16 of 16 Remote/Hybrid Threat Intelligence Jobs in the UK excluding London

fast-growing organizations to large enterprise and public sector environments. Our security function supports clients through capabilities such as Managed Detection and Response (MDR), threat hunting, vulnerability management, penetration testing, and incident response, alongside advisory-led consulting engagements. The organization is experiencing strong growth and continues to invest … professional with a solid technical background, a collaborative approach, and an interest in progressing into leadership or specialist career paths such as SOC leadership, threat hunting, security engineering, or incident response. Key Responsibilities Lead in-depth analysis and investigation of security incidents, identifying root causes and recommending remediation actions ...

performing Security Operations Centre (SOC). This role is ideal for someone who combines hands-on security expertise with strong leadership to drive effective threat detection, incident response, and continuous improvement of security operations. What You’ll Do Lead and mentor a team of SOC analysts (8+ members … incident response (detection, triage, escalation, resolution) Oversee and enhance security monitoring (SIEM tools like Splunk, Sentinel, QRadar) Drive threat intelligence and proactive threat hunting initiatives Define and report on security metrics, KPIs, and risk insights Manage vendors/MSSPs and ensure SLA/KPI adherence Collaborate with ...

monitoring, analysing and responding to security threats, while driving continuous improvement across our security operations capability. Youll play a key role in incident response, threat intelligence, vulnerability management and ensuring effective use of our security tools and processes to reduce risk across the technology estate. Key responsibilities Monitor … activities, validating effectiveness through vulnerability scanning Oversee and operate key security technologies, including SIEM, email and web gateways, and endpoint protection tools Monitor external threat intelligence sources and assess relevance to the organisation Produce and report on security metrics, KPIs and operational performance Technical expertise Good understanding ...

error-free ingestion. Use Case & Detection Content Development Design, implement, test, and tune detection use cases based on attacker techniques (MITRE ATT&CK), threat intelligence, and risk appetite. Build correlation rules, anomaly-based detections, dashboards, and alerting workflows. Regularly review detection efficacy and reduce false positives through tuning … understanding of log formats (JSON, syslog, XML, CEF, etc.) and ingestion technologies (Syslog, API, Event Hubs, Kafka, Agents). Practical knowledge of detection engineering, threat modelling, and attacker behaviour analysis. Experience building and tuning correlation rules, searches, and dashboards. Familiarity with SOAR platforms and automation workflows. Security Knowledge Strong ...

client engagements; present findings and recommendations to senior stakeholders. Participate in alert testing, readiness exercises, and incident response tabletop sessions. Stay current on emerging threat intelligence, attacker techniques, and relevant research. Required Experience 5+ years experience as a Cyber Security Operations Analyst Familiarity with threat intelligence ...

client engagements; present findings and recommendations to senior stakeholders. Participate in alert testing, readiness exercises, and incident response tabletop sessions. Stay current on emerging threat intelligence, attacker techniques, and relevant research. Required Experience & Attributes 3+ years experience as a Cyber Security Operations Analyst Familiarity with threat intelligence ...

holistic view of the organisation's security posture. Present findings and recommendations to senior leadership and governance forums. Collaborate with internal teams (e.g., threat intelligence, compliance, audit) to ensure assurance activities reflect current threat landscapes. Act as a primary interface for business units, ensuring alignment between assurance … technical and business information to assess risk. Experience in supply chain security assurance. Knowledge of secure by design principles and accreditation processes. Understanding of threat intelligence and its application in assurance. Experience working in regulated or high-assurance environments Familiarity with risk management tools and methodologies. What ...

broad ecosystem of third-party cyber security platforms, including managed detection and response services, email security gateways, vulnerability management tools, privileged access management and threat intelligence services. Lead and support cyber security incident response activities, including investigation, containment, remediation and post incident review. Oversee security monitoring, alerting … escalations from the Service Desk and wider IT teams. Assess and manage cyber security risks associated with new technologies, suppliers and business initiatives. Support threat intelligence activities and ensure emerging threats are assessed for relevance to the firm's environment. Provide guidance, mentoring and knowledge sharing to improve ...

escalation point for analysts, and provide out-of-hours escalation support when required. This is a highly technical, hands-on role where youll lead threat hunting, develop and tune SIEM detections, and help mature SOC processes and response playbooks. Youll also play a key role in mentoring analysts … driven detection, automation, and response capabilities are introduced. You will: Develop, tune, and maintain SIEM detection rules across customer environments Conduct proactive threat hunting and threat intelligence research Act as a senior escalation point for Cyber Security Analysts Coach and mentor analysts, supporting skills development and knowledge ...

operational security function responsible for protecting the organisation's information assets, technology services, and users. This role oversees all security operation functions, incident response, threat detection, vulnerability management, and continuous improvement of the organisation's security posture. Working closely with Infrastructure, Cloud, Architecture, Governance, Compliance and Risk teams … relationship with any outsourced SOC solution ensuring 24/7 monitoring and response coverage. Oversee cyber defence capabilities including SIEM, SOAR, EDR/XDR, threat intelligence, and identity protection. Develop and maintain operational procedures, playbooks, and response frameworks. Direct the full incident response lifecycle: detection, triage, containment, eradication ...

THROUGH UMBRELLA Role Description: "Core Responsibilities: Develop and maintain secure architecture frameworks for enterprise-grade systems, including cloud, on-premises, and hybrid environments Conduct threat modelling, risk assessments, and security gap analyses across infrastructure and application layers Define security standards, reference architectures, and policy controls based on industry frameworks … ensure secure software development lifecycles (SSDLC) Lead strategic initiatives in incident response planning, detection and mitigation strategies, and digital forensics Monitor advancements in threat intelligence and regulatory requirements, advising stakeholders on appropriate countermeasures Produce and maintain architectural documentation, ensuring traceability of security controls and compliance obligations Experience: Demonstrated ...

change control procedures Experience designing or reviewing secure software supply chain and CI/CD security . Ability to interpret CVEs, CVSS scores, and threat intelligence feeds. Strong stakeholder engagement and communication skills with an ability to produce technical reports and articulate risk to non-specialists. Excellent written … technical security reports for assurance cycles Support compliance audit evidence packs (GovAssure/CAF, CE+, ISO 27001) Develop or update security standard documents (e.g. threat modelling, vulnerability mgmt) Support cyber input for IT, research or OT programmes Work with IT teams to co-author and test secure configuration standards ...

standards. Support incident management, vulnerability assessments, and SOC-related activities. Contribute to secure software supply chain practices, including CI/CD security reviews. Interpret threat intelligence, CVEs, and CVSS scores to inform risk-based decision making. Collaborate with stakeholders across technical and non-technical teams, clearly articulating risks ...

continuously improve security controls across endpoints, identity, networks, SaaS platforms, cloud services, and on-premise systems. Identify vulnerabilities and misconfigurations through scanning, logging, threat modelling, and configuration reviews, driving remediation with technical teams and service owners. Support secure delivery of web applications and APIs, working closely with … reduce organisational risk. Ensure security-related changes and risks are communicated clearly and promptly to the wider business. Stay up to date with threat intelligence and emerging risks, translating insights into actionable security improvements. Provide the Head of IT & Change with a weekly security report. Mentor ...

.UK registry and help protect users from online harm. This is an ideal opportunity for someone with a strong interest in cyber threat operations and a desire to build hands‐on experience and develop their skills further. What You’ll Be Doing Investigating domain abuse reports using internal tools … open‐source intelligence (OSINT), escalating complex cases when needed Supporting operational workflows and identifying ways to improve our tools, processes and automation Assisting in the development and refinement of detection rules and identifying patterns in malicious activity Liaising with registrars and other external stakeholders to help resolve abuse cases ...

Global are recruiting a Cyber Security Operations Manager to lead SOC delivery in a critical UK government agency. Drive threat detection, response, resilience, and strategy for national infrastructure. Type of Contract: Contract (Inside IR35) Location: Hybrid (Exeter HQ) – flexible working available Key Duties Will Include: Design/lead CSOC … CK. Manage team (8+), budgets, vendors; report metrics/trends to seniors. Requirements: Proven SOC operations leadership (monitoring tools, AV, IDS/IPS, threat intel). Incident management, vulnerability scanning/remediation. Knowledge: GDPR/NIS/NCSC, ITIL, Mitre ATT&CK. Desirable: CISSP/CISM, cloud security. ...