management, encryption, and classification. Integrate security controls into CI … intervention. Operational Security, SRE & Assurance: Ensure security platforms are resilient, continuously monitored, and designed for 24x7 support and incident response readiness. Embed security telemetry and observability to enable proactive threat detection and automated response. Apply SRE principles to improve reliability, performance, and maintainability of security services. Lead platform health, patching automation, and vulnerability remediation workflows. Define service level More ❯

Senior Machine Learning Engineer - Behavioural Modeling & Threat Detection - £150,000 - £180,000 - Fully Remote UK BASED CANDIDATES ONLY My client is looking for an experienced Machine Learning Engineer ready to play a pivotal role in shaping the technical direction of their behavioural modelling and threat detection systems. This position offers the opportunity to influence not just … and verbal communication skills, especially in cross-functional contexts. Bonus Experience (Nice to Have) Exposure to large language models (LLMs) or foundational model adaptation. Previous work in cybersecurity, anomaly detection, or behavioural analytics. Familiarity with orchestration frameworks (Airflow or similar). Experience with scalable ML systems, pipelines, or real-time data processing. Advanced degree or equivalent experience in ML More ❯

a Senior Manager or Associate Director to join its growing Cyber Security Operations team. This high-impact role focuses on the strategy, design, and continuous improvement of next-generation detection and response capabilities for a diverse portfolio of clients. Overview A leading professional services firm is seeking a Senior Manager or Associate Director to join its growing Cyber Security … Operations team. This high-impact role focuses on the strategy, design, and continuous improvement of next-generation detection and response capabilities for a diverse portfolio of clients. The ideal candidate will bridge business-level consulting with technical depth in security operations, helping shape operating models, design architectures, and steer tooling strategies to meet evolving threat landscapes. Key Responsibilities … Define and guide the strategic direction of cyber detection and response capabilities across client organisations. Design and evolve operating models, technical architectures, and service catalogues for modern Security Operations Centres (SOCs). Lead the development and implementation of migration strategies and operating procedures. Translate business risk into actionable security processes and tooling requirements. Oversee and optimise processes for threat More ❯

a highly skilled SOC Engineer to support the delivery of a major Security Operations Centre (SOC) uplift programme. This role will focus on enhancing existing capabilities, introducing new security detection services, and improving operational efficiency through automation and integration. You'll play a key role in strengthening threat detection, incident response, and investigative processes within a dynamic … and evolving SOC environment. Key Responsibilities: - Design, implement, and test improved and new detection use cases. - Build and enhance technical SOC capabilities to improve cyber threat visibility. - Refine and optimise detection rules and analytics. - Contribute to the automation of SOC workflows and response tasks. - Enhance tools and processes to support security investigations. - Develop performance metrics and monitoring More ❯

About Our Client Join Our Client , a fast-growing fintech innovator securing next-gen payment platforms for leading banks and startups. With a focus on AI-driven threat detection and zero-trust architecture, Our Client has been named one of Europe’s Top 50 Cybersecurity Scale-ups. Role Snapshot As an Associate Cybersecurity Analyst , you’ll be the … alongside world-class security engineers, hone your skills on cutting-edge tools, and shape the future of digital payments security. Your Day-to-Day Alert Triage: Analyze SIEM and threat-intelligence feeds to spot anomalies. Threat Hunting: Use forensic tools to track indicators of compromise across networks. Vulnerability Management: Run scans, prioritize remediation tasks, and validate fixes. Incident … and DevOps teams to contain breaches. Report & Recommend: Draft concise, actionable incident summaries for executive stakeholders. Continuous Learning: Attend weekly knowledge-shares, capture insights, and contribute to our internal threat library. What You Bring Must-Haves Bachelor’s degree in Cybersecurity, Computer Science, or related field. Practical experience with at least one SIEM platform (e.g., Splunk, QRadar). Understanding More ❯

On-board, maintain and manage security log sources for our SIEM platform, including agent and policy deployment and creating ingest pipelines. Collaborate with security analysts to improve effectiveness of threat detection through creation and tuning of detection rules. Proactive Security Engineering Design, implement and optimise preventative security controls, working in partnership with our risk analysts to prioritise More ❯

Our client is seeking a Cybersecurity Threat Handler to join the Engineering and Technology Information Security team. 3 days in office in London Salary is up to £80k base Responsibilities Acting as a hands-on expert and builder for cloud-based technologies, ensuring security, performance, operability, and scale. Assisting as an internal specialist, facilitating the implementation of modern Front … Windows endpoints with a deep understanding of operating system security. Experience handling incidents originating from Microsoft cloud-based services like Azure and Microsoft 365. Preferred Qualifications Familiarity with AWS threat detection and logging services such as GuardDuty and CloudTrail, as well as industry standard Cloud SIEMs like DataDog. Proficiency in analyzing security events within endpoint protection platforms like … CrowdStrike Falcon. Ability to liaise effectively with SOC Analysts and Threat Hunters from our Managed Detection and Response vendor. Understanding of current cybersecurity threats, typical signs of attacks, and approaches to prevent and mitigate such incidents. 2+ years of experience with AWS or other hyperscale cloud provider implementation. More ❯

Our client is seeking a Cybersecurity Threat Handler to join the Engineering and Technology Information Security team. 3 days in office in London Salary is up to £80k base Responsibilities Acting as a hands-on expert and builder for cloud-based technologies, ensuring security, performance, operability, and scale. Assisting as an internal specialist, facilitating the implementation of modern Front … Windows endpoints with a deep understanding of operating system security. Experience handling incidents originating from Microsoft cloud-based services like Azure and Microsoft 365. Preferred Qualifications Familiarity with AWS threat detection and logging services such as GuardDuty and CloudTrail, as well as industry standard Cloud SIEMs like DataDog. Proficiency in analyzing security events within endpoint protection platforms like … CrowdStrike Falcon. Ability to liaise effectively with SOC Analysts and Threat Hunters from our Managed Detection and Response vendor. Understanding of current cybersecurity threats, typical signs of attacks, and approaches to prevent and mitigate such incidents. 2+ years of experience with AWS or other hyperscale cloud provider implementation. More ❯

Our client is seeking a Cybersecurity Threat Handler to join the Engineering and Technology Information Security team. 3 days in office in London Salary is up to £80k base Responsibilities Acting as a hands-on expert and builder for cloud-based technologies, ensuring security, performance, operability, and scale. Assisting as an internal specialist, facilitating the implementation of modern Front … Windows endpoints with a deep understanding of operating system security. Experience handling incidents originating from Microsoft cloud-based services like Azure and Microsoft 365. Preferred Qualifications Familiarity with AWS threat detection and logging services such as GuardDuty and CloudTrail, as well as industry standard Cloud SIEMs like DataDog. Proficiency in analyzing security events within endpoint protection platforms like … CrowdStrike Falcon. Ability to liaise effectively with SOC Analysts and Threat Hunters from our Managed Detection and Response vendor. Understanding of current cybersecurity threats, typical signs of attacks, and approaches to prevent and mitigate such incidents. 2+ years of experience with AWS or other hyperscale cloud provider implementation. More ❯

Our client is seeking a Cybersecurity Threat Handler to join the Engineering and Technology Information Security team. 3 days in office in London Salary is up to £80k base Responsibilities Acting as a hands-on expert and builder for cloud-based technologies, ensuring security, performance, operability, and scale. Assisting as an internal specialist, facilitating the implementation of modern Front … Windows endpoints with a deep understanding of operating system security. Experience handling incidents originating from Microsoft cloud-based services like Azure and Microsoft 365. Preferred Qualifications Familiarity with AWS threat detection and logging services such as GuardDuty and CloudTrail, as well as industry standard Cloud SIEMs like DataDog. Proficiency in analyzing security events within endpoint protection platforms like … CrowdStrike Falcon. Ability to liaise effectively with SOC Analysts and Threat Hunters from our Managed Detection and Response vendor. Understanding of current cybersecurity threats, typical signs of attacks, and approaches to prevent and mitigate such incidents. 2+ years of experience with AWS or other hyperscale cloud provider implementation. More ❯

deliver runtime-isolated, reproducible models that are easy to deploy, monitor, and update without connectivity. Work closely with data scientists to define clear KPIs and success criteria-such as detection accuracy, latency, false positive/negative rates, explainability, and robustness-to determine what constitutes a production-grade, releasable model. Align model performance goals with the operational realities of the … into actionable requirements. Excellent communication and stakeholder management skills. Comfortable working in a fast-paced, iterative, and agile environment. Preferred Experience: Solid understanding of cyber security concepts such as threat detection, SIEM, anomaly detection, and incident response. Experience with tools for tracking ML models in production (e.g., MLflow). We encourage you to apply even if your More ❯

scalability, automation, and resilience. Collaborating with security analysts, engineers, and stakeholders to ensure seamless integration of tools and workflows. Leading technical discussions and providing guidance on best practices for threat detection, incident response, and log management. Supporting pre-sales engagements with technical expertise and solution design input. Staying ahead of emerging threats and technologies to continuously improve SOC … capabilities . What You’ll Bring: Strong experience in designing and implementing SOC platforms (e.g., SIEM, SOAR, EDR). Deep understanding of security operations workflows, threat intelligence, and incident response. Hands-on experience with tools like Splunk, Sentinel, QRadar, or similar. Ability to engage with both technical and non-technical stakeholders. Familiarity with cloud environments (Azure, AWS, GCP) and More ❯

scalability, automation, and resilience. Collaborating with security analysts, engineers, and stakeholders to ensure seamless integration of tools and workflows. Leading technical discussions and providing guidance on best practices for threat detection, incident response, and log management. Supporting pre-sales engagements with technical expertise and solution design input. Staying ahead of emerging threats and technologies to continuously improve SOC … capabilities . What You’ll Bring: Strong experience in designing and implementing SOC platforms (e.g., SIEM, SOAR, EDR). Deep understanding of security operations workflows, threat intelligence, and incident response. Hands-on experience with tools like Splunk, Sentinel, QRadar, or similar. Ability to engage with both technical and non-technical stakeholders. Familiarity with cloud environments (Azure, AWS, GCP) and More ❯

scalability, automation, and resilience. Collaborating with security analysts, engineers, and stakeholders to ensure seamless integration of tools and workflows. Leading technical discussions and providing guidance on best practices for threat detection, incident response, and log management. Supporting pre-sales engagements with technical expertise and solution design input. Staying ahead of emerging threats and technologies to continuously improve SOC … capabilities . What You’ll Bring: Strong experience in designing and implementing SOC platforms (e.g., SIEM, SOAR, EDR). Deep understanding of security operations workflows, threat intelligence, and incident response. Hands-on experience with tools like Splunk, Sentinel, QRadar, or similar. Ability to engage with both technical and non-technical stakeholders. Familiarity with cloud environments (Azure, AWS, GCP) and More ❯

scalability, automation, and resilience. Collaborating with security analysts, engineers, and stakeholders to ensure seamless integration of tools and workflows. Leading technical discussions and providing guidance on best practices for threat detection, incident response, and log management. Supporting pre-sales engagements with technical expertise and solution design input. Staying ahead of emerging threats and technologies to continuously improve SOC … capabilities . What You’ll Bring: Strong experience in designing and implementing SOC platforms (e.g., SIEM, SOAR, EDR). Deep understanding of security operations workflows, threat intelligence, and incident response. Hands-on experience with tools like Splunk, Sentinel, QRadar, or similar. Ability to engage with both technical and non-technical stakeholders. Familiarity with cloud environments (Azure, AWS, GCP) and More ❯

previous following experience: Design, implement, and manage SIEM solutions using Splunk, including data onboarding, creating correlation rules, and developing dashboards and reports to improve security visibility. Develop and maintain detection use cases, alerts, and response playbooks based on threat intelligence and compliance requirements. Monitor, tune, and optimise Splunk performance to ensure availability, scalability, and accuracy of security event … logging and analysis. Work closely with SOC analysts, incident response, and threat hunting teams to enhance threat detection, investigation capabilities, and response effectiveness. More ❯

projects. Key Responsibilities: Maintain strong security posture across cloud infrastructure Manage vulnerabilities and support regular system maintenance Design, implement, and manage security tooling in cloud environments ( AWS focus ) Support threat detection, incident response, and risk mitigation activities Contribute to compliance initiatives (ISO 27001, CIS benchmarks ) Collaborate with infrastructure and platform teams to embed security controls Apply secure DevOps … practices (code scanning, container security, IaC) Support governance, reporting, and vulnerability management processes Participate in security reviews, threat assessments, and architecture decisions Key Requirements: 3+ years’ hands-on experience with AWS security services (CloudTrail, GuardDuty, WAF, IAM, Security Hub) Strong knowledge of cloud governance and security best practices Familiarity with CI/CD pipelines and DevSecOps approaches Experience with More ❯