1 to 25 of 50 Threat Detection Jobs in the South East

business need. The Role: Agentic AI for Security & Sentinel Advanced Capabilities Lead the adoption and integration of Agentic AI for Security to enable autonomous threat detection, adaptive response, and continuous security posture improvement. Architect and optimise Microsoft Sentinel for SIEM, UEBA, and threat intelligence integration, leveraging Microsoft … advanced context-aware analytics and automation. Develop and maintain security analytics and data pipelines within Sentinel Data Lake to support large-scale threat detection, incident response, and threat hunting, while optimizing cost and enabling Agentic AI-driven security operations. Integrate and automate security workflows using Microsoft Sentinel ...

Primary Details Time Type: Full time Worker Type: Employee Senior Threat Detection Specialist Location: London Happy to talk flexible working The Opportunity As we focus on transformation across the organisation, we’re also investing in our cyber security capabilities to keep our people, data, and customers safe. That … building a new Detection Engineering function—and we’re looking for a talented and driven Threat Detection Senior Specialist to help us lead the way. In this key role, you’ll support the GSOC Manager in shaping the future of detection engineering, developing the strategy ...

leading a team of cyber security engineers. The role involves close collaboration with IT, network teams, and senior stakeholders to identify vulnerabilities, mature detection capabilities, and ensure compliance with recognised security frameworks. Key Responsibilities Lead and develop a team of cyber security engineers, providing technical and strategic direction. Oversee … security operations including monitoring, incident management, and threat response. Conduct assessments across the IT estate to identify risks and emerging threats. Manage security events from detection through to remediation, ensuring timely and effective responses. Drive improvements to the organisation's security posture in line with a rapidly evolving ...

techniques to build impactful, customer-facing security capabilities. Build and refine intelligent generative AI agents that drive automated cybersecurity reasoning, investigation workflows, and threat analysis. Extend and enhance our next-generation AI antivirus engine by designing new feature representations, building file parsers, and developing ML models end-to-end. … integrate into the Cynet Endpoint Agent and platform infrastructure. Use Cynet's ML experimentation pipelines to run experiments, optimize performance, and deliver production-ready detection models. Serve as the cybersecurity expert within the Data Science team, guiding threat modeling, malware understanding, and security-driven AI design decisions. Requirements ...

techniques to build impactful, customer-facing security capabilities. Build and refine intelligent generative AI agents that drive automated cybersecurity reasoning, investigation workflows, and threat analysis. Extend and enhance our next-generation AI antivirus engine by designing new feature representations, building file parsers, and developing ML models end-to-end. … integrate into the Cynet Endpoint Agent and platform infrastructure. Use Cynet's ML experimentation pipelines to run experiments, optimize performance, and deliver production-ready detection models. Serve as the cybersecurity expert within the Data Science team, guiding threat modeling, malware understanding, and security-driven AI design decisions. Requirements ...

techniques to build impactful, customer-facing security capabilities. Build and refine intelligent generative AI agents that drive automated cybersecurity reasoning, investigation workflows, and threat analysis. Extend and enhance our next-generation AI antivirus engine by designing new feature representations, building file parsers, and developing ML models end-to-end. … integrate into the Cynet Endpoint Agent and platform infrastructure. Use Cynet's ML experimentation pipelines to run experiments, optimize performance, and deliver production-ready detection models. Serve as the cybersecurity expert within the Data Science team, guiding threat modeling, malware understanding, and security-driven AI design decisions. Requirements ...

techniques to build impactful, customer-facing security capabilities. Build and refine intelligent generative AI agents that drive automated cybersecurity reasoning, investigation workflows, and threat analysis. Extend and enhance our next-generation AI antivirus engine by designing new feature representations, building file parsers, and developing ML models end-to-end. … integrate into the Cynet Endpoint Agent and platform infrastructure. Use Cynet's ML experimentation pipelines to run experiments, optimize performance, and deliver production-ready detection models. Serve as the cybersecurity expert within the Data Science team, guiding threat modeling, malware understanding, and security-driven AI design decisions. Requirements ...

techniques to build impactful, customer-facing security capabilities. Build and refine intelligent generative AI agents that drive automated cybersecurity reasoning, investigation workflows, and threat analysis. Extend and enhance our next-generation AI antivirus engine by designing new feature representations, building file parsers, and developing ML models end-to-end. … integrate into the Cynet Endpoint Agent and platform infrastructure. Use Cynet's ML experimentation pipelines to run experiments, optimize performance, and deliver production-ready detection models. Serve as the cybersecurity expert within the Data Science team, guiding threat modeling, malware understanding, and security-driven AI design decisions. Requirements ...

management of modern SIEM and EDR platforms. This role is ideal for someone with strong hands-on technical security expertise and a passion for threat detection, analysis, and automation. Key Responsibilities: Syslog experience and/or strong Linux skills SIEM Deployment & Management Configure, deploy, and maintain SIEM platforms … . Build and optimise log ingestion pipelines. EDR Deployment & Management Manage and maintain tools including Tanium , Trellix , FireEye , Microsoft Defender , or Elastic EDR . Threat Detection & Analysis Monitor security logs and alerts. Investigate anomalies, understand attack patterns, and provide actionable recommendations. Syslog Management Configure and maintain Syslog servers ...

Adword Job Title: SOC Threat hunting Analyst Location: Remote Duration: 04 months contract Active SC Clearance required Experience and knowledge Key Responsibilities: Threat Detection Use Case Development: Design and implement detection logic aligned to specific threat scenarios, using industry frameworks such as MITRE ATT&CK. … Maintain detection content throughout its lifecycle - from development and testing to deployment and tuning. Work with client Lead Analysts to ensure content relevance and effectiveness in detecting threats across various environments. Proactive Threat Hunting: Conduct hypothesis-driven threat hunts based on client telemetry, threat intelligence ...

Vectra is the leader in AI-driven threat detection and response for hybrid and multi-cloud enterprises. The Vectra AI Platform delivers integrated signal across public cloud, SaaS, identity, and data center networks in a single platform. Powered by patented Attack Signal Intelligence, it empowers security teams … rapidly prioritize, investigate and respond to the most advanced cyber-attacks. With 35 patents in AI-driven threat detection and the most vendor references in MITRE D3FEND, organizations worldwide rely on the Vectra AI to move at the speed and scale of hybrid attackers. For more information, visit ...

site** Key Responsibilities SIEM Management & Optimization: Design, implement, and maintain Microsoft Sentinel workspaces, connectors, analytics rules, and playbooks Develop advanced KQL queries for threat hunting and reporting Optimize SIEM performance, cost, and data retention policies Troubleshoot log ingestion and parsing issues Log Source Integration: Onboard and configure critical … sources (AD, firewalls, servers, cloud infrastructure) Manage event collection and forwarding infrastructure Implement data filtering and custom log parsing Threat Detection & Use Case Development: Develop and refine detection rules based on threat intelligence and attack patterns Continuously improve detection efficacy and reduce false positives Security ...

incident response (DFIR) readiness. While also advancing the organisation's Adversarial Exposure Validation (AEV)- including Red and Purple Team activities The role ensures detection, response, and control validation against real-world threat actor tactics, techniques, and procedures (TTPs). Salary : £50,000 - £60,000 depending on experience Dynamic … incident response (DFIR) readiness. While also advancing the organisation's Adversarial Exposure Validation (AEV)- including Red and Purple Team activities. The role ensures detection, response, and control validation against real-world threat actor tactics, techniques, and procedures (TTPs). This is a Next step role for an experienced ...

multi-cloud infrastructure and leading security engineering efforts. This is a lead, hands-on engineering position requiring deep expertise in cloud security architecture, detection engineering, security tooling, and the secure software development lifecycle (SDLC) to proactively defend our digital assets and global operations. Key Responsibilities Lead and manage security … cloud (AWS, Azure, GCP or similar), and SaaS environments. You will design, architect, deploy, and implement the security infrastructure (SIEM, EDR, logging, monitoring, alerting, threat-intelligence integrations) to support a hybrid SOC model, including overall tool management and tuning. Design and enforce security architecture and strategy. Define and implement ...

multi-cloud infrastructure and leading security engineering efforts. This is a lead, hands-on engineering position requiring deep expertise in cloud security architecture, detection engineering, security tooling, and the secure software development lifecycle (SDLC) to proactively defend our digital assets and global operations. Key Responsibilities Lead and manage security … cloud (AWS, Azure, GCP or similar), and SaaS environments. You will design, architect, deploy, and implement the security infrastructure (SIEM, EDR, logging, monitoring, alerting, threat-intelligence integrations) to support a hybrid SOC model, including overall tool management and tuning. Design and enforce security architecture and strategy. Define and implement ...

multi-cloud infrastructure and leading security engineering efforts. This is a lead, hands-on engineering position requiring deep expertise in cloud security architecture, detection engineering, security tooling, and the secure software development lifecycle (SDLC) to proactively defend our digital assets and global operations. Key Responsibilities Lead and manage security … cloud (AWS, Azure, GCP or similar), and SaaS environments. You will design, architect, deploy, and implement the security infrastructure (SIEM, EDR, logging, monitoring, alerting, threat-intelligence integrations) to support a hybrid SOC model, including overall tool management and tuning. Design and enforce security architecture and strategy. Define and implement ...

multi-cloud infrastructure and leading security engineering efforts. This is a lead, hands-on engineering position requiring deep expertise in cloud security architecture, detection engineering, security tooling, and the secure software development lifecycle (SDLC) to proactively defend our digital assets and global operations. Key Responsibilities Lead and manage security … cloud (AWS, Azure, GCP or similar), and SaaS environments. You will design, architect, deploy, and implement the security infrastructure (SIEM, EDR, logging, monitoring, alerting, threat-intelligence integrations) to support a hybrid SOC model, including overall tool management and tuning. Design and enforce security architecture and strategy. Define and implement ...

multi-cloud infrastructure and leading security engineering efforts. This is a lead, hands-on engineering position requiring deep expertise in cloud security architecture, detection engineering, security tooling, and the secure software development lifecycle (SDLC) to proactively defend our digital assets and global operations. Key Responsibilities Lead and manage security … cloud (AWS, Azure, GCP or similar), and SaaS environments. You will design, architect, deploy, and implement the security infrastructure (SIEM, EDR, logging, monitoring, alerting, threat-intelligence integrations) to support a hybrid SOC model, including overall tool management and tuning. Design and enforce security architecture and strategy. Define and implement ...

multi-cloud infrastructure and leading security engineering efforts. This is a lead, hands-on engineering position requiring deep expertise in cloud security architecture, detection engineering, security tooling, and the secure software development lifecycle (SDLC) to proactively defend our digital assets and global operations. Key Responsibilities Lead and manage security … cloud (AWS, Azure, GCP or similar), and SaaS environments. You will design, architect, deploy, and implement the security infrastructure (SIEM, EDR, logging, monitoring, alerting, threat-intelligence integrations) to support a hybrid SOC model, including overall tool management and tuning. Design and enforce security architecture and strategy. Define and implement ...

access events. Monitor, analyse, and respond to alerts from client security platforms (MDR/XDR, SentinelOne, Huntress, Fortinet, Mimecast, Avanan, Defender) to ensure rapid threat mitigation. Conduct vulnerability assessments, risk analyses and security audits across client environments, providing actionable recommendations and remediation guidance. Implement and maintain security hardening across … alignment with best practices and frameworks such as ISO27001, NIST, and Cyber Essentials Plus. Lead and coordinate incident response efforts, including root cause analysis, threat containment and post-incident reporting for clients. Collaborate with the Project and Service Desk teams to embed security into deployments, migrations, upgrades, and automation ...

complex data. This is an opportunity to join a pioneering start-up transforming raw security data into actionable intelligence, helping shape the future of threat detection across global networks. This role sits within their Security Research function and is ideal for someone with a SOC, network engineering … into research and intelligence. You'll be working closely with large volumes of security data to help organise, analyse and contextualise the activity their detection systems surface. If you understand how networks really operate, feel comfortable working with SQL, and enjoy exploring patterns in security data, this could ...

implementation of Azure security best practices, policies, and controls. Manage and optimise Microsoft Sentinel SIEM, including rule creation, use-case development, automation, and threat hunting. Oversee vulnerability management activities using Tenable, ensuring timely identification, prioritisation, and remediation of risks. Support incident response activities, including investigation, containment, and root-cause … Strong hands-on experience with Azure Security Centre, Azure AD, Defender for Cloud, and cloud security architecture. Proven expertise in Microsoft Sentinel SIEM administration, threat detection, and automation (KQL experience desirable). Solid understanding of vulnerability management with Tenable (Tenable.io/Tenable.sc). Knowledge of industry security frameworks ...

implementation of Azure security best practices, policies, and controls. Manage and optimise Microsoft Sentinel SIEM, including rule creation, use-case development, automation, and threat hunting. Oversee vulnerability management activities using Tenable, ensuring timely identification, prioritisation, and remediation of risks. Support incident response activities, including investigation, containment, and root-cause … Strong hands-on experience with Azure Security Centre, Azure AD, Defender for Cloud, and cloud security architecture. Proven expertise in Microsoft Sentinel SIEM administration, threat detection, and automation (KQL experience desirable). Solid understanding of vulnerability management with Tenable (Tenable.io/Tenable.sc). Knowledge of industry security frameworks ...

implementation of Azure security best practices, policies, and controls. Manage and optimise Microsoft Sentinel SIEM, including rule creation, use-case development, automation, and threat hunting. Oversee vulnerability management activities using Tenable, ensuring timely identification, prioritisation, and remediation of risks. Support incident response activities, including investigation, containment, and root-cause … Strong hands-on experience with Azure Security Centre, Azure AD, Defender for Cloud, and cloud security architecture. Proven expertise in Microsoft Sentinel SIEM administration, threat detection, and automation (KQL experience desirable). Solid understanding of vulnerability management with Tenable (Tenable.io/Tenable.sc). Knowledge of industry security frameworks ...

creating robust PowerShell and Python Runbooks within Azure Automation for routine configuration management, scheduled maintenance, and automated incident remediation actions. Security Operations (SecOps) and Threat Response: Implementing proactive threat detection and automated security response capabilities. This involves active utilisation of Microsoft Defender for Cloud (for CSPM ...