176 to 200 of 507 SIEM Jobs in the UK

and recommending remediation actions Provide technical and procedural guidance to junior SOC analysts Develop and enhance detection use cases, correlation rules, and playbooks within SIEM and EDR platforms Conduct proactive threat hunting activities across client environments Collaborate with engineering teams to improve visibility, telemetry, and automation Support major incident response … CSIRT, or cyber defence environment Strong understanding of attack frameworks (e.g. MITRE ATT&CK, Cyber Kill Chain) Hands-on experience with SIEM and EDR tools (e.g. Microsoft Sentinel, Splunk, CrowdStrike, Defender) Experience in incident triage, containment, and response Good knowledge of network protocols, Windows/Linux systems, and cloud environments ...

teams. Drive project governance and reporting activities. Cyber Security Delivery Deliver initiatives across: Identity & Access Management (IAM) Privileged Access Management (PAM) Security Operations (SOC) SIEM Platforms Cloud Security Vulnerability Management Data Protection and DLP Security Monitoring and Threat Detection Secure File Transfer and Encryption Programmes Coordinate technical teams to ensure … Skills & Experience Cyber Security Experience Strong understanding of enterprise cyber security principles and controls. Experience delivering projects involving: IAM and Access Governance PAM Solutions SIEM and Security Monitoring Cloud Security Endpoint Security Vulnerability Management Data Protection Security Compliance Programmes Familiarity with security frameworks and standards such as: NIST ...

analysts in hunting methodologies and investigative techniques Review and improve alert fidelity, detection coverage, and response effectiveness Provide technical oversight for tooling such as SIEM, EDR/XDR, NDR, SOAR, and cloud-native security platforms Detection Engineering & Improvement Collaborate with detection engineers to convert hunt findings into new or improved … Operations, Threat Hunting, or Incident Response Proven experience leading investigations involving advanced persistent threats, insider threats, or targeted attacks Strong hands-on expertise with: SIEM platforms (e.g. Sentinel, Splunk, Elastic) EDR/XDR solutions (e.g. Defender, CrowdStrike, SentinelOne) Network and cloud security telemetry Strong understanding of: MITRE ATT&CK Windows ...

resilience. You will sit at the heart of our cyber defence operations, working daily with technologies including Microsoft O365 Defender, Entra ID, Intune, Rapid7 SIEM, and Sophos Antivirus. Youll be responsible for monitoring security events, investigating suspicious activity, responding to incidents, and continuously improving our security posture. This … cyber security What you will do: Security Monitoring & Incident Response Actively monitor alerts and telemetry across endpoints, identities, email, and cloud services using Rapid7 SIEM, Microsoft Defender, and Sophos AV. Investigate suspected cyber attacks including malware infections, phishing campaigns, identity compromise, and unauthorised access attempts. Perform triage, root cause analysis ...

A leading cybersecurity firm in the UK is seeking a Senior Security Engineer to join their Managed Security Service Provider team. The role involves driving Sentinel adoption, leading client onboarding, and developing custom data connectors. ...

across enterprise environments. This role will work closely with Cyber Security, SOC, Infrastructure, Cloud, Data Engineering, and Application teams to improve data visibility, reduce SIEM costs, and enhance security monitoring capabilities. Key Responsibilities Design, deploy, and manage Cribl data pipelines across enterprise environments. Configure and support Cribl Stream , including data … collection, transformation, filtering, enrichment, masking, and routing. Optimise telemetry ingestion into SIEM and observability platforms. Implement data reduction strategies to improve platform efficiency and reduce licensing costs. Develop and maintain data parsing, normalisation, and enrichment processes. Support integration with security and monitoring platforms such as Splunk, Microsoft Sentinel, Elastic, and ...

Good knowledge and awareness of global Information Security Standards including ISO27002, CIS, NCSE CAF, NIST CSF Advisor in advanced cybersecurity services including SSE, SASE, SIEM, MDR/EDR Experience working with security frameworks and/or market leading solutions (preferred) Experience in recommending and designing solutions to meet compliance guidelines ...

Microsoft security tooling , Defender suite, Purview, Compliance Centre, Entra ID, Conditional Access & Intune. VMware vSphere virtualisation will be part of your skill set, SIEM platforms, IDS/IPS intrusion detection/prevention systems. Applicants should also be familiar with DevSecOps , security compliance frameworks ( ISO27001, Cyber Essentials + GDPR). … Centre, Entra ID, Conditional Access, and Intune. Previous exposure to virtualisation platforms, particularly VMware vSphere and/or virtual desktop infrastructure. A user of SIEM platforms and Intrusion Detection/Prevention Systems (IDS/IPS) — including configuration, tuning, alerting, and using these tools to maintain visibility and respond to threats ...

Microsoft security tooling , Defender suite, Purview, Compliance Centre, Entra ID, Conditional Access & Intune. VMware vSphere virtualisation will be part of your skill set, SIEM platforms, IDS/IPS intrusion detection/prevention systems. Applicants should also be familiar with DevSecOps , security compliance frameworks ( ISO27001, Cyber Essentials + GDPR). … Centre, Entra ID, Conditional Access, and Intune. Previous exposure to virtualisation platforms, particularly VMware vSphere and/or virtual desktop infrastructure. A user of SIEM platforms and Intrusion Detection/Prevention Systems (IDS/IPS) — including configuration, tuning, alerting, and using these tools to maintain visibility and respond to threats ...

real-world project work that doubles as hands-on experience. 100+ hours of live training Practical skills in troubleshooting, networking (Cisco), Azure cloud, Splunk SIEM & Tenable vulnerability management Job guarantee with our hiring partners Get certified, get experience, get hired. Apply today and start your journey into cyber security. Course ...

real-world project work that doubles as hands-on experience. 100+ hours of live training Practical skills in troubleshooting, networking (Cisco), Azure cloud, Splunk SIEM & Tenable vulnerability management Job guarantee with our hiring partners Get certified, get experience, get hired. Apply today and start your journey into cyber security. Course ...

real-world project work that doubles as hands-on experience. 100+ hours of live training Practical skills in troubleshooting, networking (Cisco), Azure cloud, Splunk SIEM & Tenable vulnerability management Job guarantee with our hiring partners Get certified, get experience, get hired. Apply today and start your journey into cyber security. Course ...

real-world project work that doubles as hands-on experience. 100+ hours of live training Practical skills in troubleshooting, networking (Cisco), Azure cloud, Splunk SIEM & Tenable vulnerability management Job guarantee with our hiring partners Get certified, get experience, get hired. Apply today and start your journey into cyber security. Course ...

real-world project work that doubles as hands-on experience. 100+ hours of live training Practical skills in troubleshooting, networking (Cisco), Azure cloud, Splunk SIEM & Tenable vulnerability management Job guarantee with our hiring partners Get certified, get experience, get hired. Apply today and start your journey into cyber security. Course ...

real-world project work that doubles as hands-on experience. 100+ hours of live training Practical skills in troubleshooting, networking (Cisco), Azure cloud, Splunk SIEM & Tenable vulnerability management Job guarantee with our hiring partners Get certified, get experience, get hired. Apply today and start your journey into cyber security. Course ...

real-world project work that doubles as hands-on experience. 100+ hours of live training Practical skills in troubleshooting, networking (Cisco), Azure cloud, Splunk SIEM & Tenable vulnerability management Job guarantee with our hiring partners Get certified, get experience, get hired. Apply today and start your journey into cyber security. Course ...

Troubleshoot any Remote Password Changing (RPC) failures from the previous 24 hours to prevent account lockouts or "stale" credentials. Correlate server alerts with your SIEM to investigate suspicious activity, such as multiple failed login attempts or large-scale secret exports. Key Skills Required Deploying and managing security tooling (vulnerability scanning ...

A leading cybersecurity firm in the UK is looking for a Senior Security Engineer to join their Managed Security Service Provider team. The successful candidate will manage Microsoft Sentinel implementations, focusing on client onboarding and ...

monitoring, detecting and responding to security threats across a Microsoft security stack. Key Skills: Microsoft Sentinel Microsoft Defender Suite KQL (Kusto Query Language) SIEM Engineering & Security Monitoring Incident Response & Threat Detection Previous experience within financial services or investment banking environments is highly desirable. Apply now for immediate consideration. ...

and development background and proven experience with Gateway technologies. Your technical knowledge should include: Infrastructure & Platforms VMware/vSphere RHEL and Windows Server Trellix SIEM platforms Identity & Directory Services Active Directory DNS LDAP LDIF Gateway & Security Technologies Gateway appliances and associated software Email, Chat and File standards Web and Chat ...

partysupplierstoprogressinvestigationandremediation. Participateinout-of-hoursresponseasrequired. Knowledge,Skills&ExperienceEssential ProvenexperienceinaLevel3orSeniorSecurityAnalystorIncidentResponserole. Hands-onexperienceinvestigatingandresolvingincidentsacrossendpoints,identityplatforms,networks,andcloudservices. Strongunderstandingofmalwareandransomwareresponse,identitycompromise,andvulnerabilityremediation. ExperienceworkingwithinformalSecurityIncidentandMajorIncidentprocesses. Strongwrittendocumentationandstakeholdercommunicationskills. Knowledge,Skills&ExperienceDesirable Experiencesupportingmulti-siteoroperationallysensitiveenvironments. FamiliaritywithDefender,SIEM,EDR,andvulnerabilitymanagementtools. UnderstandingofregulatedorPCI-adjacentenvironments. Relevantsecuritycertificationsorequivalentexperience. BehaviouralCompetencies Takesownershipfromdetectionthroughtoresolution. Investigatesthoroughlyandchallengesincompletefixes. Calm,methodical,anddecisiveduringliveincidents. Understandsoperationalandbusinessimpact. Professionalandconfidentwhenengagingcustomersandsuppliers. DecisionMaking&Authority Makestechnicaldecisionsrelatingtoinvestigation,containment,andremediationofsecurityincidents. EscalatesriskanddecisionpointsappropriatelytoIncidentManagementandServiceDeliveryleadership. KeyInterfaces IncidentManagement SecurityOperations InfrastructureandNetworkServices Third-partysuppliers ...

around reporting, incident summaries, RCA updates, and service documentation A proactive, organised, and commercially aware approach Experience with tools such as ServiceNow, Jira, Zendesk, SIEM, XDR, EDR, Power BI, or Microsoft 365 would be useful This would suit someone who enjoys the technical side of cyber security but wants ...

real-world project work that doubles as hands-on experience. 100+ hours of live training Practical skills in troubleshooting, networking (Cisco), Azure cloud, Splunk SIEM & Tenable vulnerability management Job guarantee with our hiring partners Get certified, get experience, get hired. Apply today and start your journey into cyber security. Course ...

real-world project work that doubles as hands-on experience. 100+ hours of live training Practical skills in troubleshooting, networking (Cisco), Azure cloud, Splunk SIEM & Tenable vulnerability management Job guarantee with our hiring partners Get certified, get experience, get hired. Apply today and start your journey into cyber security. Course ...

infrastructure-as-code and automation tools (Terraform, ARM, CloudFormation) for WAF deployment and policy management Ability to analyse logs and security telemetry (WAF logs, SIEM integration) to identify threats and drive remediation Exposure to firewalls, DDoS protection, and broader network security controls in cloud environments Strong collaboration skills, working with ...