13 of 13 SIEM Jobs in Scotland

Leading investigations into escalated security events and incidents Driving containment, remediation, and root-cause analysis for major incidents Performing malware analysis, reverse engineering, and threat hunting Developing and optimising SIEM use cases (Splunk, QRadar) Shaping SOC runbooks, playbooks, and incident response procedures Supporting client stakeholders with incident reporting and recommendations Staying ahead of emerging threats and integrating threat intelligence Acting More ❯

creation, and threat modelling. The Senior SOC Engineer will play a key role in building and optimising detection and response strategies, ensuring robust protection against evolving threats. Key Responsibilities SIEM Engineering & Management Deploy, configure, and maintain the QRadar SIEM platform. Onboard and normalise log sources across on-premises and cloud environments. Develop and optimise analytical rules for threat detection, anomaly … Modelling & Use Case Development Lead threat modelling exercises using frameworks such as MITRE ATT&CK, STRIDE, and Cyber Kill Chain. Translate threat models into actionable detection use cases and SIEM rules. Prioritise detection engineering based on business risk and impact. Reporting & Collaboration Produce reports and dashboards to communicate security posture and incident trends. Partner with IT, DevOps, and compliance teams … to clients. Participate in continual service improvement initiatives, recommending changes to address recurring incidents. Skills & Qualifications Eligible for, or already holding, SC Clearance. Proven expertise in IBM QRadar and SIEM engineering. Strong knowledge of log formats, parsing, and normalisation. Proficiency in SIEM query languages such as KQL, SPL, AQL. Scripting experience with Python or PowerShell for automation. Deep understanding of More ❯

Regulatory requirement expertise - Cyber Essentials Plus, ISO 27001 and GDPR Microsoft security tools - Defender, Entra ID, Purview Cloud platform exposure - Azure preferred Broad experience of configuring and management of SIEM tooling Certifications CISSP, CISM are a non-negotiable Hands-on expertise with identity and access management, endpoint protection, vulnerability and patch management and cloud security. Ability to explain complex technical More ❯

compliance with security standards (e.g., ISO 27001, SOC 2, GDPR) and internal policies and procedures for cloud and IT environments. Lead incident response, vulnerability management, and threat detection using SIEM tools, MDR and antivirus platforms. Secure and implement policies and procedures for disaster recovery and business continuity. Work with the CTO and the rest of the executive team to embed More ❯

You have excellent problem-solving and analytical skills, along with effective communication and presentation abilities. You have hands-on experience with cyber security platforms from industry leaders, including EDR, SIEM, IPS, WAF, DLP, Identity & Data Management, and Network Security technologies. Experience with related infrastructure technologies is also acceptable. You are hands on experience with cloud platforms such as Azure and More ❯

CompTIA CySA+, Forescout FSCA) plus real-world project work that doubles as hands-on experience. 100+ hours of live training Practical skills in troubleshooting, networking (Cisco), Azure cloud, Splunk SIEM & Tenable vulnerability management Job guarantee with our hiring partners Get certified, get experience, get hired. Apply today and start your journey into cyber security. Course cost - £2795, or, £232.91 per More ❯

CompTIA CySA+, Forescout FSCA) plus real-world project work that doubles as hands-on experience. 100+ hours of live training Practical skills in troubleshooting, networking (Cisco), Azure cloud, Splunk SIEM & Tenable vulnerability management Job guarantee with our hiring partners Get certified, get experience, get hired. Apply today and start your journey into cyber security. Course cost - £2795, or, £232.91 per More ❯

CompTIA CySA+, Forescout FSCA) plus real-world project work that doubles as hands-on experience. 100+ hours of live training Practical skills in troubleshooting, networking (Cisco), Azure cloud, Splunk SIEM & Tenable vulnerability management Job guarantee with our hiring partners Get certified, get experience, get hired. Apply today and start your journey into cyber security. Course cost - £2795, or, £232.91 per More ❯

and is comfortable working with both technical and non-technical stakeholders. Key Responsibilities Lead investigations into escalated security incidents, including detailed analysis and root cause identification. Monitor and optimise SIEM tools (Splunk, QRadar, or similar), ensuring accurate detection and effective alerting. Perform malware analysis, reverse engineering, and develop detection signatures. Provide incident response leadership, from containment and eradication to recovery. … solution scoping, and client demonstrations when required. What We're Looking For 3+ years' experience in cybersecurity, preferably in a SOC or NOC environment. Strong hands-on experience with SIEM tools, specifically QRadar Solid understanding of incident response methodologies and DFIR principles. Knowledge of network traffic analysis, vulnerability management, penetration testing, and malware reverse engineering. Familiarity with ITIL processes (Incident More ❯

re looking for a hands-on L3 Senior Incident Responder who can lead on complex security investigations, manage high-severity incidents, and bring real expertise in QRadar and wider SIEM technologies. This is a critical role within the SOC, where you’ll be the escalation point for L1 and L2 analysts and take ownership of incident containment, remediation, and post … incident review. What you’ll do: Act as the L3 escalation point , leading investigations into complex incidents escalated by L1/L2 analysts. Use QRadar and other SIEM tools (Splunk, Sentinel) to detect, investigate, and respond to security events. Perform detailed forensic analysis, root cause analysis, and malware investigation. Lead incident response activities end-to-end, ensuring containment, eradication, and … for: Proven L3 SOC experience . 3–5+ years’ experience in IT security , ideally within a SOC/NOC environment. Strong knowledge and hands-on expertise with QRadar (other SIEM exposure beneficial). Solid understanding of DFIR principles, vulnerability management, and ethical hacking. Strong grasp of network traffic flows, malware analysis, and reverse engineering. Excellent written and verbal communication skills More ❯

re looking for a hands-on L3 Senior Incident Responder who can lead on complex security investigations, manage high-severity incidents, and bring real expertise in QRadar and wider SIEM technologies. This is a critical role within the SOC, where you’ll be the escalation point for L1 and L2 analysts and take ownership of incident containment, remediation, and post … incident review. What you’ll do: Act as the L3 escalation point , leading investigations into complex incidents escalated by L1/L2 analysts. Use QRadar and other SIEM tools (Splunk, Sentinel) to detect, investigate, and respond to security events. Perform detailed forensic analysis, root cause analysis, and malware investigation. Lead incident response activities end-to-end, ensuring containment, eradication, and … for: Proven L3 SOC experience . 3–5+ years’ experience in IT security , ideally within a SOC/NOC environment. Strong knowledge and hands-on expertise with QRadar (other SIEM exposure beneficial). Solid understanding of DFIR principles, vulnerability management, and ethical hacking. Strong grasp of network traffic flows, malware analysis, and reverse engineering. Excellent written and verbal communication skills More ❯

re looking for a hands-on L3 Senior Incident Responder who can lead on complex security investigations, manage high-severity incidents, and bring real expertise in QRadar and wider SIEM technologies. This is a critical role within the SOC, where you’ll be the escalation point for L1 and L2 analysts and take ownership of incident containment, remediation, and post … incident review. What you’ll do: Act as the L3 escalation point , leading investigations into complex incidents escalated by L1/L2 analysts. Use QRadar and other SIEM tools (Splunk, Sentinel) to detect, investigate, and respond to security events. Perform detailed forensic analysis, root cause analysis, and malware investigation. Lead incident response activities end-to-end, ensuring containment, eradication, and … for: Proven L3 SOC experience . 3–5+ years’ experience in IT security , ideally within a SOC/NOC environment. Strong knowledge and hands-on expertise with QRadar (other SIEM exposure beneficial). Solid understanding of DFIR principles, vulnerability management, and ethical hacking. Strong grasp of network traffic flows, malware analysis, and reverse engineering. Excellent written and verbal communication skills More ❯

resolving Zscaler-related issues Managing policies, user configurations, and integrations Work with internal teams to ensure seamless integration between Zscaler and other security/networking tools (e.g., identity providers, SIEM platforms, endpoint solutions) Assist in onboarding new applications and services into the Zscaler environment Develop and deliver training materials for internal teams Maintain up-to-date documentation and standard operating … Private Access (ZPA) Experience with SAML, SCIM, Active Directory, and identity federation tools Solid understanding of networking concepts (DNS, VPN, firewalls, etc.) Experience integrating Zscaler with security tools (e.g., SIEM, EDR, CASB) Desirable Skills: Zscaler certifications (ZCCA-IA, ZCCA-PA, or ZCCP) Familiarity with scripting or automation (PowerShell, Python) Bright Purple is proud to be an equal opportunities employer. We More ❯