101 to 125 of 269 Threat Detection Jobs in London

robust, efficient and globally coordinated security operations that protect the organisation's people, systems, and data. This includes direct ownership of security controls, security testing, vendor management, vulnerability and threat management, and incident response. You will work daily with the Group CISO to support consistent, high-assurance security practices across all regions, in-line with regional regulation and to … for the management of any global Cyber Incidents by supporting the CISO team. Additionally, you will be: Working collaboratively with the SOC to ensure 24/7 visibility and threat detection across global environments, driving maturity and constant improvements to support the ever-changing threat landscape. Defining and monitoring KPIs for detection, response, and containment performance. … vendors responsible for supporting CFC. Ensuring security controls are deployed, tuned, and monitored effectively across cloud and on-premises assets. Leading the organisation's global vulnerability management program, ensuring threat led and risk-based prioritization, along with collaboration with IT for timely remediation. Leading on and refining the incident response playbooks Support the Group CISO to define security maturity More ❯

role will be pivotal in enhancing our cybersecurity framework by leading the integration and utilization of these key security tools. Responsibilities include designing and optimizing SIEM rules for superior threat detection and incident management, deploying SOAR tools for automated security responses, and ensuring robust API security. The engineer will oversee the performance and security posture of our platforms … XDR products, including their integration with existing tools, utilizing them to elevate existing Security Operations Design and optimize SIEM (Security Information and Event Management) rules using FortiSIEM to enhance threat detection and streamline incident response activities Deploy and manage Endpoint Detection and Response (EDR) solutions, specifically FortiEDR, SentinelOne, and Defender for Endpoint to identify and mitigate endpoint … required Qualifications and Required Skills Proven experience with Microsoft Sentinel and Defender XDR products Strong background in SIEM rule design and optimization Extensive experience in implementing and overseeing Endpoint Detection and Response (EDR) solutions Experience with SOAR tools and automated security response implementations Familiarity with API security protocols and measures Ability to analyze large amounts of data from various More ❯

report to the CISO and lead a high-performing team dedicated to protecting our customers, employees, and partners from cyber threats. You'll lead a technical team focused on detection and response, and partner cross-functionally with IT, Engineering, and other stakeholders to develop and implement scalable, frictionless security controls. Your Impact Lead the development of a best-in … class detection and response program by streamlining incident response processes and enhancing threat detection in collaboration with Security and Engineering teams. Foster organizational resilience by building strong partnerships across the business and continuously improving incident preparedness. Collaborate with IT to implement seamless enterprise security controls across endpoints, networks, email, and SaaS environments. Oversee and evolve the Identity … and growth. Establish and track security operations KPIs to drive operational excellence and promote a culture of continuous improvement. Your Qualifications 7+ years of leadership experience in security operations, detection and response, or enterprise security, including in SaaS/cloud environments. Proven expertise managing the full incident response lifecycle, from detection to resolution, including automation and threat More ❯

Security Operations Centre (SOC) to improve the efficiency and effectiveness of security operations. This role focuses on automating repetitive tasks, optimizing workflows, and integrating tools and systems to enhance threat detection, incident response, and overall SOC performance. The goal is to streamline security operations, reduce manual effort, and accelerate the identification and mitigation of security threats, enabling the … with automation tools (e.g., SOAR platforms, Ansible, Phantom or similar). Proficiency in scripting languages (e.g., Python, PowerShell, Bash). Strong understanding of SOC processes, including incident response and threat detection. Experience with SIEM platforms (e.g., Splunk). Knowledge of security frameworks (e.g., NIST, MITRE ATT&CK). Skills Proficiency in automation tools (e.g., SOAR platforms, Ansible, Phantom). … Expertise in scripting languages (e.g., Python, PowerShell, Bash). Strong knowledge of SOC processes (incident response, threat detection). Experience with SIEM platforms (e.g., Splunk). Ability to integrate and automate security tools. Strong problem-solving and analytical skills. Experience in developing automated workflows and playbooks. Knowledge of security frameworks (e.g., MITRE ATT&CK, NIST). Strong collaboration More ❯

position responsible for senior support of critical cybersecurity technologies and processes across the South West Local Delivery Group (LDG). This mid-level position requires hands-on experience in threat detection, incident response, and security monitoring. The ideal candidate will have proven expertise in security tools and technologies, with the ability to work independently while collaborating effectively with … cross-functional teams. Key Responsibilities: Use knowledge of security tools (EDR/XDR, SIEM, VM, etc.) to conduct detailed investigations. Coordinate and lead incident response activities, including detection, investigation, containment, eradication, and recovery in coordination with external stakeholders (HSP(s), Managed Security Service Providers (MSSPs), Ontario Health, Canadian Centre for Cyber Security and law enforcement). Conduct root cause … analysis and post-incident activities. Maintain documentation of incidents, investigations, and response actions. Conduct Threat Hunting activities to proactively identify incidents warranting action to disrupt and remediate threats. Conduct vulnerability assessments and support patch management efforts. Collaborate with Engineering to improve detections, enrich data, and find process efficiencies. Collaborate with HSP IT staff and departments to ensure the appropriate More ❯

bringing together two pioneers that have redefined the cybersecurity industry with their innovative, native AI-optimized services, technologies and products. Sophos is now the largest pure-play Managed Detection and Response (MDR) provider, supporting more than 28,000 organizations. In addition to MDR and other services, Sophos’ complete portfolio includes industry-leading endpoint, network, email, and cloud security that … interoperate and adapt to defend through the Sophos Central platform. Secureworks provides the innovative, market-leading Taegis XDR/MDR, identity threat detection and response (ITDR), next-gen SIEM capabilities, managed risk, and a comprehensive set of advisory services. Sophos sells all these solutions through reseller partners, Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) worldwide … defending more than 600,000 organizations worldwide from phishing, ransomware, data theft, and other everyday and state-sponsored cybercrimes. The solutions are powered by historical and real-time threat intelligence from Sophos X-Ops and the newly added Counter Threat Unit (CTU). Sophos is headquartered in Oxford, U.K. More information is available at www.sophos.com. Role Summary Corporate More ❯

be crucial in helping clients protect industrial systems from evolving cyber threats. Day-to-Day Responsibilities: Consulting and Advisory Security Assessments & Roadmap Development Conduct comprehensive security assessments and develop threat models of clients' OT environments and security tool portfolio. Develop roadmaps, strategies, and implementation plans for identified risks and requirements. Provide expert advice on cybersecurity best practices, risk management … OT Security standards such as ISA/IEC 62443, NIST 800-82, etc. Proficiency using OT-specific security tools and frameworks such as Nozomi Networks, Tenable, Armis etc for threat detection and response in Industrial Control Systems (ICS). Deep knowledge of ICS systems, including their architectures, communication protocols (e.g., Modbus, DNP3, OPC), and security challenges. Experience with … security technologies relevant to enterprise and OT environments. Proficiency in network security, threat analysis, and risk assessment. Strong analytical and problem-solving abilities. Excellent communication and interpersonal skills. Ability to work independently and collaboratively with cross-functional teams. About Kroll Join the global leader in risk and financial advisory solutions—Kroll. With a nearly century-long legacy, we blend More ❯

lead in customer-facing engagements, translating complex security needs into effective solution architectures Design Zero Trust-aligned network and endpoint architectures, including segmentation, micro-segmentation, NAC, and DNS-layer threat protection Lead conversations around network modernization , helping clients evolve from legacy architectures to software-defined, cloud-integrated, and policy-driven network designs Deliver workshops, product demonstrations, and proof-of … endpoint protection and EDR platforms such as CrowdStrike, SentinelOne, Microsoft Defender, or Tanium Familiarity with DNS security tools and strategies (e.g., Zscaler, Cisco Umbrella, Infoblox) and their role in threat containment Deep knowledge of Zero Trust Architecture, lateral movement prevention, and alignment to frameworks like MITRE ATT&CK and NIST CSF Excellent communication skills with the ability to influence … as the technical lead in pre-sales engagements focused on network and endpoint security. Conduct client discovery sessions, workshops, and assessments with an emphasis on segmentation strategies, visibility, and threat defence. Deliver compelling technical presentations and product demonstrations to both technical and business audiences. Solution Design & Architecture Design and validate secure architectures incorporating network segmentation/micro segmentation, DNS More ❯

lead in customer-facing engagements, translating complex security needs into effective solution architectures Design Zero Trust-aligned network and endpoint architectures, including segmentation, micro-segmentation, NAC, and DNS-layer threat protection Lead conversations around network modernization , helping clients evolve from legacy architectures to software-defined, cloud-integrated, and policy-driven network designs Deliver workshops, product demonstrations, and proof-of … endpoint protection and EDR platforms such as CrowdStrike, SentinelOne, Microsoft Defender, or Tanium Familiarity with DNS security tools and strategies (e.g., Zscaler, Cisco Umbrella, Infoblox) and their role in threat containment Deep knowledge of Zero Trust Architecture, lateral movement prevention, and alignment to frameworks like MITRE ATT&CK and NIST CSF Experience supporting RFP/RFI processes, technical solution … as the technical lead in pre-sales engagements focused on network and endpoint security. Conduct client discovery sessions, workshops, and assessments with an emphasis on segmentation strategies, visibility, and threat defence. Deliver compelling technical presentations and product demonstrations to both technical and business audiences. Design and validate secure architectures incorporating network segmentation/micro segmentation, DNS-layer protection, and More ❯

with stakeholders across business units to ensure risk-aligned response Developing a strategic business case to scale and insource CIRT capabilities Driving continuous improvement through post-incident reviews and threat landscape analysis Ensuring compliance with regulatory requirements and frameworks (e.g. GDPR, NIST, PCI-DSS, MITRE ATT&CK) Requirements 5–10 years of experience in Security Operations, CIRT, or senior … SOC roles Strong leadership capability or experience managing incident response teams Deep technical knowledge of SIEM, SOAR, EDR, and forensic tooling Strong grasp of threat detection methodologies and security frameworks Proven ability to engage senior stakeholders and drive alignment across functions Recognised certifications (e.g., CISSP, CISM) preferred Background in regulated or CNI environments is advantageous For more information More ❯

company, helping them integrate secure practices into the platforms they build and operate. Your day-to-day will involve everything from shaping IAM strategy to improving cloud visibility, refining detection signals, and helping teams close the gaps that matter most. The opportunity Design, implement, and manage security controls across AWS and GCP environments Work across the security organization to … support incident response, threat detection, compliance, and security reviews in cloud environments Partner with development teams to identify risks and help implement effective mitigations Identify and assess cloud risks, prioritize them, and lead remediation through automation or policy Improve operational efficiency by reducing friction between security and delivery Implement and improve IAM controls to ensure appropriate access across … teams, environments, and services Build scalable detection and monitoring into the fabric of our cloud infrastructure Evolve security standards and best practices through repeatable, well-documented approaches Skills You Should HODL Deep experience securing cloud environments, with a strong focus on AWS Expertise in identity and access management (IAM), including designing least-privilege models, managing complex permission structures, and More ❯

Proficiency in Microsoft 365 security and identity access management. • Familiarity with Cloudflare security services. • Expertise in Microsoft Defender security operations. • Advanced knowledge of Microsoft RBAC and PIM. • Experience in threat detection and incident response. • Hands-on experience with Microsoft Dataverse. • Experience with Azure Firewall settings and Azure Virtual Network (VNet). • Proficiency in PowerShell scripting. • Experience in leading More ❯

of cyber security frameworks, including but not limited to ISA/IEC62443, NCSC CAF, NIST SP 800-82, HSE OG86, ISO 27001. Awareness and understanding of the OT security threat landscape. Ability to understand and articulate the impacts of cyber security events in various OT environments. Experience in performing cyber risk assessments. Familiarity with asset discovery, vulnerability analysis, and … threat detection tooling. Expertise in an industrial sector. Strong verbal communication skills and technical authoring capabilities. What's in it for you? Our vision is to create a safe, inclusive digital world where people and organisations can thrive. Our values of 'Do the Right Thing', 'One Team' and 'Above and Beyond' emphasises the importance of the part we More ❯

security controls applied. Duties and Responsibilities: Triage and investigate alerts from security systems such as SIEM and EDR Collaborate with both internal and external security teams to conduct cyber threat detection and incident handling Provide timely and accurate communications to customers and other stakeholders on cyber threats and incidents Keep accurate records of all work carried out on More ❯

relevant SOAR certifications. Experience with automation tools (e.g., SOAR platforms, Ansible, Phantom). Proficiency in scripting languages (Python, PowerShell, Bash). Strong understanding of SOC processes, incident response, and threat detection. Experience with SIEM platforms (Splunk, QRadar, ArcSight). Knowledge of security frameworks (NIST, MITRE ATT&CK). 3-5 years of experience in SOC or cybersecurity roles. Hands … on experience with automation tools and scripting for automation. Background in SOC operations, incident response, and threat detection. Experience developing automated workflows and playbooks. Strong problem-solving, collaboration, and communication skills. Additional Information Benefits: Challenging career in a dynamic, multicultural environment with benefits such as health insurance, pension, and performance bonuses. Diversity and Inclusion: We promote an inclusive workplace More ❯

Direct message the job poster from Lorien Sourcing Consultant at Lorien: Empowering Businesses with Strategic Procurement Solutions Job Posting: L3 Insider Threat Engineering Lead - DLP Location: Remote UK Job Type: Contract About the Role We are seeking a highly skilled L3 Insider Threat Engineering Lead - DLP to manage and enhance our Insider Threat Data Loss Prevention (DLP … capabilities. This role is pivotal in ensuring the effectiveness of our DLP platform and leading a globally distributed team of engineers. Reporting to the Global Head of Insider Threat, you will play a crucial role in safeguarding sensitive data and mitigating insider risks. Key Responsibilities Oversee the technical management, troubleshooting, and administration of the DLP platform. Lead and mentor … a diverse team of Insider Threat Engineers specializing in DLP, providing guidance, coaching, and technical expertise. Collaborate with the L1 Insider Threat Manager, the L3 Insider Threat Engineering Lead – IRM, and senior leadership to refine strategies, rules, policies, and procedures for data loss prevention. Develop and maintain a technical roadmap aligned with the overall cybersecurity strategy. Optimize More ❯

Head of Cyber Security Detection and Response Join to apply for the Head of Cyber Security Detection and Response role at Aviva Head of Cyber Security Detection and Response Join to apply for the Head of Cyber Security Detection and Response role at Aviva Get AI-powered advice on this job and more exclusive features. Head … of Cyber Security Detection and Response We are seeking a highly skilled and experienced Head of Cyber Security Detection and Response to lead and manage Aviva's strategy and teams responsible for detecting and responding to cyber security threats. This role is pivotal in our strategy and approach for detecting malicious activity and responding to all cyber incidents. … It is a challenging role that requires domain expertise and a deep understanding of the evolving threat landscape. A bit about the job: This role leads Aviva’s cyber defence operations, overseeing threat detection, response, and recovery across the organisation. It plays a strategic part in shaping security capabilities and ensuring resilience against emerging cyber threats. Lead More ❯

well as the communities in which we operate. Thank you for considering Allspring as you explore the next step in your career journey. POSITION Allspring is seeking a Cybersecurity Threat Handler to join the Allspring Engineering and Technology (AllspringET) Information Security team. The Cybersecurity Threat Handler will be responsible for managing the remediation process for security incidents originating … Windows endpoints with a deep understanding of operating system security. Experience handling incidents originating from Microsoft cloud-based services like Azure and Microsoft 365. PREFERRED QUALIFICATIONS Familiarity with AWS threat detection and logging services such as GuardDuty and CloudTrail, as well as industry standard Cloud SIEMs like DataDog. Proficiency in analyzing security events within endpoint protection platforms like … CrowdStrike Falcon. Ability to liaise effectively with SOC Analysts and Threat Hunters from our Managed Detection and Response vendor. Understanding of current cybersecurity threats, typical signs of attacks, and approaches to prevent and mitigate such incidents. Strong multitasking abilities and the ability to prioritize duties in a fast-paced environment. Excellent verbal and written communication skills. Effective influencing More ❯

My client, an International Financial Services firm, based in London, are looking for a Senior Cyber Threat Hunter to join their growing team. This role will require you to work two days per week in their offices close to Canary Wharf. About the Senior Cyber Threat Hunter Role: My client is seeking a highly motivated, and skilled Senior … Threat Hunter to join a global threat management team. The role will be located in London. The position will report to the Head of Cyber Threat Intelligence and will proactively identify, investigate, and mitigate advanced cyber threats across our organization's network and systems. Leveraging a deep understanding of the latest attack techniques, threat actor tactics … tools including SIEM, EDR, and IDS/IPS (extract TTPs and behaviors from research to apply to logging and tool queries/hunts and detections) Research, document and develop threat detections based on behavioral attributes of actors, malware operators, and general threats Identify and execute tuning/configuration changes to improve detection or reporting capabilities Perform deep analysis More ❯

Role Lead the design, deployment, and tuning of enterprise-grade SIEM platforms (e.g., Splunk, Azure Sentinel, etc.) Collaborate with stakeholders to define logging requirements, use cases, detection rules, and dashboards Oversee integration of data sources from cloud, on-premises, endpoint, network, and application layers Create and maintain detection rules, correlation logic, and alerts tailored to specific threat … experience with one or more major SIEM platforms (e.g., Splunk, Sentinel, etc.) Deep understanding of log ingestion, parsing, normalization, and enrichment Strong grasp of the MITRE ATT&CK framework, threat detection, and alert logic Experience with cloud logging and monitoring (AWS CloudTrail, Azure Monitor, GCP, etc.) Experience with threat modeling, cloud security, or Identity and Access Management More ❯

Role Lead the design, deployment and tuning of enterprise-grade SIEM platforms (e.g. Splunk, Azure Sentinel etc.) Collaborate with stakeholders to define logging requirements, use cases, detection rules and dashboards Oversee integration of data sources from cloud, on-prem, endpoint, network and application layers Create and maintain detection rules, correlation logic and alerts tailored to specific threat … on expertise with one or more major SIEM platforms (e.g. Splunk, Sentinel etc.) Deep understanding of log ingestion, parsing, normalisation and enrichment Strong grasp of MITRE ATT&CK framework, threat detection and alert logic Solid scripting/automation skills (e.g., Python, PowerShell, Bash) Experience with cloud logging and monitoring (AWS CloudTrail, Azure Monitor, GCP etc.) Experience with threat More ❯

Role Lead the design, deployment and tuning of enterprise-grade SIEM platforms (e.g. Splunk, Azure Sentinel etc.) Collaborate with stakeholders to define logging requirements, use cases, detection rules and dashboards Oversee integration of data sources from cloud, on-prem, endpoint, network and application layers Create and maintain detection rules, correlation logic and alerts tailored to specific threat … on expertise with one or more major SIEM platforms (e.g. Splunk, Sentinel etc.) Deep understanding of log ingestion, parsing, normalisation and enrichment Strong grasp of MITRE ATT&CK framework, threat detection and alert logic Solid scripting/automation skills (e.g., Python, PowerShell, Bash) Experience with cloud logging and monitoring (AWS CloudTrail, Azure Monitor, GCP etc.) Experience with threat More ❯

in securing complex, cloud-first environments within a data-rich, high-scale business — helping protect critical infrastructure and client data across global platforms. What You’ll Be Doing Leading threat detection and incident response across GCP environments Building and refining cloud-native detections using Kusto Query Language (KQL) Driving security automation and Infrastructure-as-Code practices Enhancing cloud … visibility through effective logging, monitoring, and threat modelling Collaborating with SOC analysts, engineers, and data teams to secure workloads and services Performing proactive threat hunts and maturing detection logic over time Key skills and experience include: Cloud security expertise in Google Cloud Platform Hands-on experience with cloud-native tools (e.g., Defender for Cloud, GCP Security Command … Center) Detection engineering using KQL, particularly with Microsoft Sentinel Familiarity with Kubernetes, Docker, and securing containerised services Understanding of Zero Trust Architecture, MITRE ATT&CK, and cloud threat models Experience with SOAR platforms and automation pipelines Scripting or programming skills (Python, PowerShell, Bash, etc.) Interviews are moving fast — apply now or reach out to learn more. More ❯

in securing complex, cloud-first environments within a data-rich, high-scale business — helping protect critical infrastructure and client data across global platforms. What You’ll Be Doing Leading threat detection and incident response across GCP environments Building and refining cloud-native detections using Kusto Query Language (KQL) Driving security automation and Infrastructure-as-Code practices Enhancing cloud … visibility through effective logging, monitoring, and threat modelling Collaborating with SOC analysts, engineers, and data teams to secure workloads and services Performing proactive threat hunts and maturing detection logic over time Key skills and experience include: Cloud security expertise in Google Cloud Platform Hands-on experience with cloud-native tools (e.g., Defender for Cloud, GCP Security Command … Center) Detection engineering using KQL, particularly with Microsoft Sentinel Familiarity with Kubernetes, Docker, and securing containerised services Understanding of Zero Trust Architecture, MITRE ATT&CK, and cloud threat models Experience with SOAR platforms and automation pipelines Scripting or programming skills (Python, PowerShell, Bash, etc.) Interviews are moving fast — apply now or reach out to learn more. More ❯

in securing complex, cloud-first environments within a data-rich, high-scale business — helping protect critical infrastructure and client data across global platforms. What You’ll Be Doing Leading threat detection and incident response across GCP environments Building and refining cloud-native detections using Kusto Query Language (KQL) Driving security automation and Infrastructure-as-Code practices Enhancing cloud … visibility through effective logging, monitoring, and threat modelling Collaborating with SOC analysts, engineers, and data teams to secure workloads and services Performing proactive threat hunts and maturing detection logic over time Key skills and experience include: Cloud security expertise in Google Cloud Platform Hands-on experience with cloud-native tools (e.g., Defender for Cloud, GCP Security Command … Center) Detection engineering using KQL, particularly with Microsoft Sentinel Familiarity with Kubernetes, Docker, and securing containerised services Understanding of Zero Trust Architecture, MITRE ATT&CK, and cloud threat models Experience with SOAR platforms and automation pipelines Scripting or programming skills (Python, PowerShell, Bash, etc.) Interviews are moving fast — apply now or reach out to learn more. More ❯