1 to 25 of 81 SOAR Jobs in the UK

Analysis, TTP Profiling, Cyber Kill Chain) SIEM Fine-Tuning & Optimisation (QRadar, Splunk, Sentinel, ArcSight) Incident Response & Forensics (MITRE ATT&CK, DFIR, Log Analysis) Threat Intelligence Analysis Security Analytics & Automation (SOAR, YARA Rules, Sigma Rules) Malware Analysis & Reverse Engineering Network & Endpoint Security Monitoring (EDR, IDS/IPS, Firewalls) Education Requirements & Experience Minimum of 3 to 5 years of experience in the More ❯

Analysis, TTP Profiling, Cyber Kill Chain) SIEM Fine-Tuning & Optimisation (QRadar, Splunk, Sentinel, ArcSight) Incident Response & Forensics (MITRE ATT&CK, DFIR, Log Analysis) Threat Intelligence Analysis Security Analytics & Automation (SOAR, YARA Rules, Sigma Rules) Malware Analysis & Reverse Engineering Network & Endpoint Security Monitoring (EDR, IDS/IPS, Firewalls) Education Requirements & Experience Minimum of 3 to 5 years of experience in the More ❯

platforms (AWS, Azure, GCP). Expertise in Microsoft Sentinel, Cisco Splunk or Palo Alto QRadar, and KQL. Proven skills in threat detection, incident response, and forensic analysis. Knowledge of SOAR tools (especially Palo Alto XSOAR or similar). Familiarity with compliance standards: ISO 27001, NIST, CIS, GDPR, HIPAA. Bonus: scripting/automation skills (Python, PowerShell, Bash). Deep understanding of More ❯

to integrating security across their software delivery lifecycle. A key part of this position will also involve mentoring an internal engineer, developing structured security policies, and managing Sentinel, Defender and SOAR solutions for automated threat response. Additionally, the role requires liaising with third-party support partners to coordinate security solutions, manage incidents, and enhance overall cybersecurity posture. Responsibilities Infrastructure Security … with security embedded at every stage. Cloud Security Implementation: Leverage Azure Security Centre, Microsoft Defender for Cloud, and Microsoft Sentinel for advanced security monitoring. Threat Detection & SOAR Automation: Oversee Security Orchestration, Automation, and Response (SOAR) solutions including SOC Prime. Network & Application Security: Manage Web Application Firewalls (WAF) and Intrusion Prevention Systems (IPS). Vulnerability & Penetration Testing: Review Penetration Testing, vulnerability … detailed documentation and knowledge transfer for post-contract continuity. Required Strong expertise in Azure cloud security, Microsoft Defender, and Microsoft Sentinel. Proven experience in SOAR technologies for security automation and response orchestration. Hands-on experience with penetration testing, vulnerability assessments, and security scanning. Experience implementing and managing WAF, IPS, and DNS security solutions. Extensive experience with Terraform for IaC security More ❯

SOAR Engineer/Analyst (Security Orchestration, Automation, and Response) Duration: 12 months Pay: £360.26/day PAYE or £495.15/day via umbrella Location: Remote (UK) Role Purpose The SOAR Engineer/Analyst is responsible for designing, developing, implementing, and maintaining automation playbooks to improve incident response efficiency within the Security Operations Centre. This role integrates multiple security tools and … workflows, leveraging platforms like , Darktrace , and CrowdStrike to create cohesive and automated threat detection and response mechanisms. Key Responsibilities Playbook Development: Design, implement, and maintain SOAR playbooks for automated response and alert enrichment. Tool Integration: Develop and manage integrations with: Google SecOps (Chronicle, Security Command Center) Darktrace (Threat Visualizer, Antigena) CrowdStrike Falcon (EDR, threat intelligence, APIs) Other security platforms such … indicator enrichment, triage, and threat intelligence lookups. Collaboration: Work with SOC analysts and threat detection teams to identify and implement automation opportunities. Monitoring & Optimization: Continuously evaluate the effectiveness of SOAR playbooks and integrations; fine-tune for performance and accuracy. Documentation: Maintain up-to-date technical documentation for SOAR workflows and integrations. Support & Enablement: Train SOC team members on playbook usage More ❯

shift-based roles, working as part of a 24/7 operation working in a standard rotation shift pattern. They are responsible for utilising the SOC's SIEM and SOAR toolsets to detect and investigate potential Security and Service Incidents occurring within the monitored networks. Main Duties Monitor, triage, analyse and investigate alerts, log data and network traffic using the More ❯

to integrating security across their software delivery lifecycle. A key part of this position will also involve mentoring an internal engineer, developing structured security policies, and managing Sentinel, Defender and SOAR solutions for automated threat response. Additionally, the role requires liaising with third-party support partners to coordinate security solutions, manage incidents, and enhance overall cybersecurity posture. Responsibilities Infrastructure Security … with security embedded at every stage. Cloud Security Implementation: Leverage Azure Security Centre, Microsoft Defender for Cloud, and Microsoft Sentinel for advanced security monitoring. Threat Detection & SOAR Automation: Oversee Security Orchestration, Automation, and Response (SOAR) solutions including SOC Prime. Network & Application Security: Manage Web Application Firewalls (WAF) and Intrusion Prevention Systems (IPS). Vulnerability & Penetration Testing: Review Penetration Testing, vulnerability … detailed documentation and knowledge transfer for post-contract continuity. Required Strong expertise in Azure cloud security, Microsoft Defender, and Microsoft Sentinel. Proven experience in SOAR technologies for security automation and response orchestration. Hands-on experience with penetration testing, vulnerability assessments, and security scanning. Experience implementing and managing WAF, IPS, and DNS security solutions. Extensive experience with Terraform for IaC security More ❯

the creation of custom detection use cases aligned with threat models and operational requirements. Hands-on experience with security automation and orchestration, including scripting in Python, PowerShell, or using SOAR platforms to streamline response workflows. Solid understanding of threat modelling frameworks and practical application of threat hunting methodologies to proactively identify malicious activity. What happens now? Upon submission of your More ❯

investigations Process/Playbook/Runbook development Working knowledge of detection engineering, false positive improvements Capability to tune SIEM rules or create custom detections Scripted automation experience e.g. Python, SOAR, PowerShell Threat modelling and Hunting methodologies More ❯

designing or implementing micro segmentation (e.g., Cisco Titration, Illumio, Guardicore) Background in regulated industries like financial services, healthcare, Resources or government Familiarity with DNS-based threat detection, SIEM/SOAR integration, and cloud security access brokers (CASB) Why Join Us at Accenture in This Role? Leadership in Next-Generation Cybersecurity : As a trusted security partner, Accenture leads the way in More ❯

designing or implementing micro segmentation (e.g., Cisco Titration, Illumio, Guardicore) Background in regulated industries like financial services, healthcare, Resources or government Familiarity with DNS-based threat detection, SIEM/SOAR integration, and cloud security access brokers (CASB) Why Join Us at Accenture in This Role? Leadership in Next-Generation Cybersecurity : As a trusted security partner, Accenture leads the way in More ❯

NIST, Kill Chain) Experience with EDR, DLP, Proxy, and SEG tools Desirable Qualifications Certifications: AZ-500, SC-200, SC-900, CompTIA Security+, CISSP, GCIA, GCIH, GCFA, CCSP Experience with SOAR playbooks, YARA rules, STIX, and YAML Participation in red/purple team exercises Please apply within for further details - Matt Holmes, Harvey Nash More ❯

NIST, Kill Chain) Experience with EDR, DLP, Proxy, and SEG tools Desirable Qualifications Certifications: AZ-500, SC-200, SC-900, CompTIA Security+, CISSP, GCIA, GCIH, GCFA, CCSP Experience with SOAR playbooks, YARA rules, STIX, and YAML Participation in red/purple team exercises Please apply within for further details - Matt Holmes, Harvey Nash More ❯

investigations Process/Playbook/Runbook development Working knowledge of detection engineering, false positive improvements Capability to tune SIEM rules or create custom detections Scripted automation experience eg Python, SOAR, PowerShell Threat modelling and Hunting methodologies More ❯

Consultancy that specialises in Security prevention and detection. Mondas delivers bespoke Cyber Security Solutions, helping our clients streamline their incident response and recovery process with our automated approach to SOAR, SIEM & MDR. Responsibilities: ? Respond to and manage security incidents, ensuring timely and eff ective resolution ? Conduct in-depth investigations to identify root causes and implement corrective actions ? Mentor and train More ❯

Root cause analysis and leadership in incident investigations Development of processes, playbooks, and runbooks Detection engineering and false positive reduction Custom SIEM rule tuning and creation Automation scripting (Python, SOAR, PowerShell) Threat modelling and hunting techniques Additional Information: Roles are fully site-based in Stevenage Shift pattern involves blocks of 4-5 days on/off with rotating early, late More ❯

investigations Process/Playbook/Runbook development Working knowledge of detection engineering, false positive improvements Capability to tune SIEM rules or create custom detections Scripted automation experience e.g. Python, SOAR, PowerShell Threat modelling and hunting methodologies Additional information: These roles are fully site based in Stevenage Shift Pattern: Blocks on 4-5 days on, and 4-5 das off with More ❯

investigations Process/Playbook/Runbook development Working knowledge of detection engineering, false positive improvements Capability to tune SIEM rules or create custom detections Scripted automation experience e.g. Python, SOAR, PowerShell Threat modelling and hunting methodologies Additional information: These roles are fully site based in Stevenage Shift Pattern: Blocks on 4-5 days on, and 4-5 das off with More ❯

affected systems, response actions, and improvement recommendations. Produce clear, detailed reports for client delivery. Technical Requirements: Hands-on experience in incident response and investigation using tools such as SIEM, SOAR, and EDR. Proficiency in analysing logs across multiple platforms (Networking, Windows, Mac, Linux, Cloud). Solid understanding of evidence collection and handling procedures. Familiarity with the NIST 800-61 incident More ❯

Contract Role - SOAR Engineer/Analyst (Google SecOps) - Leeds/Remote - 12 Months Initial - Inside IR35 We are seeking a skilled SOAR Engineer/Analyst responsible for designing, developing, implementing, and maintaining automation playbooks to improve incident response efficiency within the Security Operations Centre utilizing Google SecOps Role Overview: Job Title: SOAR Engineer/Analyst (Google SecOps) Location: Leeds/… s degree in Computer Science, Cybersecurity, or related discipline, or equivalent hands-on experience. 2-5 years of experience in security operations or security engineering. Hands-on experience with SOAR platforms (e.g., Cortex XSOAR, Splunk SOAR, IBM Resilient). Strong familiarity with: Google SecOps/Chronicle Darktrace (AI-based threat detection) CrowdStrike Falcon platform Scripting experience in Python, PowerShell, or … with CI/CD for playbook development and version control (e.g., Git). Familiarity with other SOC tools (e.g., ServiceNow, Jira, Splunk, Elastic, SentinelOne). Security certifications such as: SOAR-specific certifications (e.g., Cortex XSOAR Certified Engineer) CrowdStrike Certified Falcon Responder Google Cybersecurity Certificate General security certs (e.g., CySA+, GCIH, CISSP) Please feel free to contact myself - Daisy Nguyen at More ❯

record in security operations, incident response, and vulnerability management. - Experience managing enterprise-grade security platforms and working across diverse environments (cloud, hybrid, manufacturing). - Hands-on expertise with EDR, SOAR tooling, and SASE/SSE technologies. - Deep familiarity with frameworks such as NIST, MITRE ATT&CK, and other industry standards. - Strong stakeholder management skills and the ability to influence at More ❯

framework, threat intelligence, and adversary TTPs. Solid understanding of Windows, Linux, and core network security principles. Skilled in incident response, digital forensics, and proactive threat hunting. Experience working with SOAR platforms and building automated workflows. Benefits: View to Extension Salary: Up to £575 Per Day More ❯

workbooks, and reports for stakeholders. Perform threat hunting activities and support continuous improvement of SOC processes. Maintain and enhance use cases, playbooks, and automation (e.g., with Logic Apps or SOAR). Ensure SIEM solutions are properly integrated with data sources (e.g., firewalls, endpoints, cloud services). Support compliance and audit efforts through effective logging and reporting. Provide subject matter expertise More ❯

integration services to a wide range of organizations and verticals Act a trusted advisor to help lead customers to mature outcomes using next generation SIEM, log management, XDR and SOAR features and functionality Provide knowledge transfer of Falcon LogScale NGSIEM to our customers What You'll Need: We're looking for a colleague with a great compassion for taking care … strong technical writing skills. Your Background: 5+ years of experience working with log management/SIEM solutions (e g, Falcon LogScale, Splunk, Trellix, Chronicle, Exabeam, Sumo Logic, etc) and SOAR (e.g., Crowdstrike Fusion, Palo Alto XSOAR, Splunk Demisto, etc.) in a professional services consulting role or similar capacity Experience working with pre-sales teams on technical scoping and requirements gathering … the Information Security domain Long term (6 months min) recent experience within a SOC performing analysis and triage of security incidents using a SIEM, Log Management and/or SOAR platform Applied knowledge and integration experience with a generative AI platform Benefits of Working at CrowdStrike: Remote-friendly and flexible work culture Market leader in compensation and equity awards Comprehensive More ❯

DLP, Azure Firewall, and related services. Integrate security into DevOps pipelines, CI/CD, infrastructure-as-code, and container work flows. Automate threat detection and response using Microsoft Sentinel SOAR, custom playbooks, and telemetry pipelines. Platform Security Oversight Own and optimise endpoint security through Intune, ensuring device compliance and integration with Zero Trust. Harden AKS clusters and cloud-native apps More ❯