26 to 50 of 53 MITRE ATT&CK Jobs in the UK excluding London

the creation and management of detection logic in SIEMs (eg Splunk, ArcSight, Microsoft Sentinel) Intermediate experience developing scripts in Python Strong knowledge of exploitation techniques (eg MITRE ATT&CK) and use-case development Thorough TCP/IP and protocol experience (OSI L2-L7, DNS, HTTP, REST, SOAP) Strong communication, task management and organizational skills Highly More ❯

documentation, including reports, analysis, and mitigation strategies. Qualifications and experience: Experience working in a Security Operations Centre. Managing Microsoft Sentinel and Splunk implementations. Knowledge of the Mitre Att&ck Framework. Understanding of client-server applications, web applications, databases, firewalls, VPNs, and AntiVirus products. Expertise in log data analysis and intrusion detection systems. Strong networking knowledge More ❯

compliance with data protection regulations. Detection Rule Development: Ability to create, test, and optimise detection rules to identify suspicious activities and potential threats based on the MITRE ATT&CK Framework Performance Tuning with Elasticsearch and Logstash: Fine-tune query performance using Elasticsearch indices and mappings. Monitor Logstash pipelines and optimize resource utilization. Kibana Visualization and More ❯

compliance with data protection regulations. Detection Rule Development: Ability to create, test, and optimise detection rules to identify suspicious activities and potential threats based on the MITRE ATT&CK Framework Performance Tuning with Elasticsearch and Logstash: Fine-tune query performance using Elasticsearch indices and mappings. Monitor Logstash pipelines and optimize resource utilization. Kibana Visualization and More ❯

Advanced Investigation and Escalated Response o Perform in-depth investigations using correlated data from all available tooling. o Reconstruct attack chains and identify root causes using MITRE ATT&CK. o Recommend and coordinate response actions to mitigate impact during active incidents. • IOC and Threat Analysis o Investigate indicators of compromise using commercial and open-source threat intelligence. … and recommending follow-up actions when threats are confirmed. • Threat Hunting o Lead and participate in threat hunts using hypothesis-driven approaches mapped to TTPs and MITRE ATT&CK. o Leverage telemetry and queries in tooling to identify suspicious indicators not surfaced through existing detection logic. o Document hunting activities, findings, and detection coverage gaps to support More ❯

technical concepts to different audiences both verbally and in writing. • Familiar with analytic techniques and common frameworks such as Cyber Kill Chain Model, Diamond Model, and MITRE ATT&CK Matrix, and a background using these methodologies/frameworks during intelligence gathering and analysis activities. • Work analytically and critically and produce analysis that is repeatable and More ❯

experience in detection engineering or incident response. Ability in developing SOAR automations. Strong Python scripting and query language skills (SPL, EQL, SQL). Excellent knowledge of MITRE ATT&CK, TCP/IP, and protocols (DNS, HTTP, REST, SOAP). Unix/Linux proficiency. Flexibility to work 3 days onsite is essential Desirable skills: YARA, STIX More ❯

/or Linux environments, cloud/hybrid environments - Proficient in SIEM management, configuration and analysis - Experience with Security Orchestration Automation and Response (SOAR) tools - Understanding of MITRE ATT&CK and attacker techniques - Security certifications such as GCIA, GCFA, GCFE, CISSP or CEH (highly advantageous) - Experience of working within an enterprise, global environment Threat Detection Engineer More ❯

Collaborating with SOC and Incident Response teams to support real-time threat mitigation Creating detailed intelligence reports and contributing to proactive threat hunting Leveraging frameworks like MITRE ATT&CK to map adversary TTPs and assess risks To secure the role, your Cyber Threat Intelligence experience will covers: Solid understanding of CTI methodologies, threat actor TTPs More ❯

Collaborating with SOC and Incident Response teams to support real-time threat mitigation Creating detailed intelligence reports and contributing to proactive threat hunting Leveraging frameworks like MITRE ATT&CK to map adversary TTPs and assess risks To secure the role, your Cyber Threat Intelligence experience will covers: Solid understanding of CTI methodologies, threat actor TTPs More ❯

and playbooks. Identifying lessons learned to improve future incident response and detection strategies. Contribute to development of detection mechanisms for sophisticated adversarial techniques based on the MITRE ATT&CK framework. Purple Teaming and Advanced Testing Support the planning and response of purple teaming activities. Develop scenarios and artifacts that mimic real-world adversary groups for More ❯

the following technical competencies: Solid grounding in OS and network fundamentals (Linux, Windows, Mac, TCP/IP stack). Knowledge of common attack techniques and mitigations (MITRE ATT&CK, OWASP Top 10). Familiarity with scripting and automation using Python, Bash, or PowerShell. Strong understanding of Active Directory attack chains and common privilege escalation paths. More ❯

Understanding aircraft production and supply chain security, including configuration management, supplier assurance, and design data integrity. Exposure to digital threat modelling techniques tailored to aerospace domains (MITRE ATT&CK for ICS/Aerospace, STRIDE-LM). Ability to contribute to internal capability development, methodology refinement, and knowledge transfer across delivery teams. Benefits Collaborative working environment More ❯

Understanding aircraft production and supply chain security, including configuration management, supplier assurance, and design data integrity. Exposure to digital threat modelling techniques tailored to aerospace domains (MITRE ATT&CK for ICS/Aerospace, STRIDE-LM). Ability to contribute to internal capability development, methodology refinement, and knowledge transfer across delivery teams. Benefits Collaborative working environment More ❯

Understanding aircraft production and supply chain security, including configuration management, supplier assurance, and design data integrity. Exposure to digital threat modelling techniques tailored to aerospace domains (MITRE ATT&CK for ICS/Aerospace, STRIDE-LM). Ability to contribute to internal capability development, methodology refinement, and knowledge transfer across delivery teams. Experience Minimum of More ❯

compromise Expertise on AWS security controls and services Experience leveraging coding for automation, alert enrichment and detections Knowledge of adversary tactics, techniques, and procedures (TTPs) and MITRE ATT&CK principles Comfortable with macOS, Windows & Linux operating systems Domain experience working with SIEM and SOAR platforms Experience developing tools and automation using common DevOps toolsets and More ❯

compromise Expertise on AWS security controls and services Experience leveraging coding for automation, alert enrichment and detections Knowledge of adversary tactics, techniques, and procedures (TTPs) and MITRE ATT&CK principles Comfortable with macOS, Windows & Linux operating systems Domain experience working with SIEM and SOAR platforms Experience developing tools and automation using common DevOps toolsets and More ❯

reporting abilities. Familiarity with risk management frameworks (ISO 3100X, NIST 800 series, ENISA, EBIOS, OCTAVE, FAIR). Preferred: Background in information security and security frameworks (eg, MITRE ATT&CK, ISO 2700X). Experience working in multinational environments. Knowledge of AI governance or ethics is a plus. Details 9+ month contract (Inside IR35) | Hybrid: 3 days More ❯

Platforms. Programming Expertise : Proficiency in Python script with a solid experience of REST APIs to develop and interact with them effectively. Framework Knowledge : Familiarity with the MITRE ATT&CK framework or equivalent, including knowledge of emerging threat actor tactics, techniques, and procedures. Operating Systems : Experience and working knowledge of both Linux and Windows platforms. Public More ❯

Platforms. Programming Expertise : Proficiency in Python script with a solid experience of REST APIs to develop and interact with them effectively. Framework Knowledge : Familiarity with the MITRE ATT&CK framework or equivalent, including knowledge of emerging threat actor tactics, techniques, and procedures. Operating Systems : Experience and working knowledge of both Linux and Windows platforms. Public More ❯

interest Digitally literate (including fluency in Microsoft Office tools) Able to understand relevant NIST frameworks and ISO27001 standards and how to apply in practice Knowledge of MITRE ATT&CK Essential qualifications for the Cyber Security Risk Consultant: We value difference and we don't have a fixed idea when it comes to background or education More ❯

levels. Expertise on AWS security controls and services. Experience leveraging coding for automation, alert enrichment and detections Knowledge of adversary tactics, techniques, and procedures (TTPs) and MITRE ATT&CK principles Hands-on experience with data analysis, modeling, and correlation at scale Operating systems internals and forensics experience for macOS, Windows & Linux Domain experience managing and More ❯

response. About you Strong experience across both offensive and defensive cyber security disciplines. Deep understanding of attacker tactics, techniques, and procedures (TTPs), with expertise in the MITRE ATT&CK Framework. Hands-on technical knowledge in cyber detection engineering, security tools, and infrastructure. Skilled in Detection-as-Code and experienced with SIEM query languages. Confident communicator More ❯

stakeholders Desirable skills: Certifications such as OSCP, CREST, CHECK, or Cyber Scheme (CCT highly preferred) Experience with Cobalt Strike, PowerShell Empire, and custom tooling Familiarity with MITRE ATT&CK and threat simulation frameworks Salary: Up to More ❯

Significant experience (roughly 7 to 10 years) in security operations, detection engineering, or incident response Deep understanding of attacker techniques, detection methodologies, and response frameworks like MITRE ATT&CK Comfortable working in cloud-native environments (especially AWS) with a focus on building or integrating security tooling Hands-on experience with SIEMs and log pipelines Experience More ❯