26 to 50 of 145 Threat Detection Jobs in the UK

Senior Machine Learning Engineer - Behavioural Modeling & Threat Detection - £160,000+ - Fully Remote UK BASED CANDIDATES ONLY My client is looking for an experienced Machine Learning Engineer ready to play a pivotal role in shaping the technical direction of their behavioural modelling and threat detection systems. This position offers the opportunity to influence not just their engineering … and verbal communication skills, especially in cross-functional contexts. Bonus Experience (Nice to Have) Exposure to large language models (LLMs) or foundational model adaptation. Previous work in cybersecurity, anomaly detection, or behavioural analytics. Familiarity with orchestration frameworks (Airflow or similar). Experience with scalable ML systems, pipelines, or real-time data processing. Advanced degree or equivalent experience in ML More ❯

Threat and Incident Response Lead Analyst Permanent or Contract | Hybrid 12 Days in Office (North West) Threat and Incident Response Lead Analyst is needed for a growing Cyber team who are looking to strengthen its cyber defence capabilities with the hire of a Threat and Incident Response Lead Analyst . This is a pivotal, hands-on role … in a growing cyber team. Youll lead threat intelligence and incident response efforts, shape defensive strategy and play a critical role in ensuring the organisation stays ahead of evolving threats. What Youll Be Doing: Lead all aspects of Threat Intelligence and Incident Response Perform gap analysis across tooling, processes and detection capabilities Implement and embed modern IR … and threat detection best practices Develop and maintain incident response playbooks and threat hunting strategies Stay informed on emerging threats, TTPs, and adversarial behaviours Tune detection rules and improve response workflows Work with tools such as Microsoft Sentinel, Defender, Splunk, or similar What Were Looking For: Proven experience in hands-on incident response and cyber threat More ❯

team within WTW and provide an excellent service and trusted expertise to all parts of our business. We have an exciting opening for a skilled and experienced L2 Insider Threat- IRM Analyst. As part of the Cyber Defence department, this role will investigate Insider Risk Management (IRM) cases that have been escalated by our L1 Insider Threat team. … Reporting to the Insider Threat - IRM Operations Manager, the L2 Insider Threat- IRM Analyst role is suited to someone who has strong Microsoft Purview DLP and Insider Risk Management (IRM) analyst experience. It is a business facing role and requires working proactively with stakeholders and colleagues to investigate Insider Threat and IRM cases. The Role: As the … L2 Insider Threat- IRM Analyst, the primary responsibilities will be: Perform advanced analysis and investigation of Insider Threat and IRM cases across the various egress channels in both on premise and cloud environments. Analyse event/case/alert patterns to properly interpret and prioritise threats with available IRM and DLP tools and other data protection devices. Help More ❯

key role in deploying and configuring modern security tooling across complex platforms. This is a great opportunity for someone who enjoys hands-on engineering, improving SOC effectiveness, and shaping threat detection capabilities at scale. What you'll be doing Deploying and configuring security tools including SIEM, vulnerability scanning and endpoint monitoring Developing use cases, alerts, and dashboards to … support active threat detection Writing and maintaining SOC playbooks and triage workflows Performing 2nd line security monitoring, incident triage and investigation Supporting security assurance activities and documentation across the programme lifecycle Working with cross-functional teams in a high-assurance, cloud-native environment What you'll bring Strong experience configuring and optimising SIEM tooling (e.g. Splunk, Elastic) Proven More ❯

rotating teams of Tier 1 and Tier 2 analysts, providing live operational oversight, procedural assurance, and ongoing mentorship. This role ensures each analyst team is aligned with evolving cyber threat detection standards, works in sync with response and intelligence functions, and delivers consistent high-quality casework across shifts. This is a senior operational role that builds upon the … technical skills in a values led company that values innovation and diversity, this is the place to make an impact. In addition to Senior SOC Analyst responsibilities (alert triage, threat detection, ticket response, and tooling operation), the SOC Shift Lead will provide: Shift Continuity & QA Operational assurance and standard enforcement across all active shifts. Review, assess, and QA … just-in-time support and real-time knowledge sharing. Identify capability gaps within the shift team and report training needs to SOC management. Facilitate awareness of the latest threats, detection guidance, and tooling updates through briefings or job aids. Escalation & Communication Interface Serve as the first point of contact for non-critical escalations and queries within the shift team. More ❯

Threat Intelligence Analyst page is loaded Threat Intelligence Analyst Apply locations London Office Tampa Office Dublin Salt Lake City Office Las Vegas Office time type Full time posted on Posted 30 Days Ago job requisition id R14383 Why it's worth it: The ReliaQuest Threat Intelligence team provides timely , comprehensive intelligence that empowers high-fidelity detections, identifies … equips our customers with the knowledge to act decisively. Via our industry-leading security operations platform, GreyMatter , we produce operational, strategic, and tactical intelligence that delivers actionable insights into threat actor tactics, techniques, and procedures . Beyond this, we act as a thought leader in cybersecurity by offering original insights that highlight our expertise in detecting, containing , investigating, and … environment, this role will challenge you to push your boundaries, innovate continually, and operate at pace. The everyday hustle: Identify and evaluate trends, dynamics, and developments in the cyber threat landscape by conducting primary-source research and analyzing telemetry. Maintain the GreyMatter platform's threat intelligence library by writing timely , accurate , and relevant customer-facing deliverables covering threat More ❯

PLCs), 200 SCADA systems, and their supporting networks. This role demands a strong technical understanding of OT assets, including PLCs, SCADA, telemetry systems, and server infrastructure, alongside experience with threat detection, intrusion systems, and compliance with industry standards like the NIS Directive. Accountabilities & Responsibilities To improve performance and security of the OT Technology estate through a process of … out best practice and innovative ideas/approaches, both internally and externally, and manage their implementation in the given business area Oversee the Security Operations Centre (SOC) and manage threat detection, monitoring, and response Technical Skills & Experience Considerable experience of operating Information Technology Information Library (ITIL) and Cyber Security Incident Response Team (CSIRT) processes and standards. Extensive working More ❯

IR35 - 3 days a week on-site Key Responsibilities SIEM Management & Optimization: Design, implement, and maintain Microsoft Sentinel workspaces, connectors, analytics rules, and playbooks Develop advanced KQL queries for threat hunting and reporting Optimize SIEM performance, cost, and data retention policies Troubleshoot log ingestion and parsing issues Log Source Integration: Onboard and configure critical log sources (AD, firewalls, servers … cloud infrastructure) Manage event collection and forwarding infrastructure Implement data filtering and custom log parsing Threat Detection & Use Case Development: Develop and refine detection rules based on threat intelligence and attack patterns Continuously improve detection efficacy and reduce false positives Security Monitoring & Incident Response: Monitor systems for anomalies and malicious activity Contribute to threat More ❯

IR35 - 3 days a week on-site** Key Responsibilities SIEM Management & Optimization: Design, implement, and maintain Microsoft Sentinel workspaces, connectors, analytics rules, and playbooks Develop advanced KQL queries for threat hunting and reporting Optimize SIEM performance, cost, and data retention policies Troubleshoot log ingestion and parsing issues Log Source Integration: Onboard and configure critical log sources (AD, firewalls, servers … cloud infrastructure) Manage event collection and forwarding infrastructure Implement data filtering and custom log parsing Threat Detection & Use Case Development: Develop and refine detection rules based on threat intelligence and attack patterns Continuously improve detection efficacy and reduce false positives Security Monitoring & Incident Response: Monitor systems for anomalies and malicious activity Contribute to threat More ❯

role requires deep expertise in SIEM platforms, including Splunk, IBM QRadar, Microsoft Defender, Microsoft Sentinel, and Google Chronicle, with a strong focus on playbook development, analytical rule creation, and threat modelling. You will be instrumental in building and optimizing our detection and response strategies. Job Duties SIEM Engineering & Management Deploy, configure, and maintain SIEM platforms (Splunk, QRadar, Sentinel … Defender, Chronicle). Onboard and normalize log sources across cloud and on-prem environments. Develop and optimize analytical rules for threat detection, anomaly detection, and behavioural analysis. Skills Must be able to obtain SC Clearance or already hold SC clearance. SIEM Expertise: Hands-on experience with at least two of the following: Splunk IBM QRadar Microsoft Defender More ❯

and fast-paced problem-solving—and want your work to have a real impact—this could be the perfect role for you. Key Responsibilities Lead security incident response and threat detection efforts, prioritising the protection of customer data and experience Build automated detection and remediation workflows using SOAR, SIEM, and scripting (Python, SQL) Apply deep cloud security … with Fraud and Customer Experience teams to mitigate risks such as account takeover and loyalty fraud Onboard key customer-facing and payment systems into the security monitoring platform Perform threat hunting and detection engineering to identify and address emerging risks Support security audits, compliance (PCI-DSS), and post-incident reviews Mentor junior team members and contribute to a … to assess threats and act quickly to protect customer trust Strong Communicator: Confident working with technical teams, fraud analysts, and senior stakeholders Retail-Specific Insight: Familiar with customer-centric threat vectors like loyalty abuse and payment fraud Automation-First Mindset: Keen to reduce manual work through scripting and process automation Agile Approach: Comfortable working in cross-functional teams with More ❯

security into everything we dofrom infrastructure to application design. Key Responsibilities Design and implement security controls across cloud platforms (AWS, Azure, or GCP) Develop and maintain security tooling for threat detection, vulnerability management, and incident response Lead threat modelling and risk assessments for critical systems and services Collaborate with engineering teams to integrate security best practices into More ❯

from security incidents. Develop and maintain incident response plans, ensuring they align with industry best practices. Escalation management in the event of a security incident Follow major incident process Threat Intelligence: Stay abreast of the latest cybersecurity threats and vulnerabilities, integrating threat intelligence into security monitoring processes. Contribute to the development of threat intelligence feeds to enhance … proactive threat detection. Proactively hunt for threats within enterprise environments using SIEM and EDR solutions. Fine-tune SIEM detection rules, correlation alerts, and log sources to reduce false positives. Analyse threat intelligence feeds, map findings to MITRE ATT&CK framework, and provide actionable security recommendations. Collaborate with SOC teams to investigate alerts, escalate incidents, and improve detection mechanisms. Conduct adversary simulation exercises to test and improve detection capabilities. Generate detailed reports on emerging threats, attack trends, and security posture improvements. Monitored and analysed security logs from SIEM platforms to identify suspicious activity. Security Tool Management: Manage and optimise SIEM tools, ensuring they are properly configured and updated to maximize effectiveness. Own the development and implementation More ❯

Analystto play a key leadership role in shaping and advancing our Security Operations Centre (SOC). You'll drive our incident response strategy, lead major investigations, develop cutting-edge detection content, and help grow a highly capable security team through training and exercises. This is a critical role in our Cyber Security Team, offering the opportunity to work on … day-to-day SOC activities, ensuring timely escalation and resolution of incidents. Mentor junior analysts, support skills development, and facilitate tabletop exercises and simulations. Drive use-case development and threat detection content using advanced analytics, including machine learning and security automation. Maintain and update SOC processes, procedures, and documentation. Help build and mature threat intelligence capabilities and … foster collaboration across the smart metering community. Translate threat trends into actionable insights and drive improvements across the organisation. Evaluate and recommend tools that enhance detection and response capabilities. Conduct forensic investigations and perform root cause analysis of security incidents. What are we looking for? Proven experience in incident response and leading investigations in complex environments. Strong understanding More ❯

role, you will be at the forefront of our efforts to protect and defend against malicious cyber-attacks. Our modern, proactive operational Cyber Security team is dedicated to providing: Threat Hunting: Actively seek out potential threats before they can cause harm. This involves continuous monitoring and analysis of network traffic, system logs, and other data sources to identify unusual … protect against malicious content. Configure and maintain web and email filtering solutions to block phishing attempts, malware, and other threats. EDR and XDR Technologies: Administer and respond to Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) technologies to swiftly mitigate threats. Monitor alerts, investigate incidents, and take appropriate actions to contain and remediate threats. Security … and Statutory and Regulatory obligations. SIEM Management: Manage, monitor, and respond to security incidents and events using the Council's Security Incident and Event Monitoring (SIEM) platform. Ensure timely detection, analysis, and response to security incidents to minimise impact and support recovery efforts. As part of our team, the successful candidate will play a crucial role in ensuring the More ❯

weaknesses and enhancing defensive capabilities Contributes to the development of Active Defence, Red Team capabilities through people, process, and technology where appropriate Maintains a broad understanding of the external threat environment and attacker tactics, techniques, and procedures Your skills and experiences: Essential: Demonstrable experience in penetration testing Proficient in penetration testing tools such as Burp Suite, Nmap, Metasploit etc … and shopping discounts - you may also be eligible for an annual incentive. The Cyber Operations Team Cyber Operations is responsible for protecting BAE Systems from Cyber Attacks by various threat actors. Not only do we protect BAE Systems and its employees, indirectly we protect those who protect us - who serve in our military and rely on the products and … services we create. Across Threat Intelligence, Threat Detection, Incident Response and Active Defence we work to evolve cyber operations as a world class capability. This role will sit under the Active Defence, Red Team who are responsible for delivering the following capabilities in support of Cyber Operations: Red Teaming, Purple Teaming, Security Critical Control Testing, Threat More ❯

NCSC, NIS2), and actively manages SIEM/XDR tools such as IBM QRadar, Microsoft Sentinel, and Defender XDR. This role involves deeper client interaction, proactive risk management, and advanced threat detection consulting. Candidates must have demonstrated customer-facing experience (preferably in cybersecurity). Responsibilities: Manage and strengthen client relationships with regular strategic interactions. Lead comprehensive cybersecurity risk assessments … NIST frameworks and related standards. Oversee and implement SIEM/XDR deployments, custom rule development, and incident response processes. Provide guidance on best practices for SIEM/XDR and threat detection. Conduct security posture reviews and gap analysis. Prepare reports and present findings to client stakeholders. Location London, UK Good understanding of cybersecurity frameworks (NIST CSF, NCSC CAF, NIS2 … Security Operations Analyst Associate, EC-Council ECIH (Incident Handling), Multi-cloud Security Fundamentals training (AWS/Azure/GCP). Empowering CISOs to visualise and mitigate cyber risks. Construction Threat Landscape Report 2024 Global Threat Insight Summer Report 2024 MITRE Engenuity ATT&CK Evaluations & The Question of How to Measure Quality in a Managed Security Service More ❯

What You'll Be Working On: ️ Gathering, analyzing, and disseminating threat intelligence from multiple sources to identify emerging cyber threats ️ Identifying attack patterns, trends, and vulnerabilities to inform defensive strategies ️ Collaborating with internal teams to enhance incident response and improve threat detection capabilities ️ Producing detailed threat reports, including indicators of compromise (IOCs), tactics, techniques, and procedures … TTPs) ️ Supporting vulnerability management and assisting with the development of security posture recommendations What We're Looking For: ️ Proven experience as a Threat Intelligence Analyst or in a similar role within cybersecurity ️ Strong knowledge of threat intelligence platforms (TIPs), open-source intelligence (OSINT), and malware analysis ️ Familiarity with cybersecurity frameworks (e.g., MITRE ATT&CK, STIX, TAXII) ️ Experience in More ❯

applications. Deploy and Manage Security Tooling: Select, implement, and operate key tools across GCP , such as Cloud Armor , Cloud Identity , Security Command Center , and VPC Service Controls for ongoing threat detection and response. Integrate Security in SDLC: Collaborate with product and engineering teams to integrate security into every stage of the software development lifecycle. Threat Modeling and … Risk Analysis: Perform structured threat modeling using frameworks such as STRIDE and PASTA to proactively mitigate security risks. Champion Developer Education: Promote secure development practices by educating engineers on cloud and application security fundamentals. Mentor and Lead: Act as a mentor to future hires, helping scale a high-impact cloud security function as the business grows. What you'll … with core cloud security components including IAM , WAFs , SIEM , CSPM , and vulnerability scanners. Technical Skills: Proficiency in at least one scripting or programming language (e.g. Python, Go, Bash). Threat Modeling: Practical knowledge of frameworks like STRIDE and PASTA. Education: Bachelor's degree in Computer Science, Information Security, or a related technical field. Collaborative Expertise: Clear and effective communication More ❯

Security, Identity & Access Management, and Microsoft Teams Calling. Now, we’re growing our Managed Security Services team and looking for a Senior Security Engineer with a passion for proactive threat detection, automation, and innovation. Why Join Quorum? Highly competitive salary + Bonus scheme linked to Microsoft accreditations Flexible holiday buying/selling Home broadband paid Private health care … in our mission to protect, detect, and respond to evolving cyber threats. Your day-to-day will include: Leading as an escalation point for cyber incidents and alerts Integrating threat intelligence into Microsoft Defender and Sentinel Developing, tuning, and managing detection rules and response policies Performing threat hunting across client environments Maintaining and optimising our security tech More ❯

Security, Identity & Access Management, and Microsoft Teams Calling. Now, we're growing our Managed Security Services team and looking for a Senior Security Engineer with a passion for proactive threat detection, automation, and innovation. Why Join Quorum? Highly competitive salary + Bonus scheme linked to Microsoft accreditations Flexible holiday buying/selling Home broadband paid Private health care … in our mission to protect, detect, and respond to evolving cyber threats. Your day-to-day will include: Leading as an escalation point for cyber incidents and alerts Integrating threat intelligence into Microsoft Defender and Sentinel Developing, tuning, and managing detection rules and response policies Performing threat hunting across client environments Maintaining and optimising our security tech More ❯

deliver runtime-isolated, reproducible models that are easy to deploy, monitor, and update without connectivity. Work closely with data scientists to define clear KPIs and success criteria-such as detection accuracy, latency, false positive/negative rates, explainability, and robustness-to determine what constitutes a production-grade, releasable model. Align model performance goals with the operational realities of the … into actionable requirements. Excellent communication and stakeholder management skills. Comfortable working in a fast-paced, iterative, and agile environment. Preferred Experience: Solid understanding of cyber security concepts such as threat detection, SIEM, anomaly detection, and incident response. Experience with tools for tracking ML models in production (e.g., MLflow). We encourage you to apply even if your More ❯

bringing together two pioneers that have redefined the cybersecurity industry with their innovative, native AI-optimized services, technologies and products. Sophos is now the largest pure-play Managed Detection and Response (MDR) provider, supporting more than 28,000 organizations. In addition to MDR and other services, Sophos' complete portfolio includes industry-leading endpoint, network, email, and cloud security that … interoperate and adapt to defend through the Sophos Central platform. Secureworks provides the innovative, market-leading Taegis XDR/MDR, identity threat detection and response (ITDR), next-gen SIEM capabilities, managed risk, and a comprehensive set of advisory services. Sophos sells all these solutions through reseller partners, Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) worldwide … defending more than 600,000 organizations worldwide from phishing, ransomware, data theft, other every day and state-sponsored cybercrimes. The solutions are powered by historical and real-time threat intelligence from Sophos X-Ops and the newly added Counter Threat Unit (CTU). Sophos is headquartered in Oxford, U.K. More information is available at . The Field Sales More ❯

lead in customer-facing engagements, translating complex security needs into effective solution architectures Design Zero Trust-aligned network and endpoint architectures, including segmentation, micro-segmentation, NAC, and DNS-layer threat protection Lead conversations around network modernization , helping clients evolve from legacy architectures to software-defined, cloud-integrated, and policy-driven network designs Deliver workshops, product demonstrations, and proof-of … endpoint protection and EDR platforms such as CrowdStrike, SentinelOne, Microsoft Defender, or Tanium Familiarity with DNS security tools and strategies (e.g., Zscaler, Cisco Umbrella, Infoblox) and their role in threat containment Deep knowledge of Zero Trust Architecture, lateral movement prevention, and alignment to frameworks like MITRE ATT&CK and NIST CSF Excellent communication skills with the ability to influence … as the technical lead in pre-sales engagements focused on network and endpoint security. Conduct client discovery sessions, workshops, and assessments with an emphasis on segmentation strategies, visibility, and threat defence. Deliver compelling technical presentations and product demonstrations to both technical and business audiences. Solution Design & Architecture Design and validate secure architectures incorporating network segmentation/micro segmentation, DNS More ❯

networking (SDN), and AI-driven automation. Ensure end-to-end network automation to improve operational efficiency, agility, and reliability. Drive zero-trust network security principles, ensuring compliance and proactive threat mitigation. Establish a global observability and telemetry framework for real-time network insights. Align network strategies with business growth, cloud-first initiatives, and digital transformation. Network Infrastructure & Cloud Networking … Code (IaC) for network automation, ensuring agility and operational efficiency. IT Service Management & Operational Excellence: Establish network reliability objectives, including SLOs, SLIs, and error budgets. Implement real-time incident detection and response using AI-driven network analytics. Ensure high availability, network resilience, and 24x7 operational support. Develop a follow-the-sun support model, ensuring global network performance optimization. Implement … trust security frameworks, ensuring secure and resilient network access. Ensure adherence to ISO 27001, NIST, SOC 2, GDPR, and industry best practices. Collaborate with cybersecurity teams to enhance network threat detection and mitigation. Implement automated security policy enforcement, reducing human intervention in risk mitigation. Financial & Vendor Management: Optimize network infrastructure spending, ensuring cost-effective, high-performance connectivity. Lead More ❯