1 to 25 of 27 Threat Intelligence Jobs in the South East

Please Note: The deadline for applying is 23.59 the day before the job posting end date. Job Title: Strategic Threat Intel Senior Manager Business Function: Cyber Security - Threat Intelligence Location: Kingston/Port Sunlight Reports to: Director of Threat Intelligence Unilever is one of the world's leading suppliers of Food, Home, and Personal Care … structure is built around product families and risk-based priorities, with teams embedded across regions and business units. JOB PURPOSE We are seeking a highly motivated and experienced Strategic Threat Intelligence Manager to lead our strategic intelligence function within the Cyber Threat Intelligence team. This role is pivotal in shaping our understanding of long-term … threat trends, geopolitical risks, and adversary behaviour. The successful candidate will drive the development of high-level threat assessments and intelligence products that inform executive decision-making and support enterprise-wide risk management. Role Summary: The Strategic Threat Intelligence Manager leads the strategic intelligence function within the Cyber Threat Intelligence team, reporting More ❯

triage and escalation of reports and requests from Government organisations. * Support Incident Management when required during periods of heightened operational activity. * Maintain an understanding of the real-world cyber threat, identifying trends and emerging threats. * Maintain an understanding of the cyber threats likely to target the business. * Facilitate the timely sharing of high-quality actionable Cyber Threat Intelligence … stakeholders. * Work collaboratively with Incident Management, providing insights on adversaries to enable a more effective response, and capturing insights for wider use. * Support the implementation and ongoing management of Threat Intelligence tooling and infrastructure, including, malware sandboxes, and threat intelligence platforms. * Engage with the wider public sector cyber security, cyber threat intelligence and assessment … communication skills, including the ability to clearly and simply explain technical details to non-technical audiences, and engage with senior stakeholders. * Experience working with internal and external stakeholders. Cyber Threat Intelligence Specific * Excellent understanding of the tools, techniques and procedures used by adversaries in real-world cyber attacks. * Experience monitoring a variety of sources of information to identify More ❯

can't replace to help us shape the future of information management. Join us. Your Impact: We are seeking a driven, experienced Account Executive (AE) to join the OpenText Threat Intelligence team and lead strategic sales initiatives targeting OEM providers. In this role, you will be responsible for driving revenue by selling our industry-leading threat intelligence … role offers: Own and drive the full sales cycle for OEM partnerships-from prospecting and discovery to negotiation and contract closure. Identify and engage OEM partners who can embed threat intelligence into their security appliances, platforms, SIEMs, XDRs, firewalls, or endpoint solutions. Understand customer requirements and tailor value propositions around our threat intelligence products, APIs, and … need to succeed: 5+ years of B2B enterprise sales experience, with a focus on OEM, embedded, or technology partnership sales. Deep understanding of cybersecurity technologies and the role of threat intelligence in enhancing security products. Proven track record of exceeding quotas and developing long-term partner relationships. Experience working with technical buyers such as product managers and engineering More ❯

to improve incident response efficiency within the Security Operations Centre. This role integrates multiple security tools and workflows, leveraging platforms like , Darktrace , and CrowdStrike to create cohesive and automated threat detection and response mechanisms. Key Responsibilities Playbook Development: Design, implement, and maintain SOAR playbooks for automated response and alert enrichment. Tool Integration: Develop and manage integrations with: Google SecOps … Chronicle, Security Command Center) Darktrace (Threat Visualizer, Antigena) CrowdStrike Falcon (EDR, threat intelligence, APIs) Other security platforms such as SIEMs, ticketing systems, and firewalls. Automation & Enrichment: Automate repetitive security tasks like indicator enrichment, triage, and threat intelligence lookups. Collaboration: Work with SOC analysts and threat detection teams to identify and implement automation opportunities. Monitoring … security operations or security engineering. Hands-on experience with SOAR platforms (e.g., Cortex XSOAR, Splunk SOAR, IBM Resilient). Strong familiarity with: Google SecOps/Chronicle Darktrace (AI-based threat detection) CrowdStrike Falcon platform Scripting experience in Python , PowerShell , or Bash . Experience with REST APIs and JSON for tool integration. Working knowledge of incident response frameworks and MITRE More ❯

providing a Start to Finish level of incident management Proactive identification of vulnerabilities Provide supporting information on potential impacts and mitigating actions for new threats or vulnerabilities from vendor, threat intelligence and subscriptions Establishing good practice vulnerability treatment throughout the customer estate, this includes implementing policy, hardening, patching and fixes of all supported technology Working closely with technical … changes and any emergency patching work that is required Proactively identify vulnerabilities and provide supporting information on potential impacts and mitigating actions for new threats or vulnerabilities from vendor, threat intelligence and subscriptions Evaluate vulnerabilities across multiple technologies that correlate with the VLMPLs Occasional site visits to meet stakeholders and to improve customer relationships Provide professional, business friendly More ❯

Your new role You'll be joining an established Cyber team, supporting them to help them to achieve the CAF framework regulations, whilst getting involved with SIEM, Vulnerability Management, Threat Intelligence and IAM. Part of the team executing a cyber improvement programme to enhance security posture Support compliance with relevant Cyber Security regulations, standards, and frameworks Implement and … ideally 3+ years of experience in similar cyber security roles, with experience in implementing security frameworks (e.g. NIST, CAF, ISO) Prior hands-on experience with SIEM, Vulnerability Management, Threat Intelligence, and IAM systems Experience contributing to enterprise-level security initiatives Third-party vendor relationship experience What you'll get in return Salary of between £52K-£55k 27 days More ❯

WHO ARE WE? Searchlight Cyber was founded in 2017 with a mission to stop threat actors from acting with impunity. Its External Cyber Risk Management Platform helps organizations to identify and protect themselves from threats emerging from the cybercriminal underground, with Attack Surface Management and Threat Intelligence tools designed to separate the signal from the noise. It … to business goals. Oversee the development of all content formats-blogs, reports, whitepapers, case studies, videos, podcasts, and more. Lead cross-functional content planning and collaboration with teams including threat intelligence, research, product, and leadership. Maintain a high editorial standard across all outputs, ensuring consistency of voice, quality, and brand alignment. Campaigns & Promotion Develop and manage content-led More ❯

re a leading Managed Service Provider (MSP) delivering cutting-edge IT and security solutions to businesses worldwide. Our mission is to protect digital assets through proactive security measures, advanced threat intelligence, and world-class support. Join a dynamic, innovation-driven team where your skills make a real impact. Your Mission: As a Cyber Security Engineer, you’ll take … on experience with SIEM, EDR, VPNs, firewalls, and cloud platforms (AWS, Azure, GCP). Expertise in Microsoft Sentinel, Cisco Splunk or Palo Alto QRadar, and KQL. Proven skills in threat detection, incident response, and forensic analysis. Knowledge of SOAR tools (especially Palo Alto XSOAR or similar). Familiarity with compliance standards: ISO 27001, NIST, CIS, GDPR, HIPAA. Bonus: scripting More ❯

detection tooling. Investigating and responding to security alerts raised by Users. Enhancing and creating analytic triggers to enhance alert efficacy. Continuous development of incident handling and readiness processes. Proactive threat hunting based on threat intelligence. Documentation of incidents and investigations. About your Skills We're open-minded when it comes to hiring and we care more about aptitude … supporting and conducting Incident Response engagements. Experience in endpoint based investigations. Experience in cloud based investigations. Experience with Incident Command and conducting Tabletop Exercises Interest in Automation. Interest in Threat Intelligence and Analytic Tuning. A high level understanding of mobile, network and operating system security controls. Any experience of programming in Python, Go and/or Java. A More ❯

also serves as a technical authority within the team and department. What you'll need to succeed Security Operations & Incident Response Lead security operations services, including monitoring, incident response, threat management, and intrusion detection, using both internal and external resources. Manage the outsourced 24/7 security operations service. Lead the organisation's response to security incidents, coordinating recovery … efforts with internal teams and vendors. Establish and manage threat intelligence processes to ensure timely remediation of vulnerabilities. Monitor and analyse performance metrics to support security troubleshooting and continuous improvement. Identity & Access Management Provide expert technical leadership for identity and access management, ensuring secure, high-performing services aligned with SLAs. Oversee day-to-day monitoring and maintenance of … Qualifications Degree or equivalent industry certification. Professional certification in security/identity (e.g. CREST, GIAC). ITIL Foundation certification. Incident response certification preferred. Technical Knowledge Proficient in SIEM, EDR, threat detection, and vulnerability management. Solid understanding of network security (firewalls, segmentation, IDS/IPS). Experience with Windows, Mac, Linux environments and security tooling. Familiarity with public cloud platforms More ❯

during live security incidents Improving detection rules, playbooks, and tooling with MITRE ATT&CK-driven enhancements Producing clear incident reports for both technical and non-technical audiences Contributing to threat intelligence initiatives Staying ahead of the curve on emerging threats, tactics, and techniques To secure this SOC role: Proven experience in a Security Operations Centre (SOC) environment Hands … on knowledge of SIEM tools (Microsoft Sentinel, Splunk, etc.) Familiarity with MITRE ATT&CK and threat detection methodologies Strong analytical mindset with log, endpoint, and network analysis skills Understanding of network protocols (TCP/IP, DNS, HTTP, SMTP) Awareness of enterprise security architecture: firewalls, AV, VPNs, IDS/IPS Eligible for DV Clearance – British citizens who have resided in More ❯

Supporting and tuning Microsoft Sentinel and other SIEM platforms (KQL scripting) Managing escalated incidents from L1 analysts and leading full incident response lifecycle (MIM) Conducting in-depth data analysis , threat hunting, and forensic investigations Maintaining and enhancing SOC documentation, SOPs, and playbooks Collaborating with cross-functional teams and contributing to security strategy Ensuring security policies align with standards like … Looking for Someone With: Expert-level SIEM experience (Azure Sentinel highly preferred) Strong knowledge of Kusto Query Language (KQL) Demonstrated experience in cybersecurity incident response & breach handling Familiarity with threat intelligence, vulnerability management , and cloud security tools Proactive mindset with ability to work independently in high-pressure environments Active SC Clearance Ready to make an impact? Apply today More ❯

in London - Contract - Hybrid *Inside IR35 - umbrella* Key Responsibilities SIEM Management & Optimization: Design, implement, and maintain Microsoft Sentinel workspaces, connectors, analytics rules, and playbooks Develop advanced KQL queries for threat hunting and reporting Optimize SIEM performance, cost, and data retention policies Troubleshoot log ingestion and parsing issues Log Source Integration: Onboard and configure critical log sources (AD, firewalls, servers … cloud infrastructure) Manage event collection and forwarding infrastructure Implement data filtering and custom log parsing Threat Detection & Use Case Development: Develop and refine detection rules based on threat intelligence and attack patterns Continuously improve detection efficacy and reduce false positives Security Monitoring & Incident Response: Monitor systems for anomalies and malicious activity Contribute to threat hunting and More ❯

safeguarding a world-class financial institution. What You'll Do: Responsible for end-to-end incident response operations, including triage, containment, root cause analysis, and post-incident reporting. Perform threat hunting and proactive detection using frameworks like MITRE ATT&CK and threat intelligence. Maintain and enhance SOC playbooks, runbooks, and standard operating procedures to stay aligned with evolving … in security operations, with strong knowledge of networking, Windows and Linux Hands-on with security automation; scripting in Python is a strong advantage. Solid understanding of incident response processes, threat intelligence, and security monitoring. Familiarity with frameworks such as MITRE ATT&CK, NIST, and OWASP. Exposure to secure coding practices and DevSecOps environments is a strong plus (not More ❯

needs of local government. To read more about our business area, please visit Corporate Services and Transformation Key Responsibilities: Lead and develop an active Security Operations team focused on threat detection, incident management, and prevention of data breaches or service disruptions. Build and mature the Security Operations Centre (SOC) with a focus on cyber risks, threat intelligence More ❯

leading endpoint, network, email, and cloud security that interoperate and adapt to defend through the Sophos Central platform. Secureworks provides the innovative, market-leading Taegis XDR/MDR, identity threat detection and response (ITDR), next-gen SIEM capabilities, managed risk, and a comprehensive set of advisory services. Sophos sells all these solutions through reseller partners, Managed Service Providers (MSPs … worldwide, defending more than 600,000 organizations worldwide from phishing, ransomware, data theft, other every day and state-sponsored cybercrimes. The solutions are powered by historical and real-time threat intelligence from Sophos X-Ops and the newly added Counter Threat Unit (CTU). Sophos is headquartered in Oxford, U.K. More information is available at . Role … accurate revenue forecasts and budgets for the renewal sales team, aligning with company objectives and the delivery of accurate and timely forecasts by the team for escalation reporting. Market Intelligence: Stay updated on industry trends, competitors, and customer needs to offer localize insights to global MI, including specific focus on trends regarding renewal best practices. Process Improvement: Continuously evaluate More ❯

on involvement in ensuring compliance to security frameworks (ISO27001, NIST, eCAF). * Proven experience in implementing security systems and/or monitoring tools. * Strong knowledge of SIEM, Vulnerability Management, Threat Intelligence, and IAM systems. * Experience contributing to enterprise-level security initiatives and aligning with industry standards. * Strong collaboration skills, including experience working with IT Operations teams and third More ❯

software delivery lifecycle. A key part of this position will also involve mentoring an internal engineer, developing structured security policies, and managing Sentinel, Defender and SOAR solutions for automated threat response. Additionally, the role requires liaising with third-party support partners to coordinate security solutions, manage incidents, and enhance overall cybersecurity posture. Responsibilities Infrastructure Security: Architect and secure Azure … and optimize Azure DevOps pipelines with security embedded at every stage. Cloud Security Implementation: Leverage Azure Security Centre, Microsoft Defender for Cloud, and Microsoft Sentinel for advanced security monitoring. Threat Detection & SOAR Automation: Oversee Security Orchestration, Automation, and Response (SOAR) solutions including SOC Prime. Network & Application Security: Manage Web Application Firewalls (WAF) and Intrusion Prevention Systems (IPS). Vulnerability … to prevent cyber threats. Incident Response: Formulating and documenting a solid process utilising a 3rd party support partner Security Monitoring & Logging: Develop SIEM solutions, logging strategies, and real-time threat intelligence. Monitor, audit, and improve infrastructure security posture using automated tooling. Policy & Procedures: Define and enforce security policies, incident response strategies, and structured action plans for proactive risk mitigation. More ❯

Engineer who has experience working in cyber security, system engineering, or a similar role, with hands-on knowledge of security tools such as anti-malware, content filtering, SIEM and threat detection solutions is required to join our team at a well-established charity. SALARY: £45,000 - £48,000 per annum + Excellent Benefits BENEFITS: 26 Days Holiday plus Bank … Engineer who has experience working in cyber security, system engineering, or a similar role, with hands-on knowledge of security tools such as anti-malware, content filtering, SIEM and threat detection solutions. Working as the Cyber Security Engineer/Network Engineer which the organisation calls a Security Engineer, you'll be at the frontline of the cyber defence, working … Produce and maintain clear, accurate and up-to-date procedural documentation Participate in playbook test exercises and respond to genuine security incidents Identify current and emerging security threats Analyse threat intelligence and escalate to the OSM as appropriate Work with other security and technology colleagues to ensure that security vulnerabilities are mitigated quickly Deliver monthly vulnerability scans and More ❯

risks. You'll have experience assessing supplier security, applying government protective security standards across digital and physical environments, and supporting the design of proportionate controls. You're comfortable analysing threat intelligence and using those insights to inform decision-making, incident response, and ongoing risk management activities. You're confident engaging with a wide range of stakeholders-from technical More ❯

across endpoints, logs, and network traffic to uncover advanced threats. Develop and fine-tune detection rules and correlation logic in SIEM platforms (e.g., Splunk). Collaborate with engineering and threat intelligence teams to improve detection coverage and SOC workflows. Mentor and guide L1/L2 analysts, providing training, quality reviews, and escalation support. Design and execute proactive threat More ❯

investigate security alerts using tools such as Splunk, Microsoft Defender, and CrowdStrike, escalating incidents as needed and ensuring timely resolution. Leverage Microsoft Co-pilot and automation workflows to streamline threat detection, incident triage, and response processes. Conduct in-depth log analysis and correlation across multiple data sources to identify potential security threats and reduce false positives. Support threat hunting and root cause analysis efforts, providing detailed documentation and recommendations based on findings. Collaborate with L1 analysts, engineering teams, and threat intelligence functions to enhance detection capabilities and improve overall SOC effectiveness. More ❯

This role would be based on a hybrid working basis in Central London Experience Experience of working in Cyber Security, ideally within SOC Excellent stakeholder management skills Experience with threat intelligence platforms Active SC clearance would be required If you are an SC cleared Cyber Security Analyst looking for a new role, please apply now! Carbon60, Lorien & SRG More ❯

in production with a strong focus on performance, explainability, and cost-efficiency. What You'll Bring: Deep applied experience in ML/DL , with bonus points for work in threat detection , phishing , or abuse detection Proven ability to design and deploy full-stack AI pipelines in production Strong experience in backend engineering , ideally with Go and ML frameworks like … infrastructure (AWS) , Kubernetes , and Terraform Experience evaluating and deploying models (including anomaly detection, RAG, and clustering) in noisy, evolving data environments Nice to Have: Experience with Perl Knowledge of threat intelligence integration and MCP architectures Location: Hybrid - 2 days a week on-site in Central London Salary: Up to £130,000 , depending on experience RSG Plc is acting More ❯

rapid coordination across business units and leveraging tools like Splunk and Defender to contain and mitigate threats Design, maintain, and continuously enhance playbooks, response frameworks, and tabletop exercises, incorporating threat intelligence and detection insights from CrowdStrike and Splunk to mature IR readiness. Lead root cause analysis and develop actionable remediation plans; deliver executive-level reporting and trend analysis More ❯