1 to 25 of 63 Threat Detection Jobs in London

across Vercel's platform and enterprise security functions. This role will focus on operational resilience, incident response readiness, and fostering alignment across security and engineering teams. You will oversee threat detection, response processes, and security best practices, while guiding Security Operations Engineers to ensure operational excellence. If you're based within a pre-determined commuting distance of one … fully remote. For location-specific details, please connect with our recruiting team. What You Will Do: Lead and manage Security Operations for platform and enterprise security functions, ensuring effective detection and response capabilities. Develop and refine incident response protocols and threat detection processes, ensuring rapid and effective mitigation of security incidents. Own internal attack surface management, including … operational overhead. Support compliance initiatives (PCI, SOC2, ISO) by ensuring audit readiness and security visibility across critical systems. About You: Extensive experience leading security operations functions, including incident response, threat detection, and security monitoring at scale. Strong technical expertise in SIEM, logging infrastructure, and cloud security (AWS, Kubernetes, serverless architectures). Proven leadership in mentoring and managing Security More ❯

Primary Details Time Type: Full time Worker Type: Employee Senior Threat Detection Specialist Location: London Happy to talk flexible working The Opportunity As we focus on transformation across the organisation, we’re also investing in our cyber security capabilities to keep our people, data, and customers safe. That’s why we’re building a new Detection Engineering … function—and we’re looking for a talented and driven Threat Detection Senior Specialist to help us lead the way. In this key role, you’ll support the GSOC Manager in shaping the future of detection engineering, developing the strategy, and designing detection capabilities that protect our global environment. Your new role Lead the coordination and … operation of the internal detection engineering function. Design and implement cyber detection rules and use cases to identify threats across our IT infrastructure. Identify and log visibility gaps, working to improve detection coverage and accuracy. Build and tune custom detection logic for complex environments and emerging threats. Monitor evolving attacker tactics (TTPs), integrating insights into detection More ❯

summaries. Create and maintain executive-level documentation, including standard operating procedures (SOPs), playbooks, process flows, and risk reports, using diverse tools and data sources. Develop, refine, and maintain insider threat indicators and use case scenarios to enhance detection capabilities. Design and deliver insider risk awareness initiatives, highlighting emerging trends and fostering a culture of security, accountability, and vigilance. … Identify and implement improvements to detection and response processes based on lessons learned and evolving threat landscapes. Collaborate with internal partners on threat detection and response initiatives to strengthen organizational resilience. Qualifications Bachelor's degree in Information Security, Cybersecurity, Computer Science, or a related field; advanced degree preferred. Experience in insider risk, counterintelligence, cybersecurity, or a … related discipline. Hands-on experience with insider threat detection tools such as SIEM, UEBA, UAM, DLP, and other monitoring technologies. Strong understanding of insider risk frameworks, regulatory and privacy requirements, and relevant laws. Familiarity with SOC or Fusion Centre operations, including threat monitoring, intrusion detection, incident response, and analysis. In-depth knowledge of the cyber threat More ❯

organisation is seeking a VP-level DFIR Manager to lead its Digital Forensics and Incident Response (DFIR) team. This is a hands-on leadership role focused on incident response, threat detection, and forensics within a complex, regulated environment. You'll be responsible for advancing the organisation's incident response capabilities, leading investigations, and driving threat detection maturity through development of use cases, threat intelligence, and vulnerability management. Key Responsibilities Lead the DFIR function, overseeing incident detection, investigation, and response activities. Develop and implement IR methodologies (MITRE ATT&CK, Kill Chain, Threat Modelling, Diamond Model). Conduct forensic investigations on systems, networks, and endpoints. Refine threat hunting and threat intelligence capabilities. … Support and mature security monitoring use cases (SIEM, packet inspection, IOCs). Coordinate cross-functional security incident response with SOC, Threat Intelligence, and Red/Blue teams. Engage with technical and business teams on cyber risk reduction strategies. Contribute to vulnerability management and remediation plans. Required Skills & Experience Proven experience managing DFIR or cyber incident response teams. Deep technical More ❯

Every minute of every day, Smiths Detection's threat detection and security screening technology helps to protect people and infrastructure, making the world a safer place. Smiths Detection, part of Smiths Group is a global leader in the development, manufacture and management of security and detection solutions designed to make the world a safer place. … Our technology provides threat detection and screening solutions for customers in our key markets: aviation, ports and borders, defence, and urban security. Our expertise spans 21 global offices, seven manufacturing sites and five R&D centres, with a global network of 3,000 dedicated colleagues contributing towards over 40 years at the frontline of advances in safety and More ❯

Key Responsibilities Design, develop and deploy detection logic across SIEM, EDR and cloud security platforms. Build detections aligned with frameworks such as MITRE ATT&CK and continuously tune for accuracy and performance. Conduct threat modelling and participate in purple team exercises to assess and improve detection effectiveness. Use Detection-as-Code principles to manage detection rules via version control, CI/CD pipelines and automated testing frameworks. Reduce false positives through tuning, enrichment and contextual awareness. Skills Expertise in detection engineering, threat hunting, or a related Cyber Security field. Proficiency in Sentinel, KQL, XDR and Splunk is required. Experience with SIEM platforms (e.g. Splunk, Sentinel, Elastic), EDR tools (e.g. CrowdStrike, SentinelOne), and …/or cloud-native security services (e.g. AWS GuardDuty, GCP Chronicle). Ability to create and iterate on detection content (e.g. SIEM rules, correlation searches and detection-as-code signatures) to proactively identify malicious behaviour and improve threat visibility and reduce false positives Familiarity with MITRE ATT&CK framework and threat detection lifecycle. More ❯

the organisation. You ensure that we have the visibility needed to be able to protect the organisation and its customers' data. You have a passion for Cyber defence and Threat intelligence. You'll be responsible for building the strategy and capabilities needed to be successful as well as maintain relationships with our various external partners. The Impact You'll … our incident case management and response processes. - Coordinate incident response planning and simulation exercises with senior leaders and the board. - Manage external and internal audit and due diligence activities. Threat Detection & Response - Implement and maintain robust threat detection and response capabilities across cloud, on-premise, and factory systems. -Drive continuous improvement of our vulnerability management program. … Conduct threat intelligence analysis and report on emerging trends and risks. Collaboration & Mentorship - Build trusted relationships with technology partners, vendors, and internal teams. - Collaborate closely with product and engineering teams to identify and mitigate risks in new and existing products. - Lead security awareness and education initiatives across the business. - Mentor and support a direct report within the Security Operations More ❯

and directory services such as MS Active Directory • Experience with CyberArk PAM for privileged access management Security Information and Event Management (SIEM) • Use of Splunk SIEM for real-time threat detection and log analysis • Review and optimise SIEM use cases to enhance threat detection and response capabilities Monitoring & Endpoint Security • Experience with Tanium and MS Defender More ❯

the design and implementation of scalable, automated security solutions that integrate seamlessly into enterprise platforms and user experiences. Establish a global security architecture and engineering roadmap focused on prevention, detection, and rapid response. Drive continuous improvement of security posture while aligning with business needs, regulatory requirements, and user experience expectations. Champion DevSecOps practices to embed security early into development … Engineering: Lead end-to-end engineering for identity and access management (IAM), including authentication, authorization, and privileged access controls. Oversee endpoint security architecture and enforcement, ensuring comprehensive coverage for threat detection, malware prevention, and device compliance. Build and operate scalable data protection solutions, including data loss prevention (DLP), secrets management, encryption, and classification. Integrate security controls into CI … intervention. Operational Security, SRE & Assurance: Ensure security platforms are resilient, continuously monitored, and designed for 24x7 support and incident response readiness. Embed security telemetry and observability to enable proactive threat detection and automated response. Apply SRE principles to improve reliability, performance, and maintainability of security services. Lead platform health, patching automation, and vulnerability remediation workflows. Define service level More ❯

We are seeking a highly motivated and skilled Insider Threat Investigations Lead to join a newly formed Insider Threat Team. This role focuses on identifying, preventing, and responding to risks posed by individuals with authorized access to organisational assets, including employees, contractors, and third-party vendors. The position requires collaboration with cross-functional teams to mitigate risks of … This role suits someone with strong investigative skills, an analytical mindset, the ability to interpret and act on data, and the capability to execute initiatives that strengthen the insider threat programme. Key Responsibilities Support the delivery of the insider threat programme, including developing tools, standards, and procedures to detect, prevent, and respond to insider threats. Utilise advanced detection tools, behavioural analytics, and security monitoring systems. Drive continuous improvement by applying lessons learned, industry best practices, and emerging threat intelligence. Partner with stakeholders to identify and mitigate potential insider risks across systems, networks, and processes. Lead investigations into suspected insider threat incidents, ensuring they are thorough, timely, and compliant with legal and regulatory standards. Produce reports More ❯

and governance framework aligned with business and regulatory requirements. Oversee technical security controls including firewalls, IDS/IPS, SIEM, IAM, endpoint protection, and cloud security (Azure, AWS). Lead threat detection, incident response, and recovery, ensuring minimal business disruption. Manage patching processes, AI-driven email intelligence tools, and network security across internal and customer-facing systems. Conduct risk … disaster recovery plans related to cybersecurity. Act as the primary contact for cybersecurity vendors, regulators, auditors, and third-party assessments. About You: Proven track record in cybersecurity management, including threat detection, incident response, and vulnerability management. Strong knowledge of security frameworks (ISO 27001, NIST, CIS Controls) and regulatory compliance requirements (GDPR, NIS2). Hands-on expertise with firewalls … than a technical role — it’s an opportunity to influence business-wide security culture, work closely with senior leadership, and make tangible improvements to resilience in a rapidly evolving threat landscape. You’ll receive a competitive salary, substantial benefits, and the scope to develop your career within a forward-thinking organisation. 💡 If this sounds like your skill set, and More ❯

and governance framework aligned with business and regulatory requirements. Oversee technical security controls including firewalls, IDS/IPS, SIEM, IAM, endpoint protection, and cloud security (Azure, AWS). Lead threat detection, incident response, and recovery, ensuring minimal business disruption. Manage patching processes, AI-driven email intelligence tools, and network security across internal and customer-facing systems. Conduct risk … disaster recovery plans related to cybersecurity. Act as the primary contact for cybersecurity vendors, regulators, auditors, and third-party assessments. About You: Proven track record in cybersecurity management, including threat detection, incident response, and vulnerability management. Strong knowledge of security frameworks (ISO 27001, NIST, CIS Controls) and regulatory compliance requirements (GDPR, NIS2). Hands-on expertise with firewalls … than a technical role — it’s an opportunity to influence business-wide security culture, work closely with senior leadership, and make tangible improvements to resilience in a rapidly evolving threat landscape. You’ll receive a competitive salary, substantial benefits, and the scope to develop your career within a forward-thinking organisation. 💡 If this sounds like your skill set, and More ❯

and endpoint environments, including laptops, mobile phones, corporate-managed, BYOD, and server-side devices. This critical role leads the engineering and enablement of endpoint protection technologies, ensuring device compliance, threat detection, and automated response capabilities. The role combines strong technical leadership, deep expertise in endpoint protection platforms, and a collaborative approach to operationalize security across all user and … across all device types and operating systems. Engineer and operate scalable solutions for endpoint protection, data loss prevention (DLP), and compliance checking. Build automated controls for device posture, encryption, threat detection, and remediation. Own and optimize integrations with tools such as Microsoft Defender, Purview, Symantec, CrowdStrike, or equivalent. Platform Integration & Automation: Drive automation for device onboarding, compliance validation … secure device baselines and policies. Build self-healing, zero-trust-aligned architectures for secure device management. Observability & Event Management: Implement real-time observability of endpoint health, risk exposure, and threat posture. Integrate with cybersecurity event and incident management pipelines for early detection and rapid response. Collaborate with the cyber and incident response teams to streamline investigation and containment. More ❯

team within WTW and provide an excellent service and trusted expertise to all parts of our business. We have an exciting opening for a skilled and experienced L2 Insider Threat- IRM Analyst. As part of the Cyber Defence department, this role will investigate Insider Risk Management (IRM) cases that have been escalated by our L1 Insider Threat team. … Reporting to the Insider Threat - IRM Operations Manager, the L2 Insider Threat- IRM Analyst role is suited to someone who has strong Microsoft Purview DLP and Insider Risk Management (IRM) analyst experience. It is a business facing role and requires working proactively with stakeholders and colleagues to investigate Insider Threat and IRM cases. The Role: As the … L2 Insider Threat- IRM Analyst, the primary responsibilities will be: Perform advanced analysis and investigation of Insider Threat and IRM cases across the various egress channels in both on premise and cloud environments. Analyse event/case/alert patterns to properly interpret and prioritise threats with available IRM and DLP tools and other data protection devices. Help More ❯

Threat Intelligence Analyst page is loaded Threat Intelligence Analyst Apply locations London Office Tampa Office Dublin Salt Lake City Office Las Vegas Office time type Full time posted on Posted 30 Days Ago job requisition id R14383 Why it's worth it: The ReliaQuest Threat Intelligence team provides timely , comprehensive intelligence that empowers high-fidelity detections, identifies … equips our customers with the knowledge to act decisively. Via our industry-leading security operations platform, GreyMatter , we produce operational, strategic, and tactical intelligence that delivers actionable insights into threat actor tactics, techniques, and procedures . Beyond this, we act as a thought leader in cybersecurity by offering original insights that highlight our expertise in detecting, containing , investigating, and … environment, this role will challenge you to push your boundaries, innovate continually, and operate at pace. The everyday hustle: Identify and evaluate trends, dynamics, and developments in the cyber threat landscape by conducting primary-source research and analyzing telemetry. Maintain the GreyMatter platform's threat intelligence library by writing timely , accurate , and relevant customer-facing deliverables covering threat More ❯

IR35 - 3 days a week on-site Key Responsibilities SIEM Management & Optimization: Design, implement, and maintain Microsoft Sentinel workspaces, connectors, analytics rules, and playbooks Develop advanced KQL queries for threat hunting and reporting Optimize SIEM performance, cost, and data retention policies Troubleshoot log ingestion and parsing issues Log Source Integration: Onboard and configure critical log sources (AD, firewalls, servers … cloud infrastructure) Manage event collection and forwarding infrastructure Implement data filtering and custom log parsing Threat Detection & Use Case Development: Develop and refine detection rules based on threat intelligence and attack patterns Continuously improve detection efficacy and reduce false positives Security Monitoring & Incident Response: Monitor systems for anomalies and malicious activity Contribute to threat More ❯

IR35 - 3 days a week on-site** Key Responsibilities SIEM Management & Optimization: Design, implement, and maintain Microsoft Sentinel workspaces, connectors, analytics rules, and playbooks Develop advanced KQL queries for threat hunting and reporting Optimize SIEM performance, cost, and data retention policies Troubleshoot log ingestion and parsing issues Log Source Integration: Onboard and configure critical log sources (AD, firewalls, servers … cloud infrastructure) Manage event collection and forwarding infrastructure Implement data filtering and custom log parsing Threat Detection & Use Case Development: Develop and refine detection rules based on threat intelligence and attack patterns Continuously improve detection efficacy and reduce false positives Security Monitoring & Incident Response: Monitor systems for anomalies and malicious activity Contribute to threat More ❯

and fast-paced problem-solving—and want your work to have a real impact—this could be the perfect role for you. Key Responsibilities Lead security incident response and threat detection efforts, prioritising the protection of customer data and experience Build automated detection and remediation workflows using SOAR, SIEM, and scripting (Python, SQL) Apply deep cloud security … with Fraud and Customer Experience teams to mitigate risks such as account takeover and loyalty fraud Onboard key customer-facing and payment systems into the security monitoring platform Perform threat hunting and detection engineering to identify and address emerging risks Support security audits, compliance (PCI-DSS), and post-incident reviews Mentor junior team members and contribute to a … to assess threats and act quickly to protect customer trust Strong Communicator: Confident working with technical teams, fraud analysts, and senior stakeholders Retail-Specific Insight: Familiar with customer-centric threat vectors like loyalty abuse and payment fraud Automation-First Mindset: Keen to reduce manual work through scripting and process automation Agile Approach: Comfortable working in cross-functional teams with More ❯

NCSC, NIS2), and actively manages SIEM/XDR tools such as IBM QRadar, Microsoft Sentinel, and Defender XDR. This role involves deeper client interaction, proactive risk management, and advanced threat detection consulting. Candidates must have demonstrated customer-facing experience (preferably in cybersecurity). Responsibilities: Manage and strengthen client relationships with regular strategic interactions. Lead comprehensive cybersecurity risk assessments … NIST frameworks and related standards. Oversee and implement SIEM/XDR deployments, custom rule development, and incident response processes. Provide guidance on best practices for SIEM/XDR and threat detection. Conduct security posture reviews and gap analysis. Prepare reports and present findings to client stakeholders. Location London, UK Good understanding of cybersecurity frameworks (NIST CSF, NCSC CAF, NIS2 … Security Operations Analyst Associate, EC-Council ECIH (Incident Handling), Multi-cloud Security Fundamentals training (AWS/Azure/GCP). Empowering CISOs to visualise and mitigate cyber risks. Construction Threat Landscape Report 2024 Global Threat Insight Summer Report 2024 MITRE Engenuity ATT&CK Evaluations & The Question of How to Measure Quality in a Managed Security Service More ❯

deliver runtime-isolated, reproducible models that are easy to deploy, monitor, and update without connectivity. Work closely with data scientists to define clear KPIs and success criteria-such as detection accuracy, latency, false positive/negative rates, explainability, and robustness-to determine what constitutes a production-grade, releasable model. Align model performance goals with the operational realities of the … into actionable requirements. Excellent communication and stakeholder management skills. Comfortable working in a fast-paced, iterative, and agile environment. Preferred Experience: Solid understanding of cyber security concepts such as threat detection, SIEM, anomaly detection, and incident response. Experience with tools for tracking ML models in production (e.g., MLflow). We encourage you to apply even if your More ❯

lead in customer-facing engagements, translating complex security needs into effective solution architectures Design Zero Trust-aligned network and endpoint architectures, including segmentation, micro-segmentation, NAC, and DNS-layer threat protection Lead conversations around network modernization , helping clients evolve from legacy architectures to software-defined, cloud-integrated, and policy-driven network designs Deliver workshops, product demonstrations, and proof-of … endpoint protection and EDR platforms such as CrowdStrike, SentinelOne, Microsoft Defender, or Tanium Familiarity with DNS security tools and strategies (e.g., Zscaler, Cisco Umbrella, Infoblox) and their role in threat containment Deep knowledge of Zero Trust Architecture, lateral movement prevention, and alignment to frameworks like MITRE ATT&CK and NIST CSF Excellent communication skills with the ability to influence … as the technical lead in pre-sales engagements focused on network and endpoint security. Conduct client discovery sessions, workshops, and assessments with an emphasis on segmentation strategies, visibility, and threat defence. Deliver compelling technical presentations and product demonstrations to both technical and business audiences. Solution Design & Architecture Design and validate secure architectures incorporating network segmentation/micro segmentation, DNS More ❯

networking (SDN), and AI-driven automation. Ensure end-to-end network automation to improve operational efficiency, agility, and reliability. Drive zero-trust network security principles, ensuring compliance and proactive threat mitigation. Establish a global observability and telemetry framework for real-time network insights. Align network strategies with business growth, cloud-first initiatives, and digital transformation. Network Infrastructure & Cloud Networking … Code (IaC) for network automation, ensuring agility and operational efficiency. IT Service Management & Operational Excellence: Establish network reliability objectives, including SLOs, SLIs, and error budgets. Implement real-time incident detection and response using AI-driven network analytics. Ensure high availability, network resilience, and 24x7 operational support. Develop a follow-the-sun support model, ensuring global network performance optimization. Implement … trust security frameworks, ensuring secure and resilient network access. Ensure adherence to ISO 27001, NIST, SOC 2, GDPR, and industry best practices. Collaborate with cybersecurity teams to enhance network threat detection and mitigation. Implement automated security policy enforcement, reducing human intervention in risk mitigation. Financial & Vendor Management: Optimize network infrastructure spending, ensuring cost-effective, high-performance connectivity. Lead More ❯

Infrastructure Security Design & Implementation: Develop, implement, and maintain robust security architectures and controls for cloud and on-premises infrastructures, supporting business growth while ensuring security best practices are followed. Threat Management: Proactively monitor and respond to security incidents, vulnerabilities, and threats, applying advanced techniques to safeguard systems from cyber-attacks. System Hardening & Configuration: Ensure that all infrastructure systems (e.g. … VPNs, IDS/IPS, and other network security technologies to secure connectivity and prevent unauthorized access across the company's digital assets. Incident Response & Remediation:Lead efforts in incident detection, response, and remediation for infrastructure-related security incidents, ensuring rapid mitigation and future prevention. Collaboration & Integration: Work closely with our IT and software engineering teams to integrate security into … relevant data protection laws (e.g., GDPR), security frameworks, and internal policies, contributing to audits and risk assessments where required. Automation & Optimisation: Identify opportunities for automation within security operations, from threat detection to patch management, to drive efficiency and scalability. Continuous Improvement: Stay up to date with emerging security trends, vulnerabilities, and technologies, and continually improve security processes and More ❯

for candidates with deep experience and understanding of continuous delivery, container security, SAST/DAST, secrets management, Identity and Access Management (IAM) governance, privilege management, encryption and key management, threat detection, logging, cloud infrastructure security and policy-as-code.What You'll Do: Assess Acadian's cloud IAAS environments for Indicators of Misconfiguration (IOMs) utilizing AWS built-in and More ❯

in production with a strong focus on performance, explainability, and cost-efficiency. What You'll Bring: Deep applied experience in ML/DL , with bonus points for work in threat detection , phishing , or abuse detection Proven ability to design and deploy full-stack AI pipelines in production Strong experience in backend engineering , ideally with Go and ML … frameworks like PyTorch or TensorFlow Familiarity with MLOps , cloud infrastructure (AWS) , Kubernetes , and Terraform Experience evaluating and deploying models (including anomaly detection, RAG, and clustering) in noisy, evolving data environments Nice to Have: Experience with Perl Knowledge of threat intelligence integration and MCP architectures Location: Remote Salary: Up to £120,000 , depending on experience RSG Plc is acting More ❯