1 to 25 of 307 SOAR Jobs in the UK

Analysis, TTP Profiling, Cyber Kill Chain) SIEM Fine-Tuning & Optimisation (QRadar, Splunk, Sentinel, ArcSight) Incident Response & Forensics (MITRE ATT&CK, DFIR, Log Analysis) Threat Intelligence Analysis Security Analytics & Automation (SOAR, YARA Rules, Sigma Rules) Malware Analysis & Reverse Engineering Network & Endpoint Security Monitoring (EDR, IDS/IPS, Firewalls) Education Requirements & Experience Minimum of 3 to 5 years of experience in the More ❯

Analysis, TTP Profiling, Cyber Kill Chain) SIEM Fine-Tuning & Optimisation (QRadar, Splunk, Sentinel, ArcSight) Incident Response & Forensics (MITRE ATT&CK, DFIR, Log Analysis) Threat Intelligence Analysis Security Analytics & Automation (SOAR, YARA Rules, Sigma Rules) Malware Analysis & Reverse Engineering Network & Endpoint Security Monitoring (EDR, IDS/IPS, Firewalls) Education Requirements & Experience Minimum of 3 to 5 years of experience in the More ❯

platforms (AWS, Azure, GCP). Expertise in Microsoft Sentinel, Cisco Splunk or Palo Alto QRadar, and KQL. Proven skills in threat detection, incident response, and forensic analysis. Knowledge of SOAR tools (especially Palo Alto XSOAR or similar). Familiarity with compliance standards: ISO 27001, NIST, CIS, GDPR, HIPAA. Bonus: scripting/automation skills (Python, PowerShell, Bash). Deep understanding of More ❯

platforms (AWS, Azure, GCP). Expertise in Microsoft Sentinel, Cisco Splunk or Palo Alto QRadar, and KQL. Proven skills in threat detection, incident response, and forensic analysis. Knowledge of SOAR tools (especially Palo Alto XSOAR or similar). Familiarity with compliance standards: ISO 27001, NIST, CIS, GDPR, HIPAA. Bonus: scripting/automation skills (Python, PowerShell, Bash). Deep understanding of More ❯

platforms (AWS, Azure, GCP). Expertise in Microsoft Sentinel, Cisco Splunk or Palo Alto QRadar, and KQL. Proven skills in threat detection, incident response, and forensic analysis. Knowledge of SOAR tools (especially Palo Alto XSOAR or similar). Familiarity with compliance standards: ISO 27001, NIST, CIS, GDPR, HIPAA. Deep understanding of Microsoft security technologies. Certifications such as CISSP, CEH, OSCP More ❯

Rapid7 EDR: CrowdStrike, Carbon Black, SentinelOne IDS/IPS: Snort, Suricata, Cisco/Checkpoint Vulnerability Management: Nessus, Qualys Threat Intelligence: Recorded Future, ThreatConnect Firewalls & Monitoring: Palo Alto, Cisco ASA SOAR Platforms: Demisto, Phantom Web Proxy Tools: Zscaler, Forcepoint, Netskope 💡 Technical Skills: Strong OS knowledge (Windows, Linux) Network protocol analysis (Wireshark, TCPDump) Scripting (Python, Bash, PowerShell) Cloud security monitoring (AWS, Azure More ❯

Rapid7 EDR: CrowdStrike, Carbon Black, SentinelOne IDS/IPS: Snort, Suricata, Cisco/Checkpoint Vulnerability Management: Nessus, Qualys Threat Intelligence: Recorded Future, ThreatConnect Firewalls & Monitoring: Palo Alto, Cisco ASA SOAR Platforms: Demisto, Phantom Web Proxy Tools: Zscaler, Forcepoint, Netskope 💡 Technical Skills: Strong OS knowledge (Windows, Linux) Network protocol analysis (Wireshark, TCPDump) Scripting (Python, Bash, PowerShell) Cloud security monitoring (AWS, Azure More ❯

to integrating security across their software delivery lifecycle. A key part of this position will also involve mentoring an internal engineer, developing structured security policies, and managing Sentinel, Defender and SOAR solutions for automated threat response. Additionally, the role requires liaising with third-party support partners to coordinate security solutions, manage incidents, and enhance overall cybersecurity posture. Responsibilities Infrastructure Security … with security embedded at every stage. Cloud Security Implementation: Leverage Azure Security Centre, Microsoft Defender for Cloud, and Microsoft Sentinel for advanced security monitoring. Threat Detection & SOAR Automation: Oversee Security Orchestration, Automation, and Response (SOAR) solutions including SOC Prime. Network & Application Security: Manage Web Application Firewalls (WAF) and Intrusion Prevention Systems (IPS). Vulnerability & Penetration Testing: Review Penetration Testing, vulnerability … detailed documentation and knowledge transfer for post-contract continuity. Required Strong expertise in Azure cloud security, Microsoft Defender, and Microsoft Sentinel. Proven experience in SOAR technologies for security automation and response orchestration. Hands-on experience with penetration testing, vulnerability assessments, and security scanning. Experience implementing and managing WAF, IPS, and DNS security solutions. Extensive experience with Terraform for IaC security More ❯

SOAR Engineer/Analyst (Security Orchestration, Automation, and Response) Duration: 12 months Pay: £360.26/day PAYE or £495.15/day via umbrella Location: Remote (UK) Role Purpose The SOAR Engineer/Analyst is responsible for designing, developing, implementing, and maintaining automation playbooks to improve incident response efficiency within the Security Operations Centre. This role integrates multiple security tools and … workflows, leveraging platforms like , Darktrace , and CrowdStrike to create cohesive and automated threat detection and response mechanisms. Key Responsibilities Playbook Development: Design, implement, and maintain SOAR playbooks for automated response and alert enrichment. Tool Integration: Develop and manage integrations with: Google SecOps (Chronicle, Security Command Center) Darktrace (Threat Visualizer, Antigena) CrowdStrike Falcon (EDR, threat intelligence, APIs) Other security platforms such … indicator enrichment, triage, and threat intelligence lookups. Collaboration: Work with SOC analysts and threat detection teams to identify and implement automation opportunities. Monitoring & Optimization: Continuously evaluate the effectiveness of SOAR playbooks and integrations; fine-tune for performance and accuracy. Documentation: Maintain up-to-date technical documentation for SOAR workflows and integrations. Support & Enablement: Train SOC team members on playbook usage More ❯

key technical forums (ADF, TDA, workshops) Deliver improvements to SIEM architecture, use cases, automation, and data enrichment Improve onboarding processes for directorates and manage onboarding QA Lead integration of SOAR, Attack Analyzer, and other tooling into operational use Standardise collection tier components using Infrastructure as Code (IaC) where possible Essential Skills & Experience Strong experience in Splunk SaaS as a lead … in Ethical Hacking, IDAM, PKI, or broader information security disciplines A team-oriented, adaptable mindset with a problem-solving approach Required Qualifications Splunk Cloud Administrator Splunk Enterprise Security Splunk SOAR Administrator Splunk Certified Cybersecurity Defence Analyst Cloud Security Architecture (CSA) Microsoft Azure Infrastructure Solutions Desirable Certifications Certified Information Systems Security Professional (CISSP) Ethical Hacking & Intrusion Prevention Information Security Management Systems More ❯

response, and detection engineering, you will be responsible for the delivery of SIEM detections and security automations. The successful candidate will be proficient in automation and orchestration tools (e.g., SOAR platforms, scripting languages like Python, PowerShell) and have experience with integrating security tools (e.g., SIEM, EDR, firewalls) APIs, and Case Management tools for data enrichment. Responsibilities: Build security automations, logging … management. Experience with cloud security tools and platforms (e.g. Azure, AWS Google Cloud) and their integration into SOC operations. Experience using Microsoft Sentinel SIEM. Other vendor-specific certifications for SOAR platforms (e.g. Splunk SOAR, Palo Alto Cortex XSOAR). Experience contributing to large-scale, sprint-based, security automation and detection engineering projects. "Nice To Have" Skills and Experience: Ability to More ❯

AWS). Knowledge of network protocols, threat actors, and attack vectors. Ability to analyse complex data and deliver actionable insights. Familiarity with scripting (Python or similar) and security automation (SOAR). Understanding of threat intelligence and its operational use. Experience in software engineering or penetration testing. Exposure to Splunk ES and development of custom content. Knowledge of security process development More ❯

Recommend optimization strategies to control costs without compromising visibility or detection capabilities. Design and implement automated response workflows using Sentinel playbooks (Logic Apps). Enhance response efficiency by developing SOAR integrations across security tooling. Produce comprehensive incident reports and root cause analyses. Maintain technical documentation for use cases, configurations, response procedures, and data source onboarding. Generate regular dashboards and reports More ❯

Application Firewalls) Interest in developing knowledge across common Incident Response and Security Monitoring applications such as SIEM (e.g., Qradar, Splunk), EDR (e.g., FireEye HX, CrowdStrike Falcon, Microsoft Defender), and SOAR (Palo Alto XSOAR, Google Secops/Chronicle) Desire to build technical skills and hands-on knowledge in the following areas of security operations and incident response In-depth packet analysis More ❯

CISM, CCSP, CRISC or equivalent experience Good knowledge covering several of the following examples (this list is not exhaustive): AD, Cryptography, End User Computing, IAM, PKI, Server hardening, SIEM, SOAR, virtualisation (VMware) Familiarity with MITRE ATT&CK Familiarity with ITIL Who we are: We’re a business with a global reach that empowers local teams, and we undertake hugely exciting … CISM, CCSP, CRISC or equivalent experience Good knowledge covering several of the following examples (this list is not exhaustive): AD, Cryptography, End User Computing, IAM, PKI, Server hardening, SIEM, SOAR, virtualisation (VMware) Familiarity with MITRE ATT&CK Familiarity with ITIL Who we are: We’re a business with a global reach that empowers local teams, and we undertake hugely exciting More ❯

Azure, or GCP (e.g. CloudTrail, Sentinel). Experience with endpoint protection, DLP, IDS/IPS, MFA, and content filtering. Familiarity with SIEM platforms and vulnerability management tools. Exposure to SOAR platforms and scripting or development skills (e.g. Python, Bash). Understanding of frameworks such as ISO 27001/2, NIST, SOC, or COBIT. Excellent communication skills, both verbal and written. More ❯

to integrating security across their software delivery lifecycle. A key part of this position will also involve mentoring an internal engineer, developing structured security policies, and managing Sentinel, Defender and SOAR solutions for automated threat response. Additionally, the role requires liaising with third-party support partners to coordinate security solutions, manage incidents, and enhance overall cybersecurity posture. Responsibilities Infrastructure Security … with security embedded at every stage. Cloud Security Implementation: Leverage Azure Security Centre, Microsoft Defender for Cloud, and Microsoft Sentinel for advanced security monitoring. Threat Detection & SOAR Automation: Oversee Security Orchestration, Automation, and Response (SOAR) solutions including SOC Prime. Network & Application Security: Manage Web Application Firewalls (WAF) and Intrusion Prevention Systems (IPS). Vulnerability & Penetration Testing: Review Penetration Testing, vulnerability … detailed documentation and knowledge transfer for post-contract continuity. Required Strong expertise in Azure cloud security, Microsoft Defender, and Microsoft Sentinel. Proven experience in SOAR technologies for security automation and response orchestration. Hands-on experience with penetration testing, vulnerability assessments, and security scanning. Experience implementing and managing WAF, IPS, and DNS security solutions. Extensive experience with Terraform for IaC security More ❯

shift-based roles, working as part of a 24/7 operation working in a standard rotation shift pattern. They are responsible for utilising the SOC's SIEM and SOAR toolsets to detect and investigate potential Security and Service Incidents occurring within the monitored networks. Main Duties Monitor, triage, analyse and investigate alerts, log data and network traffic using the More ❯

and detection engineering, you will be responsible for the delivery of Microsoft SIEM detections and security automations. The successful candidate will be proficient in automation and orchestration tools (e.g., SOAR platforms, scripting languages like Python, PowerShell, KQL) and have experience with integrating security tools (e.g., SIEM, EDR, firewalls) APIs, and Case Management tools for data enrichment. Key Skills and Experience … and scalability, making improvements, as necessary.Collaborate with third-party vendors and service providers to leverage automation opportunities and ensure successful integrations. Desirable Skills and Experience:Vendor-specific certifications for Security orchestration, automation, and response (SOAR) platforms Ability to develop and implement long-term automation strategies aligned with security operation objectives.Ability to translate technical concepts into clear, actionable insights for technical More ❯

and detection engineering, you will be responsible for the delivery of Microsoft SIEM detections and security automations. The successful candidate will be proficient in automation and orchestration tools (e.g., SOAR platforms, scripting languages like Python, PowerShell, KQL) and have experience with integrating security tools (e.g., SIEM, EDR, firewalls) APIs, and Case Management tools for data enrichment. Key Skills and Experience … as necessary. Collaborate with third-party vendors and service providers to leverage automation opportunities and ensure successful integrations. Desirable Skills and Experience: Vendor-specific certifications for Security orchestration, automation, and response platforms Ability to develop and implement long-term automation strategies aligned with security operation objectives. Ability to translate technical concepts into clear, actionable insights for technical and non-technical More ❯

following: - Automation of SOC Processes Design and implement automation solutions to streamline repetitive tasks such as alert triaging, incident response, and reporting - Tool Integration Integrate various security tools (SIEM, SOAR, firewalls, etc.) to improve data flow and response coordination. - Optimization of Workflows Enhance and optimize SOC workflows for improved efficiency and reduced manual effort. - Development of Playbooks Create automated response … or equivalent experience). Industry certifications such as: Certified Information Systems Security Professional (CISSP) Certified Incident Handler (GCIH) GIAC Security Automation Expert (GCSA) Splunk Certified Automation Consultant, or relevant SOAR certifications. Experience with automation tools (e.g., SOAR platforms, Ansible, Phantom or similar). Proficiency in scripting languages (e.g., Python, PowerShell, Bash). Strong understanding of SOC processes, including incident response … and threat detection. Experience with SIEM platforms (e.g., Splunk). Knowledge of security frameworks (e.g., NIST, MITRE ATT&CK). Skills Proficiency in automation tools (e.g., SOAR platforms, Ansible, Phantom). Expertise in scripting languages (e.g., Python, PowerShell, Bash). Strong knowledge of SOC processes (incident response, threat detection). Experience with SIEM platforms (e.g., Splunk). Ability to integrate More ❯

cyber security focused role - Ideally 1- 2 years working as an engineer. Knowledge of security tools and technologies (e.g., SIEM, IDS/IPS, EDR/XDR, Email protection, DLP, SOAR, Cloud Security etc.) Knowledge of Cyber Security domains (e.g., Identity and access Management, Network Security, Incident Response etc) Desirable skills Ideally you will come from an Infrastructure engineering background. Relevant … Knowledge of Security best practices and regulatory compliance frameworks (e.g., NIST, ISO27001, PCI-DSS etc) Knowledge of the following security products are ideal: ? SEIM (Rapid7 IDR, MS Sentinel, SPLUNK) ? SOAR (Rapid7 ICON, MS Sentinel) ? Endpoint Detection and Response (Microsoft Defender) ? Email Security (Proofpoint, Mimecast) ? Vulnerability Management (Rapid7 IVM, Nessus, Tenable) Proficiency with scripting and automation (e.g., Powershell, Python) Understanding of More ❯

perform in-depth root cause analysis. Support use case tuning through auditing and approval, alongside developing new detection content including machine learning analytics and Security Automation Orchestration and Response (SOAR). What are we looking for? Ability to work independently to deliver personal and team objectives, liaising with relevant teams. Able to work under pressure and make judgment calls based More ❯

on experience with GCP security services including IAM, VPC Service Controls, Cloud Armor, KMS, Security Command Center. Fluency in designing security policies using IAM, KMS, DLP, and SIEM/SOAR tools. Strong understanding of network security principles (firewalls, VPNs, load balancing, DNS) and their implementation on GCP. Proficiency in at least one scripting language (e.g., Python, Go, Bash) for automation More ❯

including the shared responsibility model. Familiarity with compliance frameworks (ISO 27001, GDPR, SOC 2, NIST). Hands-on experience with EDR tools (CrowdStrike, Defender for Endpoint) and SIEM/SOAR platforms. Basic scripting for automation and reporting using PowerShell or Python. Working knowledge of network security protocols, VPNs, firewalls, and web filtering tools. Understanding of patch management, application control, and More ❯