25 of 25 Threat Intelligence Jobs in the South East

Please Note: The deadline for applying is 23.59 the day before the job posting end date. Job Title: Strategic Threat Intel Senior Manager Business Function: Cyber Security - Threat Intelligence Location: Kingston/Port Sunlight Reports to: Director of Threat Intelligence Unilever is one of the world's leading suppliers of Food, Home, and Personal Care … structure is built around product families and risk-based priorities, with teams embedded across regions and business units. JOB PURPOSE We are seeking a highly motivated and experienced Strategic Threat Intelligence Manager to lead our strategic intelligence function within the Cyber Threat Intelligence team. This role is pivotal in shaping our understanding of long-term … threat trends, geopolitical risks, and adversary behaviour. The successful candidate will drive the development of high-level threat assessments and intelligence products that inform executive decision-making and support enterprise-wide risk management. Role Summary: The Strategic Threat Intelligence Manager leads the strategic intelligence function within the Cyber Threat Intelligence team, reporting More ❯

can't replace to help us shape the future of information management. Join us. Your Impact: We are seeking a driven, experienced Account Executive (AE) to join the OpenText Threat Intelligence team and lead strategic sales initiatives targeting OEM providers. In this role, you will be responsible for driving revenue by selling our industry-leading threat intelligence … role offers: Own and drive the full sales cycle for OEM partnerships-from prospecting and discovery to negotiation and contract closure. Identify and engage OEM partners who can embed threat intelligence into their security appliances, platforms, SIEMs, XDRs, firewalls, or endpoint solutions. Understand customer requirements and tailor value propositions around our threat intelligence products, APIs, and … need to succeed: 5+ years of B2B enterprise sales experience, with a focus on OEM, embedded, or technology partnership sales. Deep understanding of cybersecurity technologies and the role of threat intelligence in enhancing security products. Proven track record of exceeding quotas and developing long-term partner relationships. Experience working with technical buyers such as product managers and engineering More ❯

Threat Detection Engineer (Cyber) page is loaded Threat Detection Engineer (Cyber) Apply locations Windsor time type Full time posted on Posted 6 Days Ago time left to apply End Date: August 2, 2025 (4 days left to apply) job requisition id R Join us, be part of more. We're so much more than an energy company. We … do energy differently - we do it all. We make it, store it, move it, sell it, and mend it. An opportunity to play your part - Join Centrica as a Threat Detection Engineer, where you'll be at the forefront of our mission to safeguard our digital landscape. In this dynamic role, you'll be responsible for developing, automating, and … enhancing our detection capabilities to swiftly identify and respond to security threats. You'll have the exciting opportunity to create innovative detection use cases, leveraging security telemetry, threat intelligence, and insights from past incidents. Your expertise will be crucial in addressing detection gaps across our infrastructure, working closely with various business units to boost visibility, and crafting automated More ❯

providing a Start to Finish level of incident management Proactive identification of vulnerabilities Provide supporting information on potential impacts and mitigating actions for new threats or vulnerabilities from vendor, threat intelligence and subscriptions Establishing good practice vulnerability treatment throughout the customer estate, this includes implementing policy, hardening, patching and fixes of all supported technology Working closely with technical … changes and any emergency patching work that is required Proactively identify vulnerabilities and provide supporting information on potential impacts and mitigating actions for new threats or vulnerabilities from vendor, threat intelligence and subscriptions Evaluate vulnerabilities across multiple technologies that correlate with the VLMPLs Occasional site visits to meet stakeholders and to improve customer relationships Provide professional, business friendly More ❯

providing a Start to Finish level of incident management Proactive identification of vulnerabilities Provide supporting information on potential impacts and mitigating actions for new threats or vulnerabilities from vendor, threat intelligence and subscriptions Establishing good practice vulnerability treatment throughout the customer estate, this includes implementing policy, hardening, patching and fixes of all supported technology Working closely with technical … changes and any emergency patching work that is required Proactively identify vulnerabilities and provide supporting information on potential impacts and mitigating actions for new threats or vulnerabilities from vendor, threat intelligence and subscriptions Evaluate vulnerabilities across multiple technologies that correlate with the VLMPLs Occasional site visits to meet stakeholders and to improve customer relationships Provide professional, business friendly More ❯

Your new role You'll be joining an established Cyber team, supporting them to help them to achieve the CAF framework regulations, whilst getting involved with SIEM, Vulnerability Management, Threat Intelligence and IAM. Part of the team executing a cyber improvement programme to enhance security posture Support compliance with relevant Cyber Security regulations, standards, and frameworks Implement and … ideally 3+ years of experience in similar cyber security roles, with experience in implementing security frameworks (e.g. NIST, CAF, ISO) Prior hands-on experience with SIEM, Vulnerability Management, Threat Intelligence, and IAM systems Experience contributing to enterprise-level security initiatives Third-party vendor relationship experience What you'll get in return Salary of between £52K-£55k 27 days More ❯

WHO ARE WE? Searchlight Cyber was founded in 2017 with a mission to stop threat actors from acting with impunity. Its External Cyber Risk Management Platform helps organizations to identify and protect themselves from threats emerging from the cybercriminal underground, with Attack Surface Management and Threat Intelligence tools designed to separate the signal from the noise. It … to business goals. Oversee the development of all content formats-blogs, reports, whitepapers, case studies, videos, podcasts, and more. Lead cross-functional content planning and collaboration with teams including threat intelligence, research, product, and leadership. Maintain a high editorial standard across all outputs, ensuring consistency of voice, quality, and brand alignment. Campaigns & Promotion Develop and manage content-led More ❯

re a leading Managed Service Provider (MSP) delivering cutting-edge IT and security solutions to businesses worldwide. Our mission is to protect digital assets through proactive security measures, advanced threat intelligence, and world-class support. Join a dynamic, innovation-driven team where your skills make a real impact. Your Mission: As a Cyber Security Engineer, you’ll take … on experience with SIEM, EDR, VPNs, firewalls, and cloud platforms (AWS, Azure, GCP). Expertise in Microsoft Sentinel, Cisco Splunk or Palo Alto QRadar, and KQL. Proven skills in threat detection, incident response, and forensic analysis. Knowledge of SOAR tools (especially Palo Alto XSOAR or similar). Familiarity with compliance standards: ISO 27001, NIST, CIS, GDPR, HIPAA. Bonus: scripting More ❯

detection tooling. Investigating and responding to security alerts raised by Users. Enhancing and creating analytic triggers to enhance alert efficacy. Continuous development of incident handling and readiness processes. Proactive threat hunting based on threat intelligence. Documentation of incidents and investigations. About your Skills We're open-minded when it comes to hiring and we care more about aptitude … supporting and conducting Incident Response engagements. Experience in endpoint based investigations. Experience in cloud based investigations. Experience with Incident Command and conducting Tabletop Exercises Interest in Automation. Interest in Threat Intelligence and Analytic Tuning. A high level understanding of mobile, network and operating system security controls. Any experience of programming in Python, Go and/or Java. A More ❯

during live security incidents Improving detection rules, playbooks, and tooling with MITRE ATT&CK-driven enhancements Producing clear incident reports for both technical and non-technical audiences Contributing to threat intelligence initiatives Staying ahead of the curve on emerging threats, tactics, and techniques To secure this SOC role: Proven experience in a Security Operations Centre (SOC) environment Hands … on knowledge of SIEM tools (Microsoft Sentinel, Splunk, etc.) Familiarity with MITRE ATT&CK and threat detection methodologies Strong analytical mindset with log, endpoint, and network analysis skills Understanding of network protocols (TCP/IP, DNS, HTTP, SMTP) Awareness of enterprise security architecture: firewalls, AV, VPNs, IDS/IPS Eligible for DV Clearance – British citizens who have resided in More ❯

days onsite requirements. Your new role This role is accountable for the key security operations areas, including, but not limited to, Incident Management, Incident Response, Proactive Security Monitoring, Threat Hunting, Security Incident Analytics, Incident Trend Analysis and Reporting.You will be responsible for using analytics to provide insight to other security leaders in order to enhance policies and processes related … experience; working as a security architect with business stakeholders Detailed understanding of the MITRE ATT&CK and D3fend Framework and the Cyber Kill Chain Detailed understanding of leveraging Cyber Threat Intelligence in support of a Managed Security Service organisation An understanding of attacks impacting a cloud-native environment (OCI, GCP, AWS and Azure) Ability to lead people to More ❯

Supporting and tuning Microsoft Sentinel and other SIEM platforms (KQL scripting) Managing escalated incidents from L1 analysts and leading full incident response lifecycle (MIM) Conducting in-depth data analysis , threat hunting, and forensic investigations Maintaining and enhancing SOC documentation, SOPs, and playbooks Collaborating with cross-functional teams and contributing to security strategy Ensuring security policies align with standards like … Looking for Someone With: Expert-level SIEM experience (Azure Sentinel highly preferred) Strong knowledge of Kusto Query Language (KQL) Demonstrated experience in cybersecurity incident response & breach handling Familiarity with threat intelligence, vulnerability management , and cloud security tools Proactive mindset with ability to work independently in high-pressure environments Active SC Clearance Ready to make an impact? Apply today More ❯

in London - Contract - Hybrid *Inside IR35 - umbrella* Key Responsibilities SIEM Management & Optimization: Design, implement, and maintain Microsoft Sentinel workspaces, connectors, analytics rules, and playbooks Develop advanced KQL queries for threat hunting and reporting Optimize SIEM performance, cost, and data retention policies Troubleshoot log ingestion and parsing issues Log Source Integration: Onboard and configure critical log sources (AD, firewalls, servers … cloud infrastructure) Manage event collection and forwarding infrastructure Implement data filtering and custom log parsing Threat Detection & Use Case Development: Develop and refine detection rules based on threat intelligence and attack patterns Continuously improve detection efficacy and reduce false positives Security Monitoring & Incident Response: Monitor systems for anomalies and malicious activity Contribute to threat hunting and More ❯

IR35 - 3 days a week on-site** Key Responsibilities SIEM Management & Optimization: Design, implement, and maintain Microsoft Sentinel workspaces, connectors, analytics rules, and playbooks Develop advanced KQL queries for threat hunting and reporting Optimize SIEM performance, cost, and data retention policies Troubleshoot log ingestion and parsing issues Log Source Integration: Onboard and configure critical log sources (AD, firewalls, servers … cloud infrastructure) Manage event collection and forwarding infrastructure Implement data filtering and custom log parsing Threat Detection & Use Case Development: Develop and refine detection rules based on threat intelligence and attack patterns Continuously improve detection efficacy and reduce false positives Security Monitoring & Incident Response: Monitor systems for anomalies and malicious activity Contribute to threat hunting and More ❯

safeguarding a world-class financial institution. What You'll Do: Responsible for end-to-end incident response operations, including triage, containment, root cause analysis, and post-incident reporting. Perform threat hunting and proactive detection using frameworks like MITRE ATT&CK and threat intelligence. Maintain and enhance SOC playbooks, runbooks, and standard operating procedures to stay aligned with evolving … in security operations, with strong knowledge of networking, Windows and Linux Hands-on with security automation; scripting in Python is a strong advantage. Solid understanding of incident response processes, threat intelligence, and security monitoring. Familiarity with frameworks such as MITRE ATT&CK, NIST, and OWASP. Exposure to secure coding practices and DevSecOps environments is a strong plus (not More ❯

leading endpoint, network, email, and cloud security that interoperate and adapt to defend through the Sophos Central platform. Secureworks provides the innovative, market-leading Taegis XDR/MDR, identity threat detection and response (ITDR), next-gen SIEM capabilities, managed risk, and a comprehensive set of advisory services. Sophos sells all these solutions through reseller partners, Managed Service Providers (MSPs … worldwide, defending more than 600,000 organizations worldwide from phishing, ransomware, data theft, other every day and state-sponsored cybercrimes. The solutions are powered by historical and real-time threat intelligence from Sophos X-Ops and the newly added Counter Threat Unit (CTU). Sophos is headquartered in Oxford, U.K. More information is available at . Role … accurate revenue forecasts and budgets for the renewal sales team, aligning with company objectives and the delivery of accurate and timely forecasts by the team for escalation reporting. Market Intelligence: Stay updated on industry trends, competitors, and customer needs to offer localize insights to global MI, including specific focus on trends regarding renewal best practices. Process Improvement: Continuously evaluate More ❯

leading endpoint, network, email, and cloud security that interoperate and adapt to defend through the Sophos Central platform. Secureworks provides the innovative, market-leading Taegis XDR/MDR, identity threat detection and response (ITDR), next-gen SIEM capabilities, managed risk, and a comprehensive set of advisory services. Sophos sells all these solutions through reseller partners, Managed Service Providers (MSPs … and Managed Security Service Providers (MSSPs) worldwide, defending more than 600,000 organizations from phishing, ransomware, data theft, and other cybercrimes. The solutions are powered by threat intelligence from Sophos X-Ops and the Counter Threat Unit (CTU). Sophos is headquartered in Oxford, U.K. More information is available at . Role Summary We're looking for … in Windows internals and low-level development to join our team. This high-performance software captures and analyzes malicious behavior and endpoint activity, delivering rich telemetry for real-time threat detection in the cloud. You'll work closely with engineers, researchers, and security experts to build new capabilities for our Windows agent, spanning both user-mode and kernel-mode. More ❯

software delivery lifecycle. A key part of this position will also involve mentoring an internal engineer, developing structured security policies, and managing Sentinel, Defender and SOAR solutions for automated threat response. Additionally, the role requires liaising with third-party support partners to coordinate security solutions, manage incidents, and enhance overall cybersecurity posture. Responsibilities Infrastructure Security: Architect and secure Azure … and optimize Azure DevOps pipelines with security embedded at every stage. Cloud Security Implementation: Leverage Azure Security Centre, Microsoft Defender for Cloud, and Microsoft Sentinel for advanced security monitoring. Threat Detection & SOAR Automation: Oversee Security Orchestration, Automation, and Response (SOAR) solutions including SOC Prime. Network & Application Security: Manage Web Application Firewalls (WAF) and Intrusion Prevention Systems (IPS). Vulnerability … to prevent cyber threats. Incident Response: Formulating and documenting a solid process utilising a 3rd party support partner Security Monitoring & Logging: Develop SIEM solutions, logging strategies, and real-time threat intelligence. Monitor, audit, and improve infrastructure security posture using automated tooling. Policy & Procedures: Define and enforce security policies, incident response strategies, and structured action plans for proactive risk mitigation. More ❯

across endpoints, logs, and network traffic to uncover advanced threats. Develop and fine-tune detection rules and correlation logic in SIEM platforms (e.g., Splunk). Collaborate with engineering and threat intelligence teams to improve detection coverage and SOC workflows. Mentor and guide L1/L2 analysts, providing training, quality reviews, and escalation support. Design and execute proactive threat More ❯

investigate security alerts using tools such as Splunk, Microsoft Defender, and CrowdStrike, escalating incidents as needed and ensuring timely resolution. Leverage Microsoft Co-pilot and automation workflows to streamline threat detection, incident triage, and response processes. Conduct in-depth log analysis and correlation across multiple data sources to identify potential security threats and reduce false positives. Support threat hunting and root cause analysis efforts, providing detailed documentation and recommendations based on findings. Collaborate with L1 analysts, engineering teams, and threat intelligence functions to enhance detection capabilities and improve overall SOC effectiveness. More ❯

WHO ARE WE? Searchlight Cyber was founded in 2017 with a mission to stop threat actors from acting with impunity. Its External Cyber Risk Management Platform helps organizations to identify and protect themselves from threats emerging from the cybercriminal underground, with Attack Surface Management and Threat Intelligence tools designed to separate the signal from the noise. It More ❯

in production with a strong focus on performance, explainability, and cost-efficiency. What You'll Bring: Deep applied experience in ML/DL , with bonus points for work in threat detection , phishing , or abuse detection Proven ability to design and deploy full-stack AI pipelines in production Strong experience in backend engineering , ideally with Go and ML frameworks like … infrastructure (AWS) , Kubernetes , and Terraform Experience evaluating and deploying models (including anomaly detection, RAG, and clustering) in noisy, evolving data environments Nice to Have: Experience with Perl Knowledge of threat intelligence integration and MCP architectures Location: Remote Salary: Up to £120,000 , depending on experience RSG Plc is acting as an Employment Agency in relation to this vacancy. More ❯

rapid coordination across business units and leveraging tools like Splunk and Defender to contain and mitigate threats Design, maintain, and continuously enhance playbooks, response frameworks, and tabletop exercises, incorporating threat intelligence and detection insights from CrowdStrike and Splunk to mature IR readiness. Lead root cause analysis and develop actionable remediation plans; deliver executive-level reporting and trend analysis More ❯

you'll do Develop and deliver the end-to-end strategy for building a high-calibre bench of cybersecurity experts Identify and engage independent consultants with specialist "spikes" (e.g. threat intelligence, OT/ICS, cloud security) Partner with senior stakeholders to align talent with client project needs Design the infrastructure: talent pools, on-boarding, processes, and reporting Act More ❯

threats are evolving, and our team is at the heart of protecting critical infrastructure and data. As a Cyber Security Engineer, you'll help lead our proactive efforts in threat detection, response, and mitigation. This role is vital to safeguarding the confidentiality, integrity, and availability of systems and services. What you'll be doing Act on security alerts, incidents … ensure timely responses. Diagnose and investigate security incidents following agreed procedures. Escalate and document unresolved incidents and support recovery efforts. Operate within our enterprise-level SOC and collaborate on threat intelligence. Utilise tools like Microsoft E5, Sentinel, and Darktrace to monitor and prevent threats. Analyse malware and respond to high-priority incidents. Support vulnerability management and threat analysis … equivalent function. Proficiency with Microsoft Security Suite (including Sentinel) and Darktrace or similar. Must have an understanding of cyber threats including malware, ransomware, DDoS, insider threats. Strong knowledge of threat modelling, security monitoring, and cloud environments. Familiarity with GDPR, data protection, and privacy impact assessments. Excellent communication and collaboration skills with a proactive mindset. Industry certifications (e.g., CISSP, CEH More ❯