51 to 75 of 150 Threat Detection Jobs in the UK

Senior Security Engineer – Detection & Automation Here’s a great opportunity for a hands-on Senior Security Engineer who enjoys building, optimising, and automating SOC infrastructure. This role sits within a growing Cyber Defence operation where you’ll help design and maintain the platforms behind SIEM, EDR, SOAR, and threat intelligence tooling, improving detection coverage and enabling analysts … to respond faster. Key responsibilities: Engineer and maintain SIEM, EDR, SOAR, and logging platforms. Develop automation and integrations using scripting or API connections. Tune detection use cases and improve visibility across cloud/on-prem environments. Support client onboarding and configuration alignment. Mentor junior engineers and analysts. You’ll bring: 3–5 years’ experience in SOC or security engineering. … Understanding of Azure/AWS cloud and network fundamentals. Desirable: Experience with SOAR tools or Infrastructure-as-Code (Terraform, Bicep, ARM). Knowledge of MITRE ATT&CK mapping or threat detection frameworks. What’s in it for you: Flexible hybrid working, paid certifications, great progression into consultancy or leadership, and a genuinely collaborative environment. If you love improving More ❯

Head of IT Security Incident and Threat Management Package to £117k DOE + 15% Bonus + Benefits Based Birmingham This is an exciting opportunity to take a strategic leadership role at the forefront of cybersecurity. As Head of IT Security Incident and Threat Management, you will shape and lead the organization s global response to cyber threats ensuring … they stay one step ahead of emerging risks. You will have the scope to define and deliver a world-class threat intelligence and incident response strategy, working with innovative cutting-edge tools, partners, and experts. The successful candidate will lead and develop a talented in-house team, while managing the external Security Operations Centre (SOC) to ensure proactive defence … and rapid response to incidents. Key Responsibilities Develop and execute incident response and threat management strategies. Lead investigations, resolution, and post-incident analysis of security incidents. Oversee and mentor a team of three direct reports, ensuring their growth and performance. Conduct security audits and vulnerability assessments to strengthen defences. Collaborate across departments to embed robust security practices. Manage the More ❯

Head of IT Security Incident and Threat Management Package to £117k DOE + 15% Bonus + Benefits Based Birmingham This is an exciting opportunity to take a strategic leadership role at the forefront of cybersecurity. As Head of IT Security Incident and Threat Management, you will shape and lead the organization’s global response to cyber threats — ensuring … they stay one step ahead of emerging risks. You will have the scope to define and deliver a world-class threat intelligence and incident response strategy, working with innovative cutting-edge tools, partners, and experts. The successful candidate will lead and develop a talented in-house team, while managing the external Security Operations Centre (SOC) to ensure proactive defence … and rapid response to incidents. Key Responsibilities Develop and execute incident response and threat management strategies. Lead investigations, resolution, and post-incident analysis of security incidents. Oversee and mentor a team of three direct reports, ensuring their growth and performance. Conduct security audits and vulnerability assessments to strengthen defences. Collaborate across departments to embed robust security practices. Manage the More ❯

ensuring the handling of potential threats and plays a part in improving security operations. This is a home based role reporting to the Director of Security Operations for SecOps & Threat Detection. Please note that in this role, you will have an 8x5 Monday-Friday schedule, with flexibility to respond to after-hours pages for potentially major security incidents to More ❯

things SIEM, driving how we detect, defend, and deliver across multiple secure projects. If you love taking ownership, working with cutting-edge tools, and leading the way in proactive threat detection, this is the role for you. As the Lead SIEM Engineer, you will: Leading the design, development and tuning of SIEM content – rules, dashboards, alerts and reports … that spot threats fast. Acting as the technical authority on SIEM engineering, ensuring the platform runs efficiently and delivers real value. Working with SOC Analysts, Threat Hunters and Architects to enhance SIEM use cases and boost detection accuracy. Bringing new ideas and threat intelligence to evolve the SIEM strategy and stay ahead of emerging risks. Mentoring junior More ❯

Senior Cyber Security Engineer/Threat Intelligence Specialist Bristol (Hybrid) | Up to £81,000 + Excellent Benefits Join a leading UK law firm shaping the future of cyber resilience. About the Role My client are seekinga Senior Cyber Security Engineer/Threat Intelligence Specialist to strengthen and mature our firms cyber defence and incident response capabilities. Youll be … you thrive in a fast-paced environment, love to hunt for threats, and enjoy taking ownership of complex challenges this role is for you. What Youll Do Lead on threat detection, hunting, and incident response, working with Azure/Defender, Sentinel, and third-party SOCs. Investigate alerts and coordinate responses with internal IT teams and external managed SOCs. … Continuously monitor, enhance, and report on security controls across cloud and infrastructure environments. Stay ahead of the latest vulnerabilities, attacker techniques, and threat trends. Collaborate with IT Operations to safeguard key business assets. Contribute to the development of new cyber technologies, strategies, and roadmaps aligned to firm-wide IT goals. Manage vendor relationships and support supplier selection. Ensure compliance More ❯

resilience and enable smarter security operations. You will: Architect & Design : Build and evolve secure frameworks using Microsoft Security (Defender, Sentinel, Purview, Entra) and integrate Qualys vulnerability management for continuous threat detection and remediation. Automate & Innovate: Lead the charge on automation (SOAR, IaC, workflow automation) and embed Gen AI into security operations, threat intelligence, and reporting. Set Standards More ❯

ideal candidate will embed security throughout the delivery lifecycle, working closely with infrastructure engineers, architects, and project/programme managers. You’ll define and enforce secure configuration baselines, conduct threat modelling and risk assessments, integrate monitoring and alerting, and produce clear security artefacts that guide operational teams. Candidates must be eligible to obtain SC security clearance Duties and responsibilities … Design, implement and optimise security controls across hybrid/on-prem Microsoft and Azure-centric environments. Define/enforce hardening standards (e.g., CIS Benchmarks, Microsoft Security Baselines). Perform threat modelling, risk assessments, and security validation/UAT; support incident response. Maintain SBOMs to support vulnerability management and supply-chain assurance. Integrate and enhance security monitoring, logging and alerting … including SIEM/threat detection). Create security documentation (designs, risk assessments, mitigation plans, ops procedures). Collaborate with project/programme managers and stakeholders to ensure effective control implementation. Skills/experience (essential) Must be SC-eligible. 5+ years in cybersecurity or infrastructure security roles. Strong technical knowledge of Microsoft and Azure-based environments (cloud & on-prem More ❯

validate incidents, gather context, and escalate according to severity. Investigate threats using network and host-based tools across Windows, macOS, Linux, and Unix environments. Manage the full incident lifecycle: detection, investigation, response, and remediation. Maintain and standardise SOC processes, policies, and runbooks. Research emerging threat vectors, commodity malware, and APT tactics. Provide feedback on detection rules and … diverse audiences. Detail-oriented, curious, and creative when tackling unexpected challenges. Your Experience A minimum of 3 years+ as a SOC or SecOps Analyst, with practical incident handling and threat detection experience. Proven ability to optimise detection tools, reduce noise, and drive SOC improvements. Comfortable with shift work and participating in on-call rotas when required. How More ❯

key to detecting, preventing, and responding to cybersecurity threats in a proactive and efficient manner. Key Responsibilities: Security Architecture & Implementation Design, deploy, and manage security solutions including firewalls, intrusion detection/prevention systems, endpoint protection, SIEM, and identity management platforms. Implement secure network architecture and enforce segmentation and least-privilege access controls. Support secure cloud environments across Azure, AWS … or GCP (e.g., IAM, security groups, encryption, KMS). Threat Detection & Incident Response Monitor and analyze security alerts and network traffic for threats or suspicious activity. Lead or support incident response activities: investigation, containment, eradication, recovery, and reporting. Conduct root cause analysis and implement security hardening improvements. Vulnerability & Risk Management Run regular vulnerability scans and penetration testing activities More ❯

key to detecting, preventing, and responding to cybersecurity threats in a proactive and efficient manner. Key Responsibilities: Security Architecture & Implementation Design, deploy, and manage security solutions including firewalls, intrusion detection/prevention systems, endpoint protection, SIEM, and identity management platforms. Implement secure network architecture and enforce segmentation and least-privilege access controls. Support secure cloud environments across Azure, AWS … or GCP (e.g., IAM, security groups, encryption, KMS). Threat Detection & Incident Response Monitor and analyze security alerts and network traffic for threats or suspicious activity. Lead or support incident response activities: investigation, containment, eradication, recovery, and reporting. Conduct root cause analysis and implement security hardening improvements. Vulnerability & Risk Management Run regular vulnerability scans and penetration testing activities More ❯

key to detecting, preventing, and responding to cybersecurity threats in a proactive and efficient manner. Key Responsibilities: Security Architecture & Implementation Design, deploy, and manage security solutions including firewalls, intrusion detection/prevention systems, endpoint protection, SIEM, and identity management platforms. Implement secure network architecture and enforce segmentation and least-privilege access controls. Support secure cloud environments across Azure, AWS … or GCP (e.g., IAM, security groups, encryption, KMS). Threat Detection & Incident Response Monitor and analyze security alerts and network traffic for threats or suspicious activity. Lead or support incident response activities: investigation, containment, eradication, recovery, and reporting. Conduct root cause analysis and implement security hardening improvements. Vulnerability & Risk Management Run regular vulnerability scans and penetration testing activities More ❯

with a wide range of internal teams, from IT colleagues to Train Engineers, to ensure security best practices are understood and integrated into their processes and systems. Key Accountabilities Threat and Vulnerability Management Develop incidence response and security measures for protection. Complete risk and exploitability assessments against vulnerabilities and live threats. Serve as a subject matter expert in vulnerability … in IT infrastructure, cloud services, and cyber security. Proven continuous development in both technical and soft domains. Proficiency with security tools and technologies such as SIEM, DLP, network protection, threat detection, and endpoint protection. An understanding of network infrastructure such as VPNs, firewalls, switches, routers, LANs, Intrusion Detection, and vulnerability scanning. Understanding of IT and cyber security More ❯

with a wide range of internal teams, from IT colleagues to Train Engineers, to ensure security best practices are understood and integrated into their processes and systems. Key Accountabilities Threat and Vulnerability Management Develop incidence response and security measures for protection. Complete risk and exploitability assessments against vulnerabilities and live threats. Serve as a subject matter expert in vulnerability … in IT infrastructure, cloud services, and cyber security. Proven continuous development in both technical and soft domains. Proficiency with security tools and technologies such as SIEM, DLP, network protection, threat detection, and endpoint protection. An understanding of network infrastructure such as VPNs, firewalls, switches, routers, LANs, Intrusion Detection, and vulnerability scanning. Understanding of IT and cyber security More ❯

WAN, SD-WAN, data-center design, virtualization, storage, backup); cloud and datacenter (IaaS/PaaS, public, private, hybrid architectures; migration and modernization); cybersecurity (identity, endpoints, network, identity & access management, threat detection, incident response); application support and managed services for critical business applications. Security and compliance: Build security-by-design into solution proposals; incorporate best practices for data protection … center design, virtualization, storage, backups, disaster recovery, networking (LAN/WAN, SD-WAN), cloud connectivity. Cloud and Datacenter: IaaS/PaaS migrations, cloud governance, hybrid architectures, cloud security. Cybersecurity: threat prevention/detection, IAM, endpoint protection, SOC-oriented operations, incident response planning. Solution architecture and proposal skills: ability to translate business needs into standardized reference architectures, bill of More ❯

WAN, SD-WAN, data-center design, virtualization, storage, backup); cloud and datacenter (IaaS/PaaS, public, private, hybrid architectures; migration and modernization); cybersecurity (identity, endpoints, network, identity & access management, threat detection, incident response); application support and managed services for critical business applications. Security and compliance: Build security-by-design into solution proposals; incorporate best practices for data protection … center design, virtualization, storage, backups, disaster recovery, networking (LAN/WAN, SD-WAN), cloud connectivity. Cloud and Datacenter: IaaS/PaaS migrations, cloud governance, hybrid architectures, cloud security. Cybersecurity: threat prevention/detection, IAM, endpoint protection, SOC-oriented operations, incident response planning. Solution architecture and proposal skills: ability to translate business needs into standardized reference architectures, bill of More ❯

Knowledge of security controls such as IAM, firewalls, and endpoint protection. Familiarity with frameworks like NIST, CIS, ISO 27001, and Cyber Essentials Plus. Experience with monitoring and SIEM tools, threat detection, and incident response. Strong communication and stakeholder management skills. Desirable experience: Security certifications (e.g. CISSP, CISM, Microsoft security certs). Cloud security or architecture qualifications. Knowledge of More ❯

SOC Specialist | London based 2-3x a week | £85,000 + Benefits Role Brief Join a global Security Operations Center team providing 24/7 threat detection and incident response. As a SOC Specialist, you’ll act as a frontline defender—monitoring alerts, leading investigations, and conducting proactive threat hunts. You'll work with a range … of technologies, contribute to detection improvements, and collaborate with wider cyber teams. This role is a 9-5 position, with occasional requirement to be on on-call rota Essential Skills Solid grasp of incident response fundamentals Understanding of common attack techniques (phishing, lateral movement, DDoS, etc.) Experience with log and packet (PCAP) analysis Familiarity with Windows and/or … Linux investigations Clear and structured documentation of technical findings Desired Skills Basic scripting (e.g., Python, Bash, PowerShell) Experience creating SIEM rules or detection logic Exposure to cloud environments and related attack vectors Knowledge of threat hunting methods and MITRE ATT&CK Interest or experience in cross-functional collaboration (e.g., Threat Intel, Red Teams More ❯

SOC Specialist | London based 2-3x a week | £85,000 + Benefits Role Brief Join a global Security Operations Center team providing 24/7 threat detection and incident response. As a SOC Specialist, you’ll act as a frontline defender—monitoring alerts, leading investigations, and conducting proactive threat hunts. You'll work with a range … of technologies, contribute to detection improvements, and collaborate with wider cyber teams. This role is a 9-5 position, with occasional requirement to be on on-call rota Essential Skills Solid grasp of incident response fundamentals Understanding of common attack techniques (phishing, lateral movement, DDoS, etc.) Experience with log and packet (PCAP) analysis Familiarity with Windows and/or … Linux investigations Clear and structured documentation of technical findings Desired Skills Basic scripting (e.g., Python, Bash, PowerShell) Experience creating SIEM rules or detection logic Exposure to cloud environments and related attack vectors Knowledge of threat hunting methods and MITRE ATT&CK Interest or experience in cross-functional collaboration (e.g., Threat Intel, Red Teams More ❯

in a Senior SOC Analyst or Tier 2/3 role Familiarity with industry-standard incident response frameworks (e.g., NIST, SANS) Experience with both network-based and host-based threat detection and analysis Proficiency in writing detection queries (Splunk preferred) and working with SIEM/EDR/SOAR tools At least 5 years of experience in Information More ❯

SOC Analyst, you will: Monitoring and triaging alerts across secure client environments Investigating threats using logs, network traffic, and endpoint telemetry Supporting response efforts during live security incidents Improving detection rules, playbooks, and tooling with MITRE ATT&CK-driven enhancements Producing clear incident reports for both technical and non-technical audiences Contributing to threat intelligence initiatives Staying ahead … secure this SOC role: Proven experience in a Security Operations Centre (SOC) environment Hands-on knowledge of SIEM tools (Microsoft Sentinel, Splunk, etc.) Familiarity with MITRE ATT&CK and threat detection methodologies Strong analytical mindset with log, endpoint, and network analysis skills Understanding of network protocols (TCP/IP, DNS, HTTP, SMTP) Awareness of enterprise security architecture: firewalls More ❯

sessions or project work. 🔍 What you’ll be doing: Managing and optimising Microsoft Sentinel, Defender for Endpoint, and related security tools Responding to security incidents, analysing alerts, and improving detection capabilities Working closely with IT and infrastructure teams to enhance security configurations Conducting threat analysis, vulnerability management, and system hardening Supporting compliance and best practice across the organisation … What we’re looking for: Solid experience with Microsoft security tools (Sentinel, Defender, Intune, Entra) Knowledge of SIEM, incident response, and threat detection Familiarity with Azure and general cloud security principles Strong problem-solving mindset and attention to detail Great communication skills — you can explain security to non-technical colleagues too More ❯

Data, youll lead and develop a team of security professionals, oversee the delivery and ongoing management of our security infrastructure, and act as the go-to technical expert in threat detection, incident response, and vulnerability management. Were looking for someone with strong leadership skills, a deep knowledge of the cyber security landscape, and a real passion for safeguarding … Lead incident response, creating and maintaining playbooks and ensuring quick, effective action during any breaches. Stay ahead of threats by managing vulnerabilities, coordinating penetration tests, applying patches, and analysing threat intelligence. Shape our security architecture and ensure compliance with policies, regulations, and industry standards. Report on our security posture and drive a security first culture through training, awareness, and … experience in a hands-on cyber security role, with a proven track record of leading and mentoring a team. Extensive experience with security technologies such as SIEM, firewalls, intrusion detection/prevention systems, and vulnerability scanning tools. In-depth knowledge of incident response procedures, threat hunting, and forensic investigation techniques. Strong understanding of networking protocols, operating systems, and More ❯

robust, efficient and globally coordinated security operations that protect the organisation's people, systems, and data. This includes direct ownership of security controls, security testing, vendor management, vulnerability and threat management, and incident response. You will work daily with the Group CISO to support consistent, high-assurance security practices across all regions, in-line with regional regulation and to … for the management of any global Cyber Incidents by supporting the CISO team. Additionally, you will be: Working collaboratively with the SOC to ensure 24/7 visibility and threat detection across global environments, driving maturity and constant improvements to support the ever-changing threat landscape. Defining and monitoring KPIs for detection, response, and containment performance. … vendors responsible for supporting CFC. Ensuring security controls are deployed, tuned, and monitored effectively across cloud and on-premises assets. Leading the organisation's global vulnerability management program, ensuring threat led and risk-based prioritization, along with collaboration with IT for timely remediation. Leading on and refining the incident response playbooks Support the Group CISO to define security maturity More ❯

per day. Key Skills : Microsoft Defender XDR: Endpoint, Identity, Office 365, Cloud Apps Microsoft Sentinel: KQL, playbook development, SIEM optimisation Privileged Identity Management (PIM) and change control workflows Advanced threat detection, incident response, and threat hunting Log collection via Azure Monitoring Agent and Firewall Management Centre Responsibilities: Configure and fine-tune Microsoft Defender XDR in line with … approved designs Participate in Microsoft FastTrack engagements Integrate Defender XDR with Sentinel SIEM for enhanced detection and response Develop Kusto queries and automation playbooks Support PoC setup for Microsoft Copilot for Security Connect syslogs from on-prem servers and firewalls to Sentinel If this Security Engineer role sounds like a good fit, please apply with your most up to More ❯