26 to 50 of 69 Threat Detection Jobs in the UK excluding London

seeking a skilled Cyber Security and Resilience Engineer to play a pivotal role in fortifying security infrastructure. You will support our Cyber Security Operations strategy by managing and optimising threat protection and detection tools across web, email, endpoints, and cloud environments. This is an exciting opportunity to work closely with cross-functional teams, outsourced security partners, and internal … on expertise with Azure, Entra, and Microsoft 365 Cloud Security Engineering Proficiency in writing complex PowerShell scripts Experience managing security for IaaS, PaaS, and SaaS platforms Strong understanding of threat detection, prevention, and response methodologies Hands-on experience with EDR, email security, and web security solutions Knowledge of security frameworks such as NIST, ISO 27001, and Mitre ATT More ❯

team across SOC, engineering, and information security Represent UK security priorities in leadership forums, lender assurance discussions, and governance reviews Security Operations and Governance Oversee SOC operations ensuring timely threat detection, response, and resolution Continuously improve detection and response capabilities using Cortex XDR, Abnormal Security, Splunk, and Nucleus Manage vulnerability management end-to-end, from scanning and … o Abnormal Security (email security)o Prisma Cloud (cloud security posture management)o Airlock (application and API security)o Nucleus (vulnerability management and reporting) Deep knowledge of incident response, threat hunting, and vulnerability management. Excellent stakeholder management and communication skills - able to explain complex risks in simple terms. Experience building and mentoring high-performing teams across technical and governance More ❯

Senior Security Engineer – Detection & Automation Here’s a great opportunity for a hands-on Senior Security Engineer who enjoys building, optimising, and automating SOC infrastructure. This role sits within a growing Cyber Defence operation where you’ll help design and maintain the platforms behind SIEM, EDR, SOAR, and threat intelligence tooling, improving detection coverage and enabling analysts … to respond faster. Key responsibilities: Engineer and maintain SIEM, EDR, SOAR, and logging platforms. Develop automation and integrations using scripting or API connections. Tune detection use cases and improve visibility across cloud/on-prem environments. Support client onboarding and configuration alignment. Mentor junior engineers and analysts. You’ll bring: 3–5 years’ experience in SOC or security engineering. … Understanding of Azure/AWS cloud and network fundamentals. Desirable: Experience with SOAR tools or Infrastructure-as-Code (Terraform, Bicep, ARM). Knowledge of MITRE ATT&CK mapping or threat detection frameworks. What’s in it for you: Flexible hybrid working, paid certifications, great progression into consultancy or leadership, and a genuinely collaborative environment. If you love improving More ❯

Head of IT Security Incident and Threat Management Package to £117k DOE + 15% Bonus + Benefits Based Birmingham This is an exciting opportunity to take a strategic leadership role at the forefront of cybersecurity. As Head of IT Security Incident and Threat Management, you will shape and lead the organization s global response to cyber threats ensuring … they stay one step ahead of emerging risks. You will have the scope to define and deliver a world-class threat intelligence and incident response strategy, working with innovative cutting-edge tools, partners, and experts. The successful candidate will lead and develop a talented in-house team, while managing the external Security Operations Centre (SOC) to ensure proactive defence … and rapid response to incidents. Key Responsibilities Develop and execute incident response and threat management strategies. Lead investigations, resolution, and post-incident analysis of security incidents. Oversee and mentor a team of three direct reports, ensuring their growth and performance. Conduct security audits and vulnerability assessments to strengthen defences. Collaborate across departments to embed robust security practices. Manage the More ❯

Head of IT Security Incident and Threat Management Package to £117k DOE + 15% Bonus + Benefits Based Birmingham This is an exciting opportunity to take a strategic leadership role at the forefront of cybersecurity. As Head of IT Security Incident and Threat Management, you will shape and lead the organization’s global response to cyber threats — ensuring … they stay one step ahead of emerging risks. You will have the scope to define and deliver a world-class threat intelligence and incident response strategy, working with innovative cutting-edge tools, partners, and experts. The successful candidate will lead and develop a talented in-house team, while managing the external Security Operations Centre (SOC) to ensure proactive defence … and rapid response to incidents. Key Responsibilities Develop and execute incident response and threat management strategies. Lead investigations, resolution, and post-incident analysis of security incidents. Oversee and mentor a team of three direct reports, ensuring their growth and performance. Conduct security audits and vulnerability assessments to strengthen defences. Collaborate across departments to embed robust security practices. Manage the More ❯

ensuring the handling of potential threats and plays a part in improving security operations. This is a home based role reporting to the Director of Security Operations for SecOps & Threat Detection. Please note that in this role, you will have an 8x5 Monday-Friday schedule, with flexibility to respond to after-hours pages for potentially major security incidents to More ❯

things SIEM, driving how we detect, defend, and deliver across multiple secure projects. If you love taking ownership, working with cutting-edge tools, and leading the way in proactive threat detection, this is the role for you. As the Lead SIEM Engineer, you will: Leading the design, development and tuning of SIEM content – rules, dashboards, alerts and reports … that spot threats fast. Acting as the technical authority on SIEM engineering, ensuring the platform runs efficiently and delivers real value. Working with SOC Analysts, Threat Hunters and Architects to enhance SIEM use cases and boost detection accuracy. Bringing new ideas and threat intelligence to evolve the SIEM strategy and stay ahead of emerging risks. Mentoring junior More ❯

Senior Cyber Security Engineer/Threat Intelligence Specialist Bristol (Hybrid) | Up to £81,000 + Excellent Benefits Join a leading UK law firm shaping the future of cyber resilience. About the Role My client are seekinga Senior Cyber Security Engineer/Threat Intelligence Specialist to strengthen and mature our firms cyber defence and incident response capabilities. Youll be … you thrive in a fast-paced environment, love to hunt for threats, and enjoy taking ownership of complex challenges this role is for you. What Youll Do Lead on threat detection, hunting, and incident response, working with Azure/Defender, Sentinel, and third-party SOCs. Investigate alerts and coordinate responses with internal IT teams and external managed SOCs. … Continuously monitor, enhance, and report on security controls across cloud and infrastructure environments. Stay ahead of the latest vulnerabilities, attacker techniques, and threat trends. Collaborate with IT Operations to safeguard key business assets. Contribute to the development of new cyber technologies, strategies, and roadmaps aligned to firm-wide IT goals. Manage vendor relationships and support supplier selection. Ensure compliance More ❯

resilience and enable smarter security operations. You will: Architect & Design : Build and evolve secure frameworks using Microsoft Security (Defender, Sentinel, Purview, Entra) and integrate Qualys vulnerability management for continuous threat detection and remediation. Automate & Innovate: Lead the charge on automation (SOAR, IaC, workflow automation) and embed Gen AI into security operations, threat intelligence, and reporting. Set Standards More ❯

ideal candidate will embed security throughout the delivery lifecycle, working closely with infrastructure engineers, architects, and project/programme managers. You’ll define and enforce secure configuration baselines, conduct threat modelling and risk assessments, integrate monitoring and alerting, and produce clear security artefacts that guide operational teams. Candidates must be eligible to obtain SC security clearance Duties and responsibilities … Design, implement and optimise security controls across hybrid/on-prem Microsoft and Azure-centric environments. Define/enforce hardening standards (e.g., CIS Benchmarks, Microsoft Security Baselines). Perform threat modelling, risk assessments, and security validation/UAT; support incident response. Maintain SBOMs to support vulnerability management and supply-chain assurance. Integrate and enhance security monitoring, logging and alerting … including SIEM/threat detection). Create security documentation (designs, risk assessments, mitigation plans, ops procedures). Collaborate with project/programme managers and stakeholders to ensure effective control implementation. Skills/experience (essential) Must be SC-eligible. 5+ years in cybersecurity or infrastructure security roles. Strong technical knowledge of Microsoft and Azure-based environments (cloud & on-prem More ❯

key to detecting, preventing, and responding to cybersecurity threats in a proactive and efficient manner. Key Responsibilities: Security Architecture & Implementation Design, deploy, and manage security solutions including firewalls, intrusion detection/prevention systems, endpoint protection, SIEM, and identity management platforms. Implement secure network architecture and enforce segmentation and least-privilege access controls. Support secure cloud environments across Azure, AWS … or GCP (e.g., IAM, security groups, encryption, KMS). Threat Detection & Incident Response Monitor and analyze security alerts and network traffic for threats or suspicious activity. Lead or support incident response activities: investigation, containment, eradication, recovery, and reporting. Conduct root cause analysis and implement security hardening improvements. Vulnerability & Risk Management Run regular vulnerability scans and penetration testing activities More ❯

with a wide range of internal teams, from IT colleagues to Train Engineers, to ensure security best practices are understood and integrated into their processes and systems. Key Accountabilities Threat and Vulnerability Management Develop incidence response and security measures for protection. Complete risk and exploitability assessments against vulnerabilities and live threats. Serve as a subject matter expert in vulnerability … in IT infrastructure, cloud services, and cyber security. Proven continuous development in both technical and soft domains. Proficiency with security tools and technologies such as SIEM, DLP, network protection, threat detection, and endpoint protection. An understanding of network infrastructure such as VPNs, firewalls, switches, routers, LANs, Intrusion Detection, and vulnerability scanning. Understanding of IT and cyber security More ❯

with a wide range of internal teams, from IT colleagues to Train Engineers, to ensure security best practices are understood and integrated into their processes and systems. Key Accountabilities Threat and Vulnerability Management Develop incidence response and security measures for protection. Complete risk and exploitability assessments against vulnerabilities and live threats. Serve as a subject matter expert in vulnerability … in IT infrastructure, cloud services, and cyber security. Proven continuous development in both technical and soft domains. Proficiency with security tools and technologies such as SIEM, DLP, network protection, threat detection, and endpoint protection. An understanding of network infrastructure such as VPNs, firewalls, switches, routers, LANs, Intrusion Detection, and vulnerability scanning. Understanding of IT and cyber security More ❯

Knowledge of security controls such as IAM, firewalls, and endpoint protection. Familiarity with frameworks like NIST, CIS, ISO 27001, and Cyber Essentials Plus. Experience with monitoring and SIEM tools, threat detection, and incident response. Strong communication and stakeholder management skills. Desirable experience: Security certifications (e.g. CISSP, CISM, Microsoft security certs). Cloud security or architecture qualifications. Knowledge of More ❯

SOC Analyst, you will: Monitoring and triaging alerts across secure client environments Investigating threats using logs, network traffic, and endpoint telemetry Supporting response efforts during live security incidents Improving detection rules, playbooks, and tooling with MITRE ATT&CK-driven enhancements Producing clear incident reports for both technical and non-technical audiences Contributing to threat intelligence initiatives Staying ahead … secure this SOC role: Proven experience in a Security Operations Centre (SOC) environment Hands-on knowledge of SIEM tools (Microsoft Sentinel, Splunk, etc.) Familiarity with MITRE ATT&CK and threat detection methodologies Strong analytical mindset with log, endpoint, and network analysis skills Understanding of network protocols (TCP/IP, DNS, HTTP, SMTP) Awareness of enterprise security architecture: firewalls More ❯

Data, youll lead and develop a team of security professionals, oversee the delivery and ongoing management of our security infrastructure, and act as the go-to technical expert in threat detection, incident response, and vulnerability management. Were looking for someone with strong leadership skills, a deep knowledge of the cyber security landscape, and a real passion for safeguarding … Lead incident response, creating and maintaining playbooks and ensuring quick, effective action during any breaches. Stay ahead of threats by managing vulnerabilities, coordinating penetration tests, applying patches, and analysing threat intelligence. Shape our security architecture and ensure compliance with policies, regulations, and industry standards. Report on our security posture and drive a security first culture through training, awareness, and … experience in a hands-on cyber security role, with a proven track record of leading and mentoring a team. Extensive experience with security technologies such as SIEM, firewalls, intrusion detection/prevention systems, and vulnerability scanning tools. In-depth knowledge of incident response procedures, threat hunting, and forensic investigation techniques. Strong understanding of networking protocols, operating systems, and More ❯

per day. Key Skills : Microsoft Defender XDR: Endpoint, Identity, Office 365, Cloud Apps Microsoft Sentinel: KQL, playbook development, SIEM optimisation Privileged Identity Management (PIM) and change control workflows Advanced threat detection, incident response, and threat hunting Log collection via Azure Monitoring Agent and Firewall Management Centre Responsibilities: Configure and fine-tune Microsoft Defender XDR in line with … approved designs Participate in Microsoft FastTrack engagements Integrate Defender XDR with Sentinel SIEM for enhanced detection and response Develop Kusto queries and automation playbooks Support PoC setup for Microsoft Copilot for Security Connect syslogs from on-prem servers and firewalls to Sentinel If this Security Engineer role sounds like a good fit, please apply with your most up to More ❯

using tools such as Splunk, Flexera, and other industry-standard SIEM platforms. You'll investigate security incidents, coordinate with other IT and security teams, and support continuous improvement of threat detection and response processes. Key Requirements: Previous experience in a SOC Analyst or similar cybersecurity role Strong expertise in Splunk or similar SIEM tools Familiarity with Flexera for … vulnerability management Understanding of firewalls, network protocols, intrusion detection/prevention systems Relevant certifications (e.g., CISSP, CEH, Splunk) advantageous Must be eligible for Developed Vetting (DV) clearance , requiring 10 years continuous UK residency Please Note: All offers will be subject to standard pre-employment checks including ID, employment history (last 3 years), immigration status, and an unspent criminal record More ❯

HA, DPI). Knowledge of FortiManager and FortiAnalyzer for centralised management and logging. Understanding of Forti Authenticator and Endpoint Management Server Experience managing security policies, NAT, SSL inspection, and threat protection profiles. Familiarity with firewall migrations and multi-tenant environments. Wi-Fi & Wireless Networks - Knowledge of wireless network configurations and troubleshooting, especially with systems like Cisco Meraki or Extreme … Endpoint Management – Microsoft Intune for device compliance, policy deployment, and remote support. Security Awareness – Understanding of fundamental security principles, such as MFA, conditional access, secure password practices, and basic threat detection or response processes. Technical Certifications Engineers should be working towards or have attained some of the certifications below. Current certifications would be a distinct advantage. Cisco – CCNA More ❯

on premises environments. Working closely with infrastructure engineers, architects and project teams, you will ensure that platforms are secure, compliant and aligned with recognised frameworks. Your work will span threat modelling, vulnerability research, configuration baselines, incident analysis, and the integration of monitoring, logging and alerting capabilities. You will also contribute to security documentation, assessments and continuous improvement activities. CYBER … including MFA, RBAC and conditional access Familiarity with regulatory and compliance frameworks such as NIST, CIS Controls, ISO 27001 and Cyber Essentials Plus Experience with SIEM, logging, monitoring and threat detection platforms Understanding of data classification, encryption and secure storage Ability to collaborate with engineers to enforce secure configurations and hardening standards Experience with endpoint protection and vulnerability … application to our client in conjunction with this vacancy only. KEY SKILLS Cyber Security Engineer, Microsoft Security, SIEM, IAM, Vulnerability Management, Network Security, Security Architecture, Incident Response, Hybrid Cloud, Threat Modelling, Compliance, NSD More ❯

remediation, and integration with other security tools. Key Responsibilities: Develop and manage the SIEM platform ensuring scalability and performance. Plan and implement solutions for security monitoring. Design and maintain detection rules. Lead and mentor SIEM team. Work closely with Threat Detection & Response team to support incident handling. Required Skills: Proven hands-on experience in SIEM engineering. Strong More ❯

Analysing, prioritising, and escalating potential threats to keep clients secure. Responding rapidly to incidents and maintaining vigilance across multiple environments. Collaborating closely with your SOC teammates to ensure seamless threat detection and incident response. 🧠 What You’ll Bring A genuine passion for cybersecurity and the drive to grow in the field. Relevant certifications such as CompTIA Security+ or More ❯

and platforms Maintain and enhance the ISO 27001-aligned Information Security Management System (ISMS) Ensure compliance with frameworks including CIS Controls, NIST, ISO 27701, and GDPR Oversee incident response, threat detection, and access governance across systems such as iManage, Intapp, Aderant, Microsoft 365, and Azure Drive firm-wide security awareness and training initiatives Monitor regulatory changes and emerging More ❯

strategies. Cybersecurity Ensure compliance with security standards (e.g., ISO 27001, SOC 2, GDPR) and internal policies and procedures for cloud and IT environments. Lead incident response, vulnerability management, and threat detection using SIEM tools, MDR and antivirus platforms. Secure and implement policies and procedures for disaster recovery and business continuity. Work with the CTO and the rest of More ❯

Head of Cyber Security to strengthen the organisations security posture, protect critical infrastructure, and reduce risk across a diverse and complex environment. Youll take ownership of real security challenges threat monitoring, vulnerability management, incident response, and continuous hardening of systems while helping shape a maturing cyber function. This is hands-on, meaningful engineering work within a team thats growing … and being taken seriously at board level. Key Responsibilities Threat Detection & Monitoring: Actively identify and analyse emerging risks across networks, applications and infrastructure. Incident Response: Support the creation, improvement and execution of response processes, ensuring swift containment and minimisation of impact. Security Assessments: Conduct regular audits and reviews, ensuring systems align to best practice and evolving security standards. … first culture by supporting colleagues, sharing knowledge and promoting safe working practices. What Youll Bring 3+ years cyber security experience within a sizeable or complex organisation. Strong understanding of threat analysis, vulnerability management and incident response. Experience with mainstream security tools (firewalls, IDS/IPS, scanning platforms, monitoring tools). Relevant certifications (CISSP, CEH, or similar) are highly desirable. More ❯