1 to 25 of 36 MITRE ATT&CK Jobs in the UK

reactive alert handling. You will actively hunt for malicious activity using telemetry, SIEM data, and threat intelligence, develop hypotheses based on MITRE ATT&CK Tactics, Techniques, and Procedures (TTPs), and support incident management and response activities when threats are identified. We are open to experienced … experience using SIEM platforms, including: Microsoft Sentinel (KQL) Splunk (SPL) Elastic Security/Kibana (KQL, ESQL) Practical and operational understanding of MITRE ATT&CK, attacker techniques, and adversary tradecraft Experience working with Indicators of Compromise (IOCs) and threat intelligence feeds Solid experience across the security ...

error-free ingestion. Use Case & Detection Content Development Design, implement, test, and tune detection use cases based on attacker techniques (MITRE ATT&CK), threat intelligence, and risk appetite. Build correlation rules, anomaly-based detections, dashboards, and alerting workflows. Regularly review detection efficacy and reduce false … systems, Cloud platforms (Azure/AWS/GCP), identity systems, and endpoint protection technologies (e.g. SentinelOne and Microsoft Defender) Knowledge of MITRE ATT&CK, cyber kill chain, and threat hunting methodologies. Must Have Level 4 or higher qualification in a computing subject, or equivalent experience ...

customer environments. Producing clear, insightful reports for both technical and non-technical audiences. Enhancing detection rules and use cases aligned to MITRE ATT&CK and threat-informed defence. What you’ll bring: Hands-on experience with Microsoft Sentinel and Splunk. Knowledge of the MITRE ATT&CK framework. Understanding of client-server and multi-tier applications, databases, firewalls, VPNs and endpoint security. Solid networking fundamentals (TCP/IP, LAN/WAN, HTTP, SMTP, FTP, LDAP, etc.). Strong analytical thinking and structured problem-solving. An entry-level cyber security certification ...

reports for managed clients to both technical and non-technical audiences, Collaborate on improving detection rules and use cases aligned with Mitre Att&ck and threat-informed defense. Participate in a team effort to guarantee that corporate data and technology platform components are shielded from … Farnborough. What you’ll bring: Experience demonstrated in Security Operations Centre. Experience using Microsoft Sentinel and Splunk. Knowledge and experience with Mitre Att&ck Framework. Basic knowledge of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, and enterprise AntiVirus products. Understanding ...

cases across SIEM and SOAR platforms using threat intelligence and incident data Develop, map, and maintain detection logic aligned to MITRE ATT&CK frameworks Continuously tune and optimise correlation rules to improve signal-to-noise ratio Validate detection logic through simulations, threat emulation … platforms and query languages (e.g. SPL, KQL) Solid understanding of detection engineering principles, data modelling, and regex Proven experience working with MITRE ATT&CK and threat-informed defence strategies Ability to design scalable and maintainable detection content in complex environments Strong documentation and stakeholder communication ...

escalation playbooks; suggest improvements based on recurring issues or inefficiencies. Threat Awareness: Maintain awareness of current cyber threats, attacker techniques (MITRE ATT&CK), and industry trends relevant to the organisations threat landscape. Essential: 2-4 years of experience in a SOC, IT Operations, or security … Working knowledge of SIEM platforms (e.g. Microsoft sentinel, Splunk, Elastic, QRadar). Desirable: Awareness of security frameworks and methodologies (NIST CSF, MITRE ATT&CK, ISO27001). Qualifications: Desirable: CompTIA Security+, CySA+ or other entry level certification. ...

continuously refine advanced SIEM detection logic, including rules, correlations and analytics. Research emerging threats, vulnerabilities and adversary TTPs, mapping them to MITRE ATT&CK to close detection and visibility gaps. Tune and validate detections to minimise false positives and deliver high-fidelity alerts … detection patterns. Confidence to own technical delivery end-to-end, driving work through to completion with minimal escalation. Expert knowledge of MITRE ATT&CK, with real-world application in detection engineering. A BSc in Computer Science, IT, or a related discipline. Solid scripting skills ...

continuously refine advanced SIEM detection logic, including rules, correlations and analytics. Research emerging threats, vulnerabilities and adversary TTPs, mapping them to MITRE ATT&CK to close detection and visibility gaps. Tune and validate detections to minimise false positives and deliver high-fidelity alerts … detection patterns. Confidence to own technical delivery end-to-end, driving work through to completion with minimal escalation. Expert knowledge of MITRE ATT&CK, with real-world application in detection engineering. A BSc in Computer Science, IT, or a related discipline. Solid scripting skills ...

pipelines, including log ingestion, enrichment and schema standardisation. Develop and tune security detection content, translating threat intelligence and TTPs aligned to MITRE ATT&CK into actionable, high-value alerts. Manage the full detection content lifecycle: design, test, deploy, monitor, tune and retire, using version control … Strong hands-on knowledge of SIEM engineering, including indexing, parsing, onboarding and performance tuning. Experience designing and optimising detection content, including MITRE ATT&CK-aligned use cases and alert tuning to reduce noise. Good understanding of data pipeline engineering, log enrichment, data quality and large ...

Score remediation Vulnerability Management Tools such as Tenable , Pentera , Varonis , Secure Score Experience coordinating remediation with technical teams Frameworks & Security Models MITRE ATT&CK, OWASP Top 10 Exposure to zero-trust principles Understanding of encryption, certificate management, secrets management Scripting & Automation PowerShell (essential) Python ...

optimise complex queries to support threat detection, proactive threat hunting, and anomaly identification Map detection logic to adversary behaviours using the MITRE ATT&CK Framework, ensuring effective coverage of tactics, techniques, and procedures Work with the wider Splunk ecosystem, including tools like TrackMe, and contribute ...

SIEM, SOAR, EDR, IDS/IPS, firewalls, and cloud-native security tooling. Knowledge of cyber security frameworks such as NIST CSF, MITRE ATT&CK, ISO 27001, or CIS Controls. Demonstrated expertise in incident response and threat management. Experience working in hybrid cloud environments (Azure ...

intelligence platforms Practical experience handling security incidents, threat hunting, and investigations Solid understanding of attacker tactics, techniques, and frameworks such as MITRE ATT&CK Proven experience working with clients in a consultative or advisory capacity Background working within an MSSP environment Desirable CISSP, CISM, GIAC ...

SIEM platforms, specifically Splunk Enterprise & Enterprise Security and Elastic Stack/Elastic Security Deep knowledge of detection engineering, threat intelligence frameworks (MITRE ATT&CK), and noise reduction techniques Hands-on experience with data ingestion tools such as Elastic Agent, Beats, Splunk UF/HF, Syslog ...

Splunk experience, including SPL development and Splunk ES administration Solid understanding of network protocols, cloud environments (AWS/Azure), and the MITRE ATT&CK framework Experience with vulnerability assessment tools (2+ years desirable) Exposure to penetration testing or web application security testing Desirable Certifications Security ...

managing Splunk Enterprise Security (ES). Technical Breadth: Strong understanding of network protocols, cloud security (AWS/Azure), and the MITRE ATT&CK framework. Additional Skills: Experience with Vulnerability Assessment (VA) tools, Penetration Testing, and Web Application Testing is a significant bonus. Desired Qualifications: Mandatory ...

managing Splunk Enterprise Security (ES). Technical Breadth: Strong understanding of network protocols, cloud security (AWS/Azure), and the MITRE ATT&CK framework. Additional Skills: Experience with Vulnerability Assessment (VA) tools, Penetration Testing, and Web Application Testing is a significant bonus. Desired Qualifications: Mandatory ...

managing Splunk Enterprise Security (ES). Technical Breadth: Strong understanding of network protocols, cloud security (AWS/Azure), and the MITRE ATT&CK framework. Vulnerability Assessment: 2+ years using VA tools would be a bonus Penetration Testing: Exposure to Penetration Testing and Web Application Testing. ...

managing Splunk Enterprise Security (ES). Technical Breadth: Strong understanding of network protocols, cloud security (AWS/Azure), and the MITRE ATT&CK framework. Vulnerability Assessment: 2+ years using VA tools would be a bonus Penetration Testing: Exposure to Penetration Testing and Web Application Testing. ...

Insight, Discover) Strong Splunk expertise, including SPL and Enterprise Security (ES) Solid understanding of: Network protocols Cloud security (AWS/Azure) MITRE ATT&CK framework Additional desirable experience: Vulnerability Assessment tools Penetration Testing/Web Application Testing exposure Security policy and standards development Certifications (Desirable ...

Advanced Splunk/Splunk ES experience, including strong SPL capability Solid understanding of networking, cloud security (AWS/Azure), and the MITRE ATT&CK framework Experience with vulnerability management, penetration testing, or web application testing is advantageous ...

experience with CrowdStrike (Falcon) Advanced Splunk (SPL + Enterprise Security) expertise Solid understanding of networks, cloud (AWS/Azure), and MITRE ATT&CK Bonus: Vulnerability Assessment and Pen Testing experience MUST HAVE LOCAL GOVERNMENT EXPERIENCE Certifications (desirable): Splunk Certified Cybersecurity Defense Engineer (highly preferred) CrowdStrike ...

managing Splunk Enterprise Security (ES). Technical Breadth: Strong understanding of network protocols, cloud security (AWS/Azure), and the MITRE ATT&CK Vulnerability Assessment : 2+ years using VA tools would be a bonus Penetration Testing : Exposure to Penetration Testing and Web Application Testing. ...

Splunk Enterprise Security (ES) Splunk Certified Cybersecurity Defence Engineer (MANDATORY) Strong understanding of: Network security & protocols Cloud security (AWS/Azure) MITRE ATT&CK framework Desirable Experience Vulnerability Assessment tools (2+ years preferred) Exposure to Penetration Testing/Web Application Testing Experience developing security policies ...

similar. Strong knowledge of network security, threat detection, and incident response. Experience analysing malware, security alerts, and attack patterns. Understanding of MITRE ATT&CK framework and its application in threat detection and mitigation. Experience working with EDR tools and endpoint security technologies. Knowledge of firewalls ...