1 to 25 of 29 MITRE ATT&CK Jobs in the UK excluding London

reactive alert handling. You will actively hunt for malicious activity using telemetry, SIEM data, and threat intelligence, develop hypotheses based on MITRE ATT&CK Tactics, Techniques, and Procedures (TTPs), and support incident management and response activities when threats are identified. We are open to experienced … experience using SIEM platforms, including: Microsoft Sentinel (KQL) Splunk (SPL) Elastic Security/Kibana (KQL, ESQL) Practical and operational understanding of MITRE ATT&CK, attacker techniques, and adversary tradecraft Experience working with Indicators of Compromise (IOCs) and threat intelligence feeds Solid experience across the security ...

Splunk Enterprise Security platforms Designing and maintaining log ingestion pipelines and data enrichment processes Developing and tuning detection rules aligned to MITRE ATT&CK techniques Managing the full lifecycle of detection content from design through to optimisation Automating security workflows using scripting, CI/… detection engineering Experience with automation, scripting or Infrastructure as Code in SIEM environments Understanding of MITRE ATT&CK and threat detection techniques Experience with high availability, disaster recovery and SIEM performance optimisation TO BE CONSIDERED Please either apply through this advert or email me directly ...

error-free ingestion. Use Case & Detection Content Development Design, implement, test, and tune detection use cases based on attacker techniques (MITRE ATT&CK), threat intelligence, and risk appetite. Build correlation rules, anomaly-based detections, dashboards, and alerting workflows. Regularly review detection efficacy and reduce false … systems, Cloud platforms (Azure/AWS/GCP), identity systems, and endpoint protection technologies (e.g. SentinelOne and Microsoft Defender) Knowledge of MITRE ATT&CK, cyber kill chain, and threat hunting methodologies. Must Have Level 4 or higher qualification in a computing subject, or equivalent experience ...

customer environments. Producing clear, insightful reports for both technical and non-technical audiences. Enhancing detection rules and use cases aligned to MITRE ATT&CK and threat-informed defence. What you’ll bring: Hands-on experience with Microsoft Sentinel and Splunk. Knowledge of the MITRE ATT&CK framework. Understanding of client-server and multi-tier applications, databases, firewalls, VPNs and endpoint security. Solid networking fundamentals (TCP/IP, LAN/WAN, HTTP, SMTP, FTP, LDAP, etc.). Strong analytical thinking and structured problem-solving. An entry-level cyber security certification ...

hypothesis-driven threat hunting activities across endpoint, network, cloud, identity, and SaaS environments Develop and maintain threat hunting playbooks aligned to MITRE ATT&CK techniques Identify stealthy, low-and-slow, and novel attack patterns not detected by automated controls Translate threat intelligence into actionable hunt … platforms (e.g. Sentinel, Splunk, Elastic) EDR/XDR solutions (e.g. Defender, CrowdStrike, SentinelOne) Network and cloud security telemetry Strong understanding of: MITRE ATT&CK Windows, Linux, and cloud attack techniques Malware behaviours, credential abuse, lateral movement, and persistence mechanisms Leadership & Soft Skills Demonstrated ability ...

reports for managed clients to both technical and non-technical audiences, Collaborate on improving detection rules and use cases aligned with Mitre Att&ck and threat-informed defense. Participate in a team effort to guarantee that corporate data and technology platform components are shielded from … Farnborough. What you’ll bring: Experience demonstrated in Security Operations Centre. Experience using Microsoft Sentinel and Splunk. Knowledge and experience with Mitre Att&ck Framework. Basic knowledge of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, and enterprise AntiVirus products. Understanding ...

escalation playbooks; suggest improvements based on recurring issues or inefficiencies. Threat Awareness: Maintain awareness of current cyber threats, attacker techniques (MITRE ATT&CK), and industry trends relevant to the organisations threat landscape. Essential: 2-4 years of experience in a SOC, IT Operations, or security … Working knowledge of SIEM platforms (e.g. Microsoft sentinel, Splunk, Elastic, QRadar). Desirable: Awareness of security frameworks and methodologies (NIST CSF, MITRE ATT&CK, ISO27001). Qualifications: Desirable: CompTIA Security+, CySA+ or other entry level certification. ...

continuously refine advanced SIEM detection logic, including rules, correlations and analytics. Research emerging threats, vulnerabilities and adversary TTPs, mapping them to MITRE ATT&CK to close detection and visibility gaps. Tune and validate detections to minimise false positives and deliver high-fidelity alerts … detection patterns. Confidence to own technical delivery end-to-end, driving work through to completion with minimal escalation. Expert knowledge of MITRE ATT&CK, with real-world application in detection engineering. A BSc in Computer Science, IT, or a related discipline. Solid scripting skills ...

continuously refine advanced SIEM detection logic, including rules, correlations and analytics. Research emerging threats, vulnerabilities and adversary TTPs, mapping them to MITRE ATT&CK to close detection and visibility gaps. Tune and validate detections to minimise false positives and deliver high-fidelity alerts … detection patterns. Confidence to own technical delivery end-to-end, driving work through to completion with minimal escalation. Expert knowledge of MITRE ATT&CK, with real-world application in detection engineering. A BSc in Computer Science, IT, or a related discipline. Solid scripting skills ...

essential skills Experience working in a Security Operations Centre environment Hands-on experience with Microsoft Sentinel or Splunk Knowledge of the MITRE ATT&CK framework Understanding of networks and systems, including TCP/IP, firewalls, VPNs and endpoint security Strong analytical and problem-solving skills … client in conjunction with this vacancy only. KEY SKILLS: SOC Analyst, Security Operations Centre, Microsoft Sentinel, Splunk, SIEM, Incident Response, MITRE ATT and CK, Networking, SC Clearance ...

pipelines, including log ingestion, enrichment and schema standardisation. Develop and tune security detection content, translating threat intelligence and TTPs aligned to MITRE ATT&CK into actionable, high-value alerts. Manage the full detection content lifecycle: design, test, deploy, monitor, tune and retire, using version control … Strong hands-on knowledge of SIEM engineering, including indexing, parsing, onboarding and performance tuning. Experience designing and optimising detection content, including MITRE ATT&CK-aligned use cases and alert tuning to reduce noise. Good understanding of data pipeline engineering, log enrichment, data quality and large ...

Required Experience & Skills 2–4 years’ experience in a SOC, CSIRT, or cyber defence environment Strong understanding of attack frameworks (e.g. MITRE ATT&CK, Cyber Kill Chain) Hands-on experience with SIEM and EDR tools (e.g. Microsoft Sentinel, Splunk, CrowdStrike, Defender) Experience in incident triage ...

certifications such as Security+, SC-200, CySA+, CISSP, or similar Experience with cloud security technologies (Azure, AWS, Microsoft 365) Knowledge of MITRE ATT&CK framework and threat hunting methodologies Scripting or automation experience (PowerShell, Python, etc.) What’s on Offer Hybrid working model ...

SIEM, SOAR, EDR, IDS/IPS, firewalls, and cloud-native security tooling. Knowledge of cyber security frameworks such as NIST CSF, MITRE ATT&CK, ISO 27001, or CIS Controls. Demonstrated expertise in incident response and threat management. Experience working in hybrid cloud environments (Azure ...

practices Knowledge of cyber frameworks and regulations including GDPR, NIS, and National Cyber Security Centre guidance Familiarity with frameworks such as MITRE ATT&CK and ITIL processes Experience operating within complex, regulated environments (e.g. public sector, financial services) Strong stakeholder management skills, with the ability ...

Sentinel Familiarity with Microsoft Defender tools (Endpoint & O365) Exposure to Azure cloud logging and Kubernetes environments Knowledge of attacker TTPs and MITRE ATT&CK frameworks Proactive, collaborative, and innovative mindset Desirable/Nice-to-Have: Experience with Python , Terraform , or CI/CD pipelines Familiarity ...

effective security controls aligned with business requirements using a risk-based approach. Familiarity with application attack tactics and techniques, including the MITRE ATT&CK framework, and security maturity models such as OpenSAMM and C2M2. Strong working knowledge of recognised security frameworks and standards, including NIST ...

experience with CrowdStrike (Falcon) Advanced Splunk (SPL + Enterprise Security) expertise Solid understanding of networks, cloud (AWS/Azure), and MITRE ATT&CK Bonus: Vulnerability Assessment and Pen Testing experience MUST HAVE LOCAL GOVERNMENT EXPERIENCE Certifications (desirable): Splunk Certified Cybersecurity Defense Engineer (highly preferred) CrowdStrike ...

Familiarity with SIEM platforms and security telemetry analysis Understanding of cloud security concepts (Azure, AWS, or GCP) Desirable Skills Knowledge of MITRE ATT&CK or Cyber Kill Chain frameworks Exposure to SaaS and cloud-native security tooling Experience with scripting or query languages (e.g. ...

intelligence disciplines such as OSINT, SIGINT, HUMINT, and their application Knowledge of structured analytical techniques and intelligence best practice Experience applying MITRE ATT&CK/D3FEND/ENGAGE frameworks in an operational context Clearance: BPSS + SC + UK EYES If you would like ...

skills for articulating complex ideas to broad audiences. Proactive approach to learning and professional development. Understanding of relevant industry standard frameworks (MITRE ATT&CK, D3FEND). Innovative approach to problem-solving. Sensitivity to team dynamics and ability to work well in various technical ...

during both day to day operations and during security incidents. - A good understanding of the incident response lifecycle, common attack techniques (MITRE ATT&CK), and how incident response processes integrate with threat detection, monitoring, and wider security operations. ...

data models (ECS/CIM) Develop and tune detection rules using KQL, EQL, and SPL Drive detection engineering lifecycle aligned to MITRE ATT&CK Implement automation, CI/CD, and Infrastructure as Code for SIEM platforms Ensure platform performance, scalability, and resilience (HA/ ...

data models (ECS/CIM) Develop and tune detection rules using KQL, EQL, and SPL Drive detection engineering lifecycle aligned to MITRE ATT&CK Implement automation, CI/CD, and Infrastructure as Code for SIEM platforms Ensure platform performance, scalability, and resilience (HA/ ...

development * Solid knowledge of SIEM operations, including maintenance and troubleshooting * Experience performing QRadar upgrades and patching * Familiarity with security frameworks (e.g., MITRE ATT&CK) and threat detection methodologies * Strong analytical and problem-solving skills For more information or immediate consideration for this opportunity, please contact ...