76 to 100 of 251 Threat Detection Jobs in London

Define and lead the cyber security strategy across IT Security, Cyber Security, and Information Security. Oversee security controls, risk management, and compliance across cloud and on-prem environments. Manage threat detection, monitoring, and incident response using Microsoft Defender, Sentinel, and Entra ID. Lead identity & access management (IAM) and ensure secure authentication processes. Support M&A security assessments and More ❯

a cyber security role (ideally within an MSP or multi-client setting) Security certifications like Security+, CySA+, or equivalent (working toward CISSP or equivalent a bonus) Strong understanding of threat detection, risk analysis, and incident response Excellent communication and documentation skills Why Join? Broad exposure across industries and technologies Supportive, close-knit team environment Clear progression paths into More ❯

a cyber security role (ideally within an MSP or multi-client setting) Security certifications like Security+, CySA+, or equivalent (working toward CISSP or equivalent a bonus) Strong understanding of threat detection, risk analysis, and incident response Excellent communication and documentation skills Why Join? Broad exposure across industries and technologies Supportive, close-knit team environment Clear progression paths into More ❯

a cyber security role (ideally within an MSP or multi-client setting) Security certifications like Security+, CySA+, or equivalent (working toward CISSP or equivalent a bonus) Strong understanding of threat detection, risk analysis, and incident response Excellent communication and documentation skills Why Join? Broad exposure across industries and technologies Supportive, close-knit team environment Clear progression paths into More ❯

to enterprise clients, with a strong emphasis on security. For more information on GTT, please visit www.gtt.net . Role Summary The CSOC team at GTT specializes in providing Managed Detection and Response (MDR) services that meet and exceed government and certification body standards. Collaborating closely with our high-value customer base, the team delivers a wide range of security … Qualifications Proficiency in Security Information and Event Management (SIEM) platforms. Demonstrated experience in analysing and responding to security incidents. Strong understanding of cybersecurity principles and best practices. Experience in threat detection, analysis, and mitigation. Familiarity with incident response procedures and playbooks. Excellent analytical and problem-solving skills. Strong communication skills to collaborate effectively with stakeholders and customers. Relevant More ❯

clients enable advanced cyber defences that reduce risk with quantifiable results. We’re comprised of top talent from private industry, government, intelligence, and law enforcement who are specialists in threat detection, incident response, digital forensics, offensive security, risk management, and cyber resilience. As a subsidiary of specialty insurance giant, Beazley Insurance, we’ve been at the forefront of … framework policies, procedures, and standards that align with clients' goals and industry best practices. Conduct tabletops/workshops with clients discussing information security best practices, incident response, and the threat landscape. Advise clients on compliance requirements, such as GDPR, HIPAA, NIST, ISO 27001, and other relevant regulations. Stay up to date with the latest cybersecurity threats, trends, and regulatory More ❯

penetration testing, red-teaming, and bug bounty programs. Build relationships with the ethical hacking community and create internal safe hacking environments to continuously test and improve our systems. Oversee threat modeling, vulnerability assessments, and incident response frameworks. Hands-on expertise in probing for security vulnerabilities in medium to large-scale organizations. Technology Governance & Risk Develop and maintain a unified … with business initiatives. Innovation & Operational Excellence Drive continuous improvement in IT infrastructure and cloud security through emerging technologies and automation. Evaluate and adopt cutting-edge tools and methodologies for threat detection, response, and prevention. Manage the IT & Security budget, vendors, and tooling with a value-driven approach. People Leadership Inspire and lead a high-performing team of IT More ❯

to ensure secure configurations and timely resolution of security issues. Assist with the management and configuration of our e-mail protection, web control and device monitoring platforms. Contribute to threat intelligence analysis and recommend defensive improvements. Support the development and maintenance of security policies, procedures, and technical standards. Assist with internal and external audits, security assessments, and compliance activities. … experience with Microsoft security tools (Defender for Endpoint, Sentinel, Purview, etc.). Exposure to vulnerability scanning tools such as Qualys, Tenable, or Microsoft Defender Vulnerability Management. Familiarity with email threat detection and user behavioural analytics platforms. Experience working with data loss prevention (DLP) solutions across endpoints and cloud environments. Understanding of secure browser isolation or user activity monitoring More ❯

security into all development and deployment stages. Key Responsibilities Security Design and Implementation: Design security architectures for AI systems, cloud environments, and data pipelines; integrate security into the SDLC. Threat Detection and Response: Monitor security events, respond to incidents, conduct root cause analysis, and implement corrective actions. Vulnerability Management: Conduct assessments, penetration testing, vulnerability scans, and collaborate on More ❯

emerging technologies to enhance operations, security, and digital transformation. Infrastructure & Security Oversight Manage core IT infrastructure including networks, cloud environments, and trading systems. Ensure best-in-class cybersecurity practices: threat detection, endpoint protection, encryption, and compliance. Maintain and regularly test business continuity and disaster recovery plans. Operational Support & Efficiency Oversee the IT helpdesk and ensure responsive, high-quality More ❯

Threat Hunter UK (Manchester, Cheltenham or London) We are seeking a highly capable and hands-on Threat Hunter to design and lead a professional threat hunting capability focused on identifying sophisticated adversaries through hypothesis-driven analysis and automation. You will be responsible for proactively detecting and analysing advanced threats across the customers environment. Ensuring our threat models and threat hunts are tightly aligned to industry risks to the customer. This is a high-impact role with significant autonomy. You’ll need to think critically, and hunt methodically. As a Threat Hunter, you will actively search for cyber threats that evade traditional security solutions. Your role will involve conducting in-depth analysis, identifying indicators … of compromise (IOCs), and working cross-functionally with the Security Operations Centre Analysts, Detection Engineers, Privacy Team and Engineering Team to mitigate risks. Summary Threat Detection and Monitoring: Design, build, and own a formal threat hunting program with a strong emphasis on hypothesis-based hunting methodologies. Use threat intelligence, MITRE ATT&CK, and risk models More ❯

Why it’s worth it: The ReliaQuest Threat Intelligence team provides timely, comprehensive intelligence that empowers high-fidelity detections, identifies known and emerging threats, and equips our customers with the knowledge to act decisively. Via our industry-leading security operations platform, GreyMatter, we produce operational, strategic, and tactical intelligence that delivers actionable insights into threat actor tactics, techniques … environment, this role will challenge you to push your boundaries, innovate continually, and operate at pace. The everyday hustle: Identify and evaluate trends, dynamics, and developments in the cyber threat landscape by conducting primary-source research and analyzing telemetry. Maintain the GreyMatter platform’s threat intelligence library by writing timely, accurate, and relevant customer-facing deliverables covering threat actors, vulnerabilities, campaigns, and malware. Supply intelligence to internal teams to enrich our threat detection, containment, investigation, and response capabilities. Conduct investigations to support fast-turnaround and long-form customer requests for information, including in incident response scenarios. Publish emergency customer advisories to alert on impactful developments requiring immediate action. Carry out research and operations on the More ❯

Financial Services) We're looking for a Security Engineer to strengthen SOC capabilities at a financial services client. The focus is on SIEM/SOAR tooling, automation, and improving threat detection and response. Responsibilities: Maintain and optimise SOC tools (SIEM, SOAR, EDR). Automate detection and response using scripts (Python, PowerShell). Integrate threat intel, onboard … log sources, and fine-tune alerts. Collaborate with SOC teams to enhance detection and incident response workflows. Support regulatory compliance (FCA, PRA, DORA) through improved security operations. Requirements: 4+ years in cybersecurity, with 2+ in SOC or security engineering. Strong experience with SIEM/SOAR (e.g., Splunk, Sentinel). Proficient in scripting (Python, PowerShell). Knowledge of MITRE ATT More ❯

Job Summary: The Senior Incident Response Analyst will play a critical role in our Security Operations Center (SOC) by leading the detection, analysis, and response to cybersecurity incidents. This individual will be responsible for monitoring security events, conducting in-depth investigations, and implementing advanced threat detection techniques. The ideal candidate will have extensive experience in cybersecurity, a … strong understanding of threat landscapes, and the ability to mentor junior analysts. The role requires a willingness to work on shifts, including one weekend a month during predominantly sociable hours. Key Responsibilities: Monitor and analyze security events from various sources. Conduct in-depth investigations of security events to determine root cause, potential impact, and mitigation steps. Collaborate with other … and guidance to junior SOC analysts. Stay current with emerging threats, vulnerabilities, and industry best practices. Participate in the development and refinement of SOC processes and procedures. Engage in threat hunting activities and rule writing/detection engineering as encouraged. Qualifications: Bachelor’s degree in Computer Science, Information Security, or a related field. Relevant certifications (e.g., CISSP, CISM More ❯

access to Microsoft’s security product roadmap, security previews, and frontline support. You'll work at the sharp end of cyber defence, directly contributing to investigations involving nation-state threat actors (including IR, CH, and NK based campaigns) while refining your craft across enterprise-scale log ingestion and customised Sentinel integration engineering that will stretch your skills, give you … ll own and optimise enterprise-wide log onboarding into Microsoft Sentinel – deploying standard and custom connectors, Function Apps, and parsers to build tailored SIEM solutions that drive real-world threat detection and response. Log ingestion at scale across numerous hybrid and multi-cloud environments Enhance custom Function Apps and ingestion pipelines Parse, normalise, and optimise log telemetry to … ensure precision and cost control Partner with IR teams on real attacks – tuning rules against live threat actor activity Sync closely with Microsoft teams to build cutting-edge detection capabilities Contribute to internal knowledge base and help shape engineering standards What's needed? Experience building and integrating complex Microsoft Sentinel at SMC and enterprise Understanding of security telemetry More ❯

Security Operations Analyst for a 6-month contract (with strong extension potential). This is your chance to step into a high-impact role where you’ll sharpen cloud detection strategies, lead threat response efforts, and make your mark on a modern, cloud-native security operation — all within a business that thrives on data at scale. Key Responsibilities … across hybrid and cloud estates (GCP) Crafting and fine-tuning smart detections using KQL Leading the charge on incident response, from first alert to final report Getting stuck into threat hunting and shaping how detections are built and improved Helping drive security automation and weaving in IaC wherever possible Teaming up with engineers and platform folk to lock down … cloud and container environments Requirements: Solid chops in security monitoring, threat detection, and fast, effective incident response Hands-on with XDR tools like Defender, Carbon Black, CrowdStrike, or FireEye Confident with KQL, especially in Microsoft Sentinel Strong background in GCP Experience securing Kubernetes, Docker, and containerised workloads Familiar with MITRE ATT&CK, SOAR, and writing detections as code More ❯

Security Operations Analyst for a 6-month contract (with strong extension potential). This is your chance to step into a high-impact role where you’ll sharpen cloud detection strategies, lead threat response efforts, and make your mark on a modern, cloud-native security operation — all within a business that thrives on data at scale. Key Responsibilities … across hybrid and cloud estates (GCP) Crafting and fine-tuning smart detections using KQL Leading the charge on incident response, from first alert to final report Getting stuck into threat hunting and shaping how detections are built and improved Helping drive security automation and weaving in IaC wherever possible Teaming up with engineers and platform folk to lock down … cloud and container environments Requirements: Solid chops in security monitoring, threat detection, and fast, effective incident response Hands-on with XDR tools like Defender, Carbon Black, CrowdStrike, or FireEye Confident with KQL, especially in Microsoft Sentinel Strong background in GCP Experience securing Kubernetes, Docker, and containerised workloads Familiar with MITRE ATT&CK, SOAR, and writing detections as code More ❯

Security Operations Analyst for a 6-month contract (with strong extension potential). This is your chance to step into a high-impact role where you’ll sharpen cloud detection strategies, lead threat response efforts, and make your mark on a modern, cloud-native security operation — all within a business that thrives on data at scale. Key Responsibilities … across hybrid and cloud estates (GCP) Crafting and fine-tuning smart detections using KQL Leading the charge on incident response, from first alert to final report Getting stuck into threat hunting and shaping how detections are built and improved Helping drive security automation and weaving in IaC wherever possible Teaming up with engineers and platform folk to lock down … cloud and container environments Requirements: Solid chops in security monitoring, threat detection, and fast, effective incident response Hands-on with XDR tools like Defender, Carbon Black, CrowdStrike, or FireEye Confident with KQL, especially in Microsoft Sentinel Strong background in GCP Experience securing Kubernetes, Docker, and containerised workloads Familiar with MITRE ATT&CK, SOAR, and writing detections as code More ❯

SOC workflows, automating enrichment processes using automation tools, and developing playbooks for more efficient alert handling. Oversee the deployment, configuration, and tuning of SOC related security tools to enhance detection accuracy, reduce false positives, and manage end-to-end EDR operations. Cloud Security Monitoring: Analyse and manage security logs Security Monitoring & Threat Detection: Continuously monitor security alerts … events, and IoCs across all platforms. Youll build and deploy queries and scripts, and create dashboards and workflows to enhance visibility and reporting Proactive Threat Hunting: Develop and implement threat hunting procedures to proactively identify potential risks and vulnerabilities before they escalate. Incident Response: Coordinate with the SOC team and cross-functional teams during the incident response lifecycle … if you need any adjustments throughout the process in whatever way works best for you. About You Experience in SOC or incident response roles, with hands-on experience in threat detection and mitigation. Technical Skills: Strong capability in threat detection, incident response, and analysis of complex attack patterns, with a focus on the Cloud environment. Skilled More ❯

Financial Services) We're looking for a Security Engineer to strengthen SOC capabilities at a financial services client. The focus is on SIEM/SOAR tooling, automation, and improving threat detection and response. Responsibilities: Maintain and optimise SOC tools (SIEM, SOAR, EDR). Automate detection and response using scripts (Python, PowerShell). Integrate threat intel, onboard … log sources, and fine-tune alerts. Collaborate with SOC teams to enhance detection and incident response workflows. Support regulatory compliance (FCA, PRA, DORA) through improved security operations. Requirements: 4+ years in cybersecurity, with 2+ in SOC or security engineering. Strong experience with SIEM/SOAR (e.g., Splunk, Sentinel). Proficient in scripting (Python, PowerShell). Knowledge of MITRE ATT More ❯

Security Analyst – Contract Role Rate: Up to £450 per day (Outside IR35) Duration: 12 Months - Potentially Extendable Are you a hands-on Cyber Security Analyst with a passion for threat detection, incident response, and proactive defence? We’re working with a leading public sector organisation seeking a skilled professional to join their Cyber Security team. Lead and support … Cyber Security Incident Response — triaging alerts and reports, escalating as needed, and applying lessons learned. Enhance detection engineering, configuring alerts and automating remediation to manage high-volume security data. Drive training and awareness, leading phishing simulations and crafting internal communications to build security culture. Leverage threat intelligence to conduct proactive threat hunting and surface risks. Manage vulnerability … Strong analytical and troubleshooting ability — comfortable solving problems from first principles. Proven operational cyber security experience at enterprise scale. Hands-on expertise in cyber incident response, vulnerability management, and threat detection. A self-starter with excellent communication skills and a proactive approach to continuous improvement. Desirable Qualifications: Security certifications (SANS, vendor-based) ITIL certification This is a fantastic opportunity More ❯

robust, efficient and globally coordinated security operations that protect the organisation's people, systems, and data. This includes direct ownership of security controls, security testing, vendor management, vulnerability and threat management, and incident response. You will work daily with the Group CISO to support consistent, high-assurance security practices across all regions, in-line with regional regulation and to … for the management of any global Cyber Incidents by supporting the CISO team. Additionally, you will be: Working collaboratively with the SOC to ensure 24/7 visibility and threat detection across global environments, driving maturity and constant improvements to support the ever-changing threat landscape. Defining and monitoring KPIs for detection, response, and containment performance. … vendors responsible for supporting CFC. Ensuring security controls are deployed, tuned, and monitored effectively across cloud and on-premises assets. Leading the organisation's global vulnerability management program, ensuring threat led and risk-based prioritization, along with collaboration with IT for timely remediation. Leading on and refining the incident response playbooks Support the Group CISO to define security maturity More ❯

robust, efficient and globally coordinated security operations that protect the organisation's people, systems, and data. This includes direct ownership of security controls, security testing, vendor management, vulnerability and threat management, and incident response. You will work daily with the Group CISO to support consistent, high-assurance security practices across all regions, in-line with regional regulation and to … for the management of any global Cyber Incidents by supporting the CISO team. Additionally, you will be: Working collaboratively with the SOC to ensure 24/7 visibility and threat detection across global environments, driving maturity and constant improvements to support the ever-changing threat landscape. Defining and monitoring KPIs for detection, response, and containment performance. … vendors responsible for supporting CFC. Ensuring security controls are deployed, tuned, and monitored effectively across cloud and on-premises assets. Leading the organisation's global vulnerability management program, ensuring threat led and risk-based prioritization, along with collaboration with IT for timely remediation. Leading on and refining the incident response playbooks Support the Group CISO to define security maturity More ❯

role will be pivotal in enhancing our cybersecurity framework by leading the integration and utilization of these key security tools. Responsibilities include designing and optimizing SIEM rules for superior threat detection and incident management, deploying SOAR tools for automated security responses, and ensuring robust API security. The engineer will oversee the performance and security posture of our platforms … XDR products, including their integration with existing tools, utilizing them to elevate existing Security Operations Design and optimize SIEM (Security Information and Event Management) rules using FortiSIEM to enhance threat detection and streamline incident response activities Deploy and manage Endpoint Detection and Response (EDR) solutions, specifically FortiEDR, SentinelOne, and Defender for Endpoint to identify and mitigate endpoint … required Qualifications and Required Skills Proven experience with Microsoft Sentinel and Defender XDR products Strong background in SIEM rule design and optimization Extensive experience in implementing and overseeing Endpoint Detection and Response (EDR) solutions Experience with SOAR tools and automated security response implementations Familiarity with API security protocols and measures Ability to analyze large amounts of data from various More ❯

report to the CISO and lead a high-performing team dedicated to protecting our customers, employees, and partners from cyber threats. You'll lead a technical team focused on detection and response, and partner cross-functionally with IT, Engineering, and other stakeholders to develop and implement scalable, frictionless security controls. Your Impact Lead the development of a best-in … class detection and response program by streamlining incident response processes and enhancing threat detection in collaboration with Security and Engineering teams. Foster organizational resilience by building strong partnerships across the business and continuously improving incident preparedness. Collaborate with IT to implement seamless enterprise security controls across endpoints, networks, email, and SaaS environments. Oversee and evolve the Identity … and growth. Establish and track security operations KPIs to drive operational excellence and promote a culture of continuous improvement. Your Qualifications 7+ years of leadership experience in security operations, detection and response, or enterprise security, including in SaaS/cloud environments. Proven expertise managing the full incident response lifecycle, from detection to resolution, including automation and threat More ❯