1 to 25 of 35 Threat Detection Jobs in the South East

the office based on the business need. The Role: Agentic AI for Security & Sentinel Advanced Capabilities Lead the adoption and integration of Agentic AI for Security to enable autonomous threat detection, adaptive response, and continuous security posture improvement. Architect and optimise Microsoft Sentinel for SIEM, UEBA, and threat intelligence integration, leveraging Microsoft Sentinel Model Context Protocol (MCP … for advanced context-aware analytics and automation. Develop and maintain security analytics and data pipelines within Sentinel Data Lake to support large-scale threat detection, incident response, and threat hunting, while optimizing cost and enabling Agentic AI-driven security operations. Integrate and automate security workflows using Microsoft Sentinel Graph for unified threat intelligence, incident correlation, and … Architecture & Strategy Design and implement Microsoft Cloud Security Architectures for Azure, AWS, OCI, GCP and hybrid cloud environments. Ensure Defender XDR and Defender for Cloud are optimised for advanced threat detection and response. Develop enterprise-wide security frameworks and standards to align with industry best practices (NIST, ISO 27001, CIS, GDPR, etc.). Assess and improve cloud security More ❯

SOC Analyst - CISSP, ISC2 SCCP, Palo Alto, Threat Detection, Vulnerability Management, Firewall A global law firm client we work with are currently looking to take on a new SOC Analyst (CISSP, ISC2 SCCP, Palo Alto, Threat Detection, Vulnerability Management, Firewall) on a permanent basis. The firm are currently undergoing a significant transformation and expansion across the … a great deal of trust, autonomy and ownership with a very anti-micromanage managerial structure in place. To be considered for this SOC Analyst (CISSP, ISC2 SCCP, Palo Alto, Threat Detection, Vulnerability Management, Firewall) role, it's ideal you meet one of the following criteria: Work Experience Based Criteria 5+ Years of Working Experience in Cybersecurity or Related More ❯

operate security controls across cloud platforms, identity systems, endpoints, servers, and business applications. You will support the organisation's security posture by ensuring that identity, cloud security, data protection, threat detection, and compliance controls are consistently applied and continuously improved. This role is technical and hands-on, with architectural influence. It requires close collaboration with Network Engineering, Infrastructure … will be responsible for owning and operating the security controls that protect Space NK's identity, cloud, and on-premises environments. You will define and maintain security standards, enhance detection capabilities, harden platforms, and support incident response. You will lead improvements across authentication, authorisation, cloud posture, endpoint security, vulnerability management, and compliance frameworks. You will work closely with Network … compliance controls are met — while Network Engineering implements the network infrastructure itself. This role bridges strategy and technical execution: shaping identity security, strengthening Azure cloud posture, enhancing monitoring and detection capabilities, advising on architecture, and maintaining a secure foundation for all business platforms. Key Responsibilities Hybrid Security Architecture & Governance Design and implement security controls across Azure cloud services, on More ❯

shaping security processes, managing risk, and leading a team of cyber security engineers. The role involves close collaboration with IT, network teams, and senior stakeholders to identify vulnerabilities, mature detection capabilities, and ensure compliance with recognised security frameworks. Key Responsibilities Lead and develop a team of cyber security engineers, providing technical and strategic direction. Oversee security operations including monitoring … incident management, and threat response. Conduct assessments across the IT estate to identify risks and emerging threats. Manage security events from detection through to remediation, ensuring timely and effective responses. Drive improvements to the organisation's security posture in line with a rapidly evolving technology landscape. Maintain adherence to relevant security standards and regulatory frameworks. Oversee vulnerability management … activities and ensure effective patch governance. Support cloud security programmes and the development of secure architecture patterns. Lead enhancements to threat detection, SIEM/SOC processes, and endpoint security controls. Provide clear communication to technical and non-technical stakeholders regarding risks, incidents, and mitigation strategies. Required Skills & Experience Strong background in a senior or lead IT security role. More ❯

SIEM) Engineer with active Security Clearance to join our cybersecurity team. The ideal candidate will be responsible for maintaining, developing, and optimizing the SIEM platform — ensuring effective log management, threat detection, and automation across complex IT and OT environments. Key Responsibilities: Manage, maintain, and enhance the SIEM platform ensuring optimal performance and scalability. Onboard and integrate new log … sources, create custom parsers, and develop analytic rules. Design and maintain detection rulesets, scope, plan, and track log integrations. Develop automation for alert triage and incident remediation through SOAR tools. Collaborate with Threat Detection & Response teams to ensure the SIEM platform aligns with security monitoring requirements. Participate in infrastructure projects and security tool integrations. Lead and mentor More ❯

and IR processes, ensuring alignment and consistency across regions · Collaborate with global SOC and IR teams to harmonize incident response workflows, tooling, and reporting standards · Provide expert guidance to Detection Engineers to optimize detection logic and improve alert fidelity · Mentor and train junior SOC and IR analysts, fostering a culture of continuous learning and operational excellence · Contribute to … and refinement of Standard Operating Procedures (SOPs) for Tier 1 and Tier 2 operations · Conduct quality assurance reviews of Tier 1 analysis and provide constructive feedback · Collaborate with the Detection Logic Engineering team to enhance detection capabilities and threat coverage · Support audit and regulatory engagements by providing timely and accurate responses to information requests · Liaise with cross … of-hours incident response rotations as necessary Skills and Experience: · Minimum 3 years of experience in a Senior SOC Analyst or Tier 2/3 role · Proven expertise in threat analytics, incident response, and cyber investigations · Strong understanding of attacker tactics, techniques, and procedures (TTPs) across diverse environments · Familiarity with industry-standard incident response frameworks (e.g., NIST, SANS) · Experience More ❯

support the deployment, configuration, and management of modern SIEM and EDR platforms. This role is ideal for someone with strong hands-on technical security expertise and a passion for threat detection, analysis, and automation. Key Responsibilities: Syslog experience and/or strong Linux skills SIEM Deployment & Management Configure, deploy, and maintain SIEM platforms such as Microsoft Sentinel or … Elastic SIEM . Build and optimise log ingestion pipelines. EDR Deployment & Management Manage and maintain tools including Tanium , Trellix , FireEye , Microsoft Defender , or Elastic EDR . Threat Detection & Analysis Monitor security logs and alerts. Investigate anomalies, understand attack patterns, and provide actionable recommendations. Syslog Management Configure and maintain Syslog servers . Manage Syslog feeds and ensure reliable log More ❯

Adword Job Title: SOC Threat hunting Analyst Location: Remote Duration: 04 months contract Active SC Clearance required Experience and knowledge Key Responsibilities: Threat Detection Use Case Development: Design and implement detection logic aligned to specific threat scenarios, using industry frameworks such as MITRE ATT&CK. Maintain detection content throughout its lifecycle - from development and … testing to deployment and tuning. Work with client Lead Analysts to ensure content relevance and effectiveness in detecting threats across various environments. Proactive Threat Hunting: Conduct hypothesis-driven threat hunts based on client telemetry, threat intelligence, and observed anomalies. Use available data sources and tools to identify suspicious or malicious activity that may bypass existing detections. Document … and present findings in a clear and actionable format for both internal teams and clients. Content QA and Maintenance Participate in the review and validation of detection content prior to deployment. Assist in updating runbooks, SOPs, and detection playbooks to reflect changes in tools, threats, or client requirements. Support efforts to maintain consistency, accuracy, and quality in all More ❯

CLIENT: Our client is a well-established technology-driven organisation with a strong focus on advancing its cybersecurity capabilities. You will join a dedicated security team working to enhance threat detection and response across complex environments. This is a crucial role for an experienced SIEM Engineer to make a measurable impact by improving resilience and operational security. THE … to required skills) your application to our client in conjunction with this vacancy only. KEY SKILLS: SIEM, Sentinel, Elastic, EDR, Tanium, Trellix, FireEye, Defender, Syslog, Cybersecurity, Python, PowerShell, KQL, Threat Detection, NSD More ❯

the design and implementation of scalable, automated security solutions that integrate seamlessly into enterprise platforms and user experiences. Establish a global security architecture and engineering roadmap focused on prevention, detection, and rapid response. Drive continuous improvement of security posture while aligning with business needs, regulatory requirements, and user experience expectations. Champion DevSecOps practices to embed security early into development … Engineering: Lead end-to-end engineering for identity and access management (IAM), including authentication, authorization, and privileged access controls. Oversee endpoint security architecture and enforcement, ensuring comprehensive coverage for threat detection, malware prevention, and device compliance. Build and operate scalable data protection solutions, including data loss prevention (DLP), secrets management, encryption, and classification. Integrate security controls into CI … intervention. Operational Security, SRE & Assurance: Ensure security platforms are resilient, continuously monitored, and designed for 24x7 support and incident response readiness. Embed security telemetry and observability to enable proactive threat detection and automated response. Apply SRE principles to improve reliability, performance, and maintainability of security services. Lead platform health, patching automation, and vulnerability remediation workflows. Define service level More ❯

Identity, Cloud, etc.). Proven track record in security monitoring, incident response, and alert troubleshooting . Working knowledge of SOAR platforms (preferably within Sentinel or similar). Understanding of threat detection, log analysis, and automation within Microsoft s security ecosystem. Experience with Tenable is beneficial Knowledge of Microsoft Purview would be beneficial Key Responsibilities of the Security Analyst … escalating incidents where necessary. Develop and optimise SOAR (Security Orchestration, Automation and Response) playbooks to enhance incident response and efficiency. Collaborate with wider IT and security teams to improve threat detection, incident handling, and response processes. Apply now to speak with VIQU IT in confidence about the Security Analyst role. Or reach out to Connor Smal via the More ❯

Identity, Cloud, etc.). Proven track record in security monitoring, incident response, and alert troubleshooting . Working knowledge of SOAR platforms (preferably within Sentinel or similar). Understanding of threat detection, log analysis, and automation within Microsoft’s security ecosystem. Experience with Tenable is beneficial Knowledge of Microsoft Purview would be beneficial Key Responsibilities of the Security Analyst … escalating incidents where necessary. Develop and optimise SOAR (Security Orchestration, Automation and Response) playbooks to enhance incident response and efficiency. Collaborate with wider IT and security teams to improve threat detection, incident handling, and response processes. Apply now to speak with VIQU IT in confidence about the Security Analyst role. Or reach out to Connor Smal via the More ❯

Senior Machine Learning Engineer - Behavioural Modeling & Threat Detection - £160,000+ - Fully Remote UK BASED CANDIDATES ONLY My client is looking for an experienced Machine Learning Engineer ready to play a pivotal role in shaping the technical direction of their behavioural modelling and threat detection systems. This position offers the opportunity to influence not just their engineering … and verbal communication skills, especially in cross-functional contexts. Bonus Experience (Nice to Have) Exposure to large language models (LLMs) or foundational model adaptation. Previous work in cybersecurity, anomaly detection, or behavioural analytics. Familiarity with orchestration frameworks (Airflow or similar). Experience with scalable ML systems, pipelines, or real-time data processing. Advanced degree or equivalent experience in ML More ❯

lifecycles using development methodologies such as Kanban, PRINCE2, RUP, and Scrum Proven experience in Security Information and Event Management (SIEM) with a strong focus on Attack Surface Management, and Threat Detection and Response Essential : Managing and prioritising the backlog for multiple security products to ensure effective delivery and continuous improvement Demonstrating strong understanding of business drivers and core … organisational processes, with the ability to quickly adapt and align to evolving priorities Experience with hands-on involvement in threat detection, response strategies and attack surface management Skilled in Agile methodologies, including Scrum with hands-on experience in backlog management, sprint planning and iterative delivery Strong track record in financial oversight, including budget planning Benefits 28 days annual More ❯

responsible for leading digital forensics and incident response (DFIR) readiness. While also advancing the organisation's Adversarial Exposure Validation (AEV)- including Red and Purple Team activities The role ensures detection, response, and control validation against real-world threat actor tactics, techniques, and procedures (TTPs). Salary : £50,000 - £60,000 depending on experience Dynamic (hybrid) working : Minimum … responsible for leading digital forensics and incident response (DFIR) readiness. While also advancing the organisation's Adversarial Exposure Validation (AEV)- including Red and Purple Team activities. The role ensures detection, response, and control validation against real-world threat actor tactics, techniques, and procedures (TTPs). This is a Next step role for an experienced Analyst with a passion … for Incident response and Threat mitigation. Essentials: Lead digital forensics and incident response (DFIR) activities, ensuring lab readiness, artefact management, and delivery of forensic objectives. Maintain and enhance forensic tools and environments (e.g., Magnet Axiom, Autopsy) to ensure operational capability. Conduct detailed forensic analysis, malware reverse engineering, and cyber investigation of complex incidents. Ensure effective chain of custody, artefact More ❯

B2B payments startup, and we're looking for a bold, proactive, and hands-on Cybersecurity Lead to design, implement, and operate our security operations function, including SIEM, incident response, threat detection, secure by design, shift-left security engineering, and automated monitoring and response. You'll run and be part of the projects that implement, build, and maintain security … contractor in Poland unable to get to work. No excuses. No passengers. No tolerance for politics or mediocrity. Requirements What This Role Demands: You Own It – You lead our detection and response mission. You help define the roadmap, build the pipelines, and drive measurable outcomes across threat visibility, MTTD/MTTR, and resilience. You Ask Questions – You challenge … M365, Google Workspace, AWS, GCP, endpoints/EDR, network, SaaS, CI/CD, identity, and proprietary platforms) into Sentinel via native connectors, APIs, custom logs, and event hubs. Engineer detection content: write, test, and tune KQL analytics, scheduled rules, UEBA policies, MSTIC notebooks, watchlists, and hunting queries that map to industry frameworks (MITRE ATT&CK). Build incident response More ❯

with a wide range of internal teams, from IT colleagues to Train Engineers, to ensure security best practices are understood and integrated into their processes and systems. Key Accountabilities Threat and Vulnerability Management Develop incidence response and security measures for protection. Complete risk and exploitability assessments against vulnerabilities and live threats. Serve as a subject matter expert in vulnerability … in IT infrastructure, cloud services, and cyber security. Proven continuous development in both technical and soft domains. Proficiency with security tools and technologies such as SIEM, DLP, network protection, threat detection, and endpoint protection. An understanding of network infrastructure such as VPNs, firewalls, switches, routers, LANs, Intrusion Detection, and vulnerability scanning. Understanding of IT and cyber security More ❯

with a wide range of internal teams, from IT colleagues to Train Engineers, to ensure security best practices are understood and integrated into their processes and systems. Key Accountabilities Threat and Vulnerability Management Develop incidence response and security measures for protection. Complete risk and exploitability assessments against vulnerabilities and live threats. Serve as a subject matter expert in vulnerability … in IT infrastructure, cloud services, and cyber security. Proven continuous development in both technical and soft domains. Proficiency with security tools and technologies such as SIEM, DLP, network protection, threat detection, and endpoint protection. An understanding of network infrastructure such as VPNs, firewalls, switches, routers, LANs, Intrusion Detection, and vulnerability scanning. Understanding of IT and cyber security More ❯

enjoys uncovering the story behind complex data. This is an opportunity to join a pioneering start-up transforming raw security data into actionable intelligence, helping shape the future of threat detection across global networks. This role sits within their Security Research function and is ideal for someone with a SOC, network engineering or security operations background who is … keen to move deeper into research and intelligence. You'll be working closely with large volumes of security data to help organise, analyse and contextualise the activity their detection systems surface. If you understand how networks really operate, feel comfortable working with SQL, and enjoy exploring patterns in security data, this could be a fantastic next step in your … career. About the Role You'll support the wider security research team by 'farming' the data they generate - turning raw network and threat information into structured, meaningful insights that feed directly into ongoing research projects such as proxy detection, bot activity and, over time, AI-driven threat identification. Your responsibilities will include: Analysing and maintaining large volumes More ❯

Key Responsibilities Lead the design and implementation of Azure security best practices, policies, and controls. Manage and optimise Microsoft Sentinel SIEM, including rule creation, use-case development, automation, and threat hunting. Oversee vulnerability management activities using Tenable, ensuring timely identification, prioritisation, and remediation of risks. Support incident response activities, including investigation, containment, and root-cause analysis. Conduct security assessments … and stakeholders. Skills & Experience Required Strong hands-on experience with Azure Security Centre, Azure AD, Defender for Cloud, and cloud security architecture. Proven expertise in Microsoft Sentinel SIEM administration, threat detection, and automation (KQL experience desirable). Solid understanding of vulnerability management with Tenable (Tenable.io/Tenable.sc). Knowledge of industry security frameworks (ISO 27001, NIST, CIS). More ❯

Key Responsibilities Lead the design and implementation of Azure security best practices, policies, and controls. Manage and optimise Microsoft Sentinel SIEM, including rule creation, use-case development, automation, and threat hunting. Oversee vulnerability management activities using Tenable, ensuring timely identification, prioritisation, and remediation of risks. Support incident response activities, including investigation, containment, and root-cause analysis. Conduct security assessments … and stakeholders. Skills & Experience Required Strong hands-on experience with Azure Security Centre, Azure AD, Defender for Cloud, and cloud security architecture. Proven expertise in Microsoft Sentinel SIEM administration, threat detection, and automation (KQL experience desirable). Solid understanding of vulnerability management with Tenable (Tenable.io/Tenable.sc). Knowledge of industry security frameworks (ISO 27001, NIST, CIS). More ❯

Key Responsibilities Lead the design and implementation of Azure security best practices, policies, and controls. Manage and optimise Microsoft Sentinel SIEM, including rule creation, use-case development, automation, and threat hunting. Oversee vulnerability management activities using Tenable, ensuring timely identification, prioritisation, and remediation of risks. Support incident response activities, including investigation, containment, and root-cause analysis. Conduct security assessments … and stakeholders. Skills & Experience Required Strong hands-on experience with Azure Security Centre, Azure AD, Defender for Cloud, and cloud security architecture. Proven expertise in Microsoft Sentinel SIEM administration, threat detection, and automation (KQL experience desirable). Solid understanding of vulnerability management with Tenable (Tenable.io/Tenable.sc). Knowledge of industry security frameworks (ISO 27001, NIST, CIS). More ❯

per day. Key Skills : Microsoft Defender XDR: Endpoint, Identity, Office 365, Cloud Apps Microsoft Sentinel: KQL, playbook development, SIEM optimisation Privileged Identity Management (PIM) and change control workflows Advanced threat detection, incident response, and threat hunting Log collection via Azure Monitoring Agent and Firewall Management Centre Responsibilities: Configure and fine-tune Microsoft Defender XDR in line with … approved designs Participate in Microsoft FastTrack engagements Integrate Defender XDR with Sentinel SIEM for enhanced detection and response Develop Kusto queries and automation playbooks Support PoC setup for Microsoft Copilot for Security Connect syslogs from on-prem servers and firewalls to Sentinel If this Security Engineer role sounds like a good fit, please apply with your most up to More ❯

standardising infrastructure deployment. This includes creating robust PowerShell and Python Runbooks within Azure Automation for routine configuration management, scheduled maintenance, and automated incident remediation actions. Security Operations (SecOps) and Threat Response: Implementing proactive threat detection and automated security response capabilities. This involves active utilisation of Microsoft Defender for Cloud (for CSPM and CWPP) and Microsoft Sentinel, developing More ❯

remediation, and integration with other security tools. Key Responsibilities: Develop and manage the SIEM platform ensuring scalability and performance. Plan and implement solutions for security monitoring. Design and maintain detection rules. Lead and mentor SIEM team. Work closely with Threat Detection & Response team to support incident handling. Required Skills: Proven hands-on experience in SIEM engineering. Strong More ❯