1 to 25 of 29 MITRE ATT&CK Jobs in the UK

commercial platforms to enrich detections Investigate Indicators of Compromise (IOCs) and attacker behaviour Analyse adversary techniques and map activity to the MITRE ATT&CK framework Develop, tune and maintain detection rules for SIEM and EDR platforms Threat Intelligence Management Collect, validate and analyse cyber threat … Hands-on experience with Microsoft Sentinel and Defender XDR Good working knowledge of KQL (Kusto Query Language) Strong understanding of the MITRE ATT&CK framework Experience investigating IOCs and real-world security incidents Excellent written and verbal communication skills Comfortable working in a client-facing ...

technical audiences and continuously improve their content and presentation. Analyse and improve detection rules and use cases in line with Mitre Att&ck and threat-informed defence. Work as part of a team to ensure that corporate data and technology platform components are safeguarded from … Expertise Essential Skills Proven experience in Security Operations Centre. Demonstrable experience of using Microsoft Sentinel and Splunk. Knowledge and experience with Mitre Att&ck Framework. Strong knowledge of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, and enterprise AntiVirus products. Strong understanding ...

enrichment logic to enhance detections and investigation efficiency Support purple-team activities, threat modelling, and attack-simulation scenarios aligned to MITRE ATT&CK Provide technical escalation support and mentorship to L1/L2 SOC analysts Perform root-cause analysis, identify systemic issues, and drive continuous … Windows, Azure AD/Entra ID, M365, network security, and cloud workloads Advanced knowledge of attacker TTPs, threat intelligence sources, and MITRE ATT&CK mapping Proven experience leading major incidents in an enterprise SOC environment Strong understanding of SOAR automation and experience building Logic Apps ...

reports for managed clients to both technical and non-technical audiences, Collaborate on improving detection rules and use cases aligned with Mitre Att&ck and threat-informed defense. Participate in a team effort to guarantee that corporate data and technology platform components are shielded from … Farnborough. What you’ll bring: Experience demonstrated in Security Operations Centre. Experience using Microsoft Sentinel and Splunk. Knowledge and experience with Mitre Att&ck Framework. Basic knowledge of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, and enterprise AntiVirus products. Understanding ...

tune security tooling such as EDR, DLP, SIEM and SOAR to improve detection and response effectiveness. Apply frameworks such as MITRE ATT&CK and the cyber kill chain to map, detect and disrupt attacker tradecraft. Leverage offensive tooling (Kali, Cobalt Strike, Metasploit, Bloodhound, Mimikatz, etc. … others. Strong experience with security tooling: EDR, DLP, SIEM, SOAR. Solid background in threat investigation and incident response. Good understanding of MITRE ATT&CK, cyber kill chain and common attacker tradecraft. Familiarity with offensive tools such as Kali, Cobalt Strike, Metasploit, Bloodhound, Mimikatz. Strong knowledge ...

develop team knowledge of SOC tools, security operations and triage. Analyse and improve detection rules and use cases in line with Mitre Att&ck and threat-informed defence. Maintain and update security incident documentation, including incident reports, analysis findings, and recommended mitigation strategies. Represent … management experience to help develop Analysts and lead careers. Demonstrable experience of using Microsoft Sentinel and Splunk. Knowledge and experience with Mitre Att&ck Framework. Solid grasp of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, and enterprise AntiVirus products. Good understanding ...

playbooks. The role includes mentoring CIRT analysts , enhancing SIEM/SOAR automation, and continuously improving processes using frameworks such as MITRE ATT&CK, NIST 800-61, and PCI DSS. What this job is really about Owning cyber incident response end-to-end: from first alert … cases so you see retail-relevant threats early and clearly.? Being the person who connects the dots between frameworks like MITRE ATT&CK, NIST 800-61, PCI DSS and what actually happens on the ground. Who this will suit You've worked in SOC, Incident ...

providers to ensure effective delivery of external threat services Evaluating current security controls against known threat actors using frameworks such as MITRE ATT&CK and CIS Controls Supporting threat intelligence-led security testing initiatives, including red and purple teaming exercises Contributing to continuous improvement … deliver measurable outcomes quickly Strong understanding of threat actor behaviours, TTPs, and global threat trends Experience working with frameworks such as MITRE ATT&CK and CIS Ability to analyse large datasets and translate findings into meaningful intelligence outputs Experience producing intelligence reports across tactical, operational ...

attacker behaviour Supporting incident response efforts with deep detection insight Expanding detection coverage using threat intelligence and adversary techniques mapped to MITRE ATT&CK Creating automation and playbooks to speed up triage and response Documenting detections and sharing knowledge with SOC analysts Main Skills Needed … rules using query languages like ESQL, KQL, or Lucene Practical SOC experience covering alert triage, investigation, and analysis Deep knowledge of MITRE ATT&CK, malware behaviour, lateral movement, and persistence techniques What’s in It for You: Work on genuinely meaningful systems in high-security ...

Active Directory, Windows/Linux systems, and cloud platforms (Azure, AWS, GCP) Proficiency in scripting (PowerShell, Python) Familiarity with security frameworks (MITRE ATT&CK, NIST, Kill Chain) Experience with EDR, DLP, Proxy, and SEG tools Desirable Qualifications Certifications: AZ-500, SC-200, SC-900, CompTIA ...

engineering, incident response, security engineering, threat hunting, or threat intelligence Strong experience with security tooling (SIEM, SOAR, EDR, DLP) Understanding of MITRE ATT&CK, cyber kill chain, and attacker tradecraft Experience investigating complex security incidents across applications and infrastructure Familiarity with offensive tools (Kali, Cobalt ...

perimeter controls and operating systems Understanding of cloud security controls and container security Experience with EDR tooling and familiarity with the MITRE ATT&CK framework Experience with scripting or basic coding for automation Experience conducting investigations including eDiscovery Industry recognised security certifications such as CISSP ...

correlations • Leading post-incident reviews and reporting • Engaging in vulnerability lifecycle management and remediation guidance • Contributing to continuous improvement, automation and MITRE ATT&CK maturity What We Are Looking For: • 1–5 years’ SOC or operational cyber experience • Strong hands-on experience with SIEM tools ...

Splunk SIEM, to enable the detection of threats across diverse platforms (e.g. cloud, endpoints, and networks) · Use frameworks like MITRE ATT&CK to map detection rules and maximise threat coverage · Use analytical platforms to query high volume datasets to identify trends and spot unusual behaviours ...

Firewalls (IDS/IPS/DPI/WAF/Web Filter/App Control). Knowledge of security concepts (CIA/MITRE ATT&CK Framework/Vulnerabilities). Knowledge of cybersecurity fundamentals (CIA triad, threat vectors). Knowledge of ITIL disciplines such as Incident, Problem ...

meetings What we're looking for: 2–3 years' experience in threat intelligence and/or threat hunting Strong understanding of MITRE ATT&CK, malware analysis, and adversary behaviour Hands-on experience with Microsoft Sentinel, Defender XDR, and threat intelligence platforms Proficiency in KQL, Python ...

ability to work effectively within a collaborative SOC team Desirable Skills Experience with incident documentation and reporting Familiarity with security frameworks (MITRE ATT&CK, NIST, ISO 27001) Ability to adapt quickly to new tools, threats, and operational priorities Any relevant certifications (e.g., Security+, CySA+, Microsoft ...

investigate, correlate, and close.? Turning threat hunting into a habit, not a once-a-month exercise: building KQL hunts, mapping to MITRE ATT&CK, and turning "interesting patterns" into hardened detections.? Making the SIEM/XDR bill make sense : understanding ingestion, licensing, and where ...

Azure Security Engineer Associate Knowledge of cloud security principles and technologies Desirable: Strong understanding of security frameworks (NIST, ISO 27001, Mitre ATT&CK) Knowledge of web security tooling such as web proxy, DNS filtering and similar (e.g. Cisco Umbrella) Previous experience as a Security Analyst ...

analyse cloud security risks and recommend appropriate controls. Desirable Experience: Understanding of Log Ingestion and Log Analytics. Familiarity with the MITRE ATT&CK framework . Certifications: Essential Microsoft Certified: Security, Compliance, and Identity Fundamentals (SC-900) Microsoft Certified: Security Operations Analyst (SC-200) Desirable Microsoft ...

environments Practical experience building and maintaining SOAR playbooks and automations Good understanding of common attack techniques, TTPs, and frameworks such as MITRE ATT&CK Scripting or automation capability (e.g., Python, PowerShell, JSON, REST APIs) Strong analytical and problem-solving skills with a methodical approach ...

possess: Strong experience with Microsoft-centric environments (M365, Azure, Intune, security baselines). Knowledge of compliance frameworks (NCSC guidance, Cyber Essentials), MITRE ATT&CK, encryption, IAM and secure configuration principles. The ability to manage operational workload while progressing ongoing improvement initiatives. Strong communication and stakeholder ...

operational environments. Experience required: Hands on experience working with SIEM technologies and security monitoring Awareness of modern threat models (eg. MITRE ATT&CK) Understanding of CI/CD pipelines and security controls within DevOps environments Building and maintaining SOC detections and use cases Working knowledge ...

Exposure to modern enterprise technologies , including Cloud and AI. Experience with RESTful APIs, containerized microservices, and threat modeling frameworks (e.g., STRIDE, MITRE ATT&CK). Dynamic, solution-oriented, and able to work under pressure. Desirable: Awareness of industry security standards : ISO 27000, PCI DSS, COBIT ...

with a focus on Elastic Security . Detection & Compliance Expert: Proven ability to engineer high-fidelity detection rules based on the MITRE ATT&CK Framework , alongside implementing essential security controls like RBAC, encryption , and data governance to ensure regulatory compliance. Performance & Tuning Specialist: Deep technical ...