23 of 23 Threat Intelligence Jobs in Central London

Your new company One of the largest Central Government Organisations managing trade, investment and business growth Your new role Cyber Threat Intelligence/Threat Hunter Specialist - SC Cleared What you'll need to succeed My client is looking for an experienced Cyber Threat Intelligence and Threat Hunter Specialist with experience across: CTI - Develop CTI … tactical, operational and strategic intelligence framework and processes Threat hunting - Develop and lead structured threat hunting campaigns-based threat intelligence, MITRE ATT&CK, and risk models Pen Testing - Support internal testing of hypotheses and validation of remediation from pen tests You will be experienced and hands-on with a Cyber Threat Intelligence and … Threat Hunting Specialist, providing support services to the team in setting up processes and requirements around Cyber Threat Intelligence and Threat Hunting Requirements. You will help design, build and operationalise CTI and proactive detection capabilities and establish and mature the internal CTI function. You will be helping to protect the organisation and wider estate from cyber More ❯

HubSpot, Salesforce, Google Ads, LinkedIn Campaign Manager). Preferred Qualifications Previous CMO or VP Marketing role in a cybersecurity scale-up or enterprise SaaS company. Familiarity with compliance standards, threat intelligence, and AI security concepts. Experience marketing to technical audiences: CISOs, security engineers, DevSecOps teams. What We Offer Competitive executive compensation package + performance bonuses Remote-first culture More ❯

packs, finance tracking. Engage senior stakeholders across multiple business units. Requirements Proven experience delivering cyber/IT security projects in a regulated environment. Strong understanding of cybersecurity domains: IAM, threat intel, incident response, vendor risk, etc. Familiarity with frameworks such as NIST, ISO 27001, PCI-DSS, and FFIEC. Solid grasp of the full project delivery lifecycle (PDLC). Strong More ❯

Cyber Defence capability of any organisation worldwide; and are looking to bring in an experienced Senior Cyber Operations Analyst to monitor and respond to some of the most advanced threat actors out there, from their London HQ. The volume and sophistication of threats they witness is incomparable with any other company you will come across; ranging from nation-state … sponsored attacks to the most prevalent ransomware groups. You’ll be working alongside and learning from some of the most renowned cyber security professionals responding to incidents, investigating novel threat actors and defending the bank. This is an incredibly opportunity for an experienced SOC Analyst (3+ years) to join an elite team of Cyber Defence Specialists, get access and … exposure to some of the most sophisticated threat actors out there and genuinely develop your career within one of the most reputable banks worldwide. Senior Cyber Operations Analyst – Key Responsibilities: Lead the investigation and response for escalated security incidents, performing in-depth analysis and coordinating containment and mitigation strategies. Conduct proactive threat hunting using network traffic, behavioural patterns More ❯

Conduct host forensics, network forensics, log analysis, and malware triage in support of incident response investigations. Identify, analyze, and assess potential insider threats through behavioral analytics, log review, and threat intelligence. Maintain and improve SOC processes and procedures, staying current with the latest security trends and technologies. Assist in developing strategies to handle security incidents and coordinate responses to … insider threats. Support the development and implementation of use cases, detection rules, and playbooks. Perform threat hunting activities to proactively identify threats within the environment. Continuously review and refine insider risk policies to ensure they are effective and up to date. Develop and implement automated processes for monitoring and enforcing insider risk policies. Participation in security root cause analysis … as part of NorthMark Strategies’ Cyber Incident Response Plan. Develop comprehensive and accurate reports and presentations for both technical and executive audiences. Stay up to date with relevant vulnerabilities, threat actors, indicators of compromise (IOCs) tactics, techniques, and procedures (TTPs), and trends, identifying actionable areas of interest and threats. Requirements: At least 3 years of experience in a SOC More ❯

on your shift, while also delivering advanced security operations services to clients across a range of industries. As a Senior SOC Analyst , you will be central to incident response, threat hunting , and real-time defence management , guiding and mentoring two junior SOC analysts. The SOC team is deeply committed to leveraging the latest in automation and artificial intelligence … and investigating incidents, fostering a culture of collaboration and continuous learning. Client Relationship Management: Act as a point of contact, managing ongoing communications and ensuring technical needs are met Threat Detection & Analysis: Triage and analyse alerts across multiple SIEM platforms (e.g., Microsoft Sentinel, custom ELK stacks). Log & Threat Intelligence Analysis: Perform detailed log analysis and threat intelligence research to uncover root causes and bolster security defences. Technical Reporting: Deliver clear, client-focused reports on incidents, alerts, and threat activity. Escalation Handling: Manage critical escalations with precision and provide comprehensive, well-documented resolutions. SOC Innovation: Work with leadership to enhance operational efficiency and integrate emerging technologies. Incident Management: Lead security incident investigations and responses More ❯

escalate incidents with sound judgement — this isn’t checkbox security work. Dive deep into data using PCAP, endpoint logs, network telemetry and behavioral analytics. Hunt for threats proactively, leveraging threat intelligence, patterns, and instincts built from experience. Work cross-functionally with other teams to contain, mitigate and learn from security incidents. Act as a mentor to Tier … better tooling and smarter monitoring. What You Bring You’re not new to this. You’ve been in the trenches and know what it takes to stay ahead of threat actors. Ideally, you bring: Hands-on experience with SIEM platforms , especially Splunk. Strong familiarity with MITRE ATT&CK , intrusion detection/prevention systems, and malware behaviour. Confidence in network More ❯

We are looking for a skilled Detection Engineer to join our Cyber Security team. In this role, you will be responsible for developing and maintaining high-fidelity threat detections across our security platforms. You’ll work at the intersection of threat intelligence, telemetry and security operations to build scalable, reliable and effective detection capabilities. Key Responsibilities Design … and deploy detection logic across SIEM, EDR and cloud security platforms. Build detections aligned with frameworks such as MITRE ATT&CK and continuously tune for accuracy and performance. Conduct threat modelling and participate in purple team exercises to assess and improve detection effectiveness. Use Detection-as-Code principles to manage detection rules via version control, CI/CD pipelines … and automated testing frameworks. Reduce false positives through tuning, enrichment and contextual awareness. Skills 3+ years of experience in security operations, detection engineering, threat hunting, or a related Cyber Security field. Proficiency in query languages such as SPL (Splunk), KQL (Microsoft), Sigma, or similar. Experience with SIEM platforms (e.g. Splunk, Sentinel, Elastic), EDR tools (e.g. CrowdStrike, SentinelOne), and/ More ❯

An Elastic Security Specialist is responsible for designing, implementing, and maintaining security detection, alerting, and response capabilities using the Elastic Stack. You will work cross-functionally with SOC teams, threat hunters, and engineers to translate adversary behaviours into automated detection rules, build investigative workflows, and integrate Elastic Security with external security tools. Key Responsibilities Detection Engineering Author and optimize … detection rules in Elastic Security (EQL, Rule DSL, Sigma-to-ES mappings). Develop look-back and schedule intervals, ensuring coverage of varied threat actor behaviours. Tune rule thresholds and enrich alerts with contextual data (asset, user identity, threat intelligence). Alert & Exception Management Configure and maintain exception lists for noisy or benign events to reduce false … positives. Design workflows for automated alert remediation via connectors (e.g., ServiceNow, Jira). Threat Hunting & Investigation Create and run ad hoc SIEM queries to hunt for IOC/IOA patterns across logs, network, endpoint data. Build Kibana dashboards and Timelion/ECharts visualizations for SOC monitoring. Integration & Automation Integrate Elastic Security with endpoint agents (Elastic Agent, Beats), EDR platforms More ❯

Key Requirements: Proven experience in information security risk management , particularly in GRC. Solid technical security background in at least one of the following areas: Vulnerability Assessment & Penetration Testing (VAPT) Threat Intelligence Incident Response Or other relevant technical security domains. Ability to assess, communicate, and manage risk in alignment with security policies and business objectives. Strong stakeholder engagement and More ❯

Account Executives and support them with background research and context. Collaborate with marketing to provide feedback on campaign performance and market signals. Stay up to date on cybersecurity trends, threat intelligence, and The clients products and value proposition. You’ll need: 1–2 years’ experience in a sales or business development role, ideally in B2B SaaS or cybersecurity. More ❯

and capability, ensuring detections are robust and not brittle, thoroughly tested, and that alerts and supporting information is available to and understood by operational cyber security teams. Experience Required Threat Led: Ability to assess and validate information from various sources on cyber and informational security threats to business Ability to analyse and identify significance of processed intelligence to … identify trends, threat actor TTPs and potential capabilities. Ability to break down and translate information into tangible actionable data. Secure & Test-Driven Engineering Understanding of cyber security threat frameworks such as MITRE ATT&CK, Lockheed Martin Killchain etc. Ability to specify/implement processes to maintain required level of security for a component/product/system during … negative test cases. Ability to conducts code reviews of existing content and processes to identify and enhance or mitigate security issues. Contribute to security evaluation of or testing of threat/vulnerabilities faced by systems. Applies recognised evaluation/testing methodologies, tools and techniques to signature development/reviews, suggesting new ones where appropriate. Research: Ability to quantify and More ❯

infrastructure. Reporting directly to the CTO, this is not a purely strategic or oversight role. You’ll be owning the security vision, building the roadmap, writing code, reviewing architecture, threat modelling, and automating at scale, while building a high-performance team around you. This is what you will own: Security Engineering Strategy Define and execute the security vision across … Technical Execution Design and implement secure-by-default patterns in AWS, Kubernetes, CI/CD pipelines, and crypto-native systems. Own IaC scanning, secrets detection, and automated control implementation. Threat Modelling & Incident Readiness Lead technical reviews of high-value trading and custody systems. Translate threat intel into proactive engineering solutions. Cross-Functional Collaboration Work closely with Engineering, DevOps More ❯

you will be a key member of our Cyber Security Incident Response Team (CSIRT), responsible for identifying, analyzing, and mitigating cyber threats. This role requires a proactive approach to threat hunting, cyber threat intelligence, and incident response, ensuring the protection of BCG’s global network. You will work closely with the Security Operations Center (SOC), Security Information … posture and minimizing business risks associated with cyber threats. What Will You Do? Act as a Tier 3 Incident Responder, supporting complex investigations into cyber security incidents. Conduct proactive threat hunting to detect and neutralize emerging threats. Monitor and analyze logs via SIEM, EDR, and network traffic analysis tools for potential attack indicators. Investigate security incidents, including malware infections … phishing attacks, and unauthorized access attempts. Develop and enhance incident response playbooks, ensuring alignment with evolving threats. Analyze threat intelligence sources to identify new attack vectors and adversary tactics. Provide forensic analysis and malware reverse engineering to assess security incidents. Collaborate with IT, Risk, and Compliance teams to ensure regulatory compliance and security best practices. Produce timely reports More ❯

lead in customer-facing engagements, translating complex security needs into effective solution architectures Design Zero Trust-aligned network and endpoint architectures, including segmentation, micro-segmentation, NAC, and DNS-layer threat protection Lead conversations around network modernization , helping clients evolve from legacy architectures to software-defined, cloud-integrated, and policy-driven network designs Deliver workshops, product demonstrations, and proof-of … endpoint protection and EDR platforms such as CrowdStrike, SentinelOne, Microsoft Defender, or Tanium Familiarity with DNS security tools and strategies (e.g., Zscaler, Cisco Umbrella, Infoblox) and their role in threat containment Deep knowledge of Zero Trust Architecture, lateral movement prevention, and alignment to frameworks like MITRE ATT&CK and NIST CSF Excellent communication skills with the ability to influence … as the technical lead in pre-sales engagements focused on network and endpoint security. Conduct client discovery sessions, workshops, and assessments with an emphasis on segmentation strategies, visibility, and threat defence. Deliver compelling technical presentations and product demonstrations to both technical and business audiences. Solution Design & Architecture Design and validate secure architectures incorporating network segmentation/micro segmentation, DNS More ❯

technical expertise, strategic vision, and hands-on experience in building secure, AI-driven systems. As Director of Cybersecurity, you will oversee all aspects of our security architecture, operations, and threat intelligence functions—ensuring Nothreat’s platforms and clients remain resilient in an evolving threat landscape. You will also be expected to drive cross-functional collaboration across product … teams, and lead the execution of complex, high-impact security initiatives. Key Responsibilities Define and drive Nothreat’s cybersecurity strategy across product, infrastructure, and operations. Lead security architecture reviews, threat modeling, and secure development practices across engineering teams. Oversee the implementation and operation of security controls, incident response plans, and risk management frameworks. Work closely with the AI engineering …/ML systems, securing data pipelines, models, and associated infrastructure. Strong technical background in areas such as application security, cloud security (AWS/Azure), identity and access management, and threat detection. Proficiency with SIEM, SOAR, EDR, vulnerability management, and DevSecOps practices. Deep understanding of modern attack vectors, threat intelligence, and incident response processes. Experience with security frameworks More ❯

adjacent fields (e.g. Data, DevOps, Cloud) on the fundamentals and best practices of cyber security. Be part of updating training content to reflect current cyber industry trends, tools and threat landscapes. Work closely with the curriculum team to improve and tailor course content and delivery methods. Some weeks will require travel into the London HQ for in-person sessions … security engineering, consulting, or operations Ability to teach and explain key cyber domains, and at least one of the below: Network and infrastructure security Security operations and incident response Threat intelligence and threat modelling Governance, risk & compliance (GRC) Cloud security Penetration testing and vulnerability management Excellent communication & presentation skills. Desirable: Certifications such as CISSP, CISM, CEH, CPENT More ❯

Skills Expertise in threat intelligence, cybersecurity operations, or related functions. Proficiency with threat intelligence platforms (e.g. MISP, ThreatConnect, Recorded Future, Anomali). Solid understanding of common malware, threat actor groups, APT campaigns and geopolitical threats. Familiarity with STIX/TAXII, YARA, Sigma, and IOC/TTP formats. Deep knowledge of the MITRE ATT&CK framework … and cyber kill chain methodology. The Role Monitor the threat landscape to identify emerging cyber threats, vulnerabilities and adversary tactics, techniques and procedures (TTPs). Support threat hunting, incident response and vulnerability management with relevant threat context and attribution. Perform adversary tracking and contribute to the development of threat models using frameworks such as MITRE ATT … CK, Diamond Model, and Kill Chain. Collaborate with SOC, IR, Red Team and Vulnerability Management teams to contextualise and operationalise threat intelligence. **This role is predominantly remote but requires flexibility to come into the London office as and when required More ❯

services. This award-winning cyber group is uniquely positioned at the intersection of law, digital forensics, and strategic response. With capabilities that span incident response, regulatory strategy, privacy law, threat intelligence, security controls, and tech litigation, they’re rewriting how legal support is delivered in high-pressure digital environments. What You’ll Be Doing You’ll play a More ❯

HubSpot, Salesforce, Google Ads, LinkedIn Campaign Manager). Preferred Qualifications Previous CMO or VP Marketing role in a cybersecurity scale-up or enterprise SaaS company. Familiarity with compliance standards, threat intelligence, and AI security concepts. Experience marketing to technical audiences: CISOs, security engineers, DevSecOps teams. What We Offer Competitive executive compensation package + performance bonuses Remote-first culture More ❯

re a leading Managed Service Provider (MSP) delivering cutting-edge IT and security solutions to businesses worldwide. Our mission is to protect digital assets through proactive security measures, advanced threat intelligence, and world-class support. Join a dynamic, innovation-driven team where your skills make a real impact. Your Mission: As a Cyber Security Engineer, you’ll take … on experience with SIEM, EDR, VPNs, firewalls, and cloud platforms (AWS, Azure, GCP). Expertise in Microsoft Sentinel, Cisco Splunk or Palo Alto QRadar, and KQL. Proven skills in threat detection, incident response, and forensic analysis. Knowledge of SOAR tools (especially Palo Alto XSOAR or similar). Familiarity with compliance standards: ISO 27001, NIST, CIS, GDPR, HIPAA. Bonus: scripting More ❯

Job Description: Head of Cyber Threat Exposure Permanent London/Staines/Manchester (Hybrid Working) We consider all types of flexibility, including locations, hours and working patterns. We make health happen. At Bupa, we are at the forefront of an exhilarating digital transformation journey, driven by our ambition to become the world's most customer-centric healthcare provider. Our … mission is simple yet profound: to help people live longer, happier, healthier lives, and to make a better world. As Head of Cyber Threat Exposure, you’ll play a crucial role in vulnerability management and offensive activities across Bupa. You’ll provide threat-led cyber security leadership, subject matter expertise, oversight, E2E process design and implementation, and coordination … end management and delivery of security services including penetration testing, assumed breach testing, attack and social engineering simulations, red and purple teaming. Provide comprehensive dashboarding and reporting capabilities leveraging threat intelligence and proactively identify, prioritise, and remediate vulnerabilities and threat exposures Ensure that all technology, cloud services and third-party solutions comply with defined vulnerability management and More ❯

at Netcraft should combine deep applied AI/ML expertise , a hands-on and collaborative approach to developing solution architecture, and eventually develop a strong domain knowledge in cyber threat detection and mitigation. The role is highly collaborative, embedding within technical teams to deliver robust, explainable, and impactful AI-based solutions that advance threat detection efficacy and enable … models. What you'll need to be successful: Advanced knowledge of machine learning, deep learning, and statistical analysis. Massive bonus points if you have experience applying these skills to threat detection, malware analysis, phishing, and/or abuse detection. Experience designing and implementing anomaly detection, classification, clustering, and retrieval across vision and language models, ideally for identifying cyber threats …/ML technologies and models for fit to problem space , including scenarios where RAG is applicable. Incident response experience, and ability to work with large, noisy, and rapidly evolving threat datasets . Strong background in cloud engineering and containerisation (Docker, Kubernetes ), with experience deploying AI services at scale, particularly on AWS via Terraform . Bonus points if you have More ❯