26 to 50 of 58 SOAR Jobs in the UK

as CISSP, TOGAF, CCSP, GCIH or equivalent Strong experience securing Microsoft cloud environments (Azure) design, deployment, configuration and management Broad knowledge of infrastructure and security solutions, including SIEM/SOAR Proven track record designing end-to-end solutions with security embedded across network, infrastructure, access, cloud services, controls and SecOps Experience addressing cloud-specific security challenges, patterns and controls Demonstrated More ❯

as CISSP, TOGAF, CCSP, GCIH or equivalent Strong experience securing Microsoft cloud environments (Azure) - design, deployment, configuration and management Broad knowledge of infrastructure and security solutions, including SIEM/SOAR Proven track record designing end-to-end solutions with security Embedded across network, infrastructure, access, cloud services, controls and SecOps Experience addressing cloud-specific security challenges, patterns and controls Demonstrated More ❯

Your engineering experiences include Golang and Terraform Technologies AWS, GCP, Azure and private Data Centers Kubernetes, Helm, Flux Distributed systems, mostly Golang based with CockroachDB and NATS SIEM/SOAR, EDR, CNAPP, and a suite of open source tools with custom integrations This is a fully remote role, please email your CV to apply More ❯

the following skills and experience: Significant experience administering and scaling Elastic SIEM - Elastic Security, Elastic Stack) -in enterprise environments Expertise with automation and orchestration tools, such as Tines and SOAR platforms Familiarity with Bash, Python or equivalent languages Strong knowledge of Linux systems, networking and cloud logging architectures Proven ability to manage upgrades, migrations and high-availability deployments Experience in More ❯

Microsoft Sentinel (SIEM) and Microsoft Defender suite (Defender for Endpoint, Identity, Cloud, etc.). Proven track record in security monitoring, incident response, and alert troubleshooting . Working knowledge of SOAR platforms (preferably within Sentinel or similar). Understanding of threat detection, log analysis, and automation within Microsoft s security ecosystem. Experience with Tenable is beneficial Knowledge of Microsoft Purview would … security alerts and incidents in Microsoft Sentinel and Microsoft Defender . Perform detailed security event analysis and correlation, escalating incidents where necessary. Develop and optimise SOAR (Security Orchestration, Automation and Response) playbooks to enhance incident response and efficiency. Collaborate with wider IT and security teams to improve threat detection, incident handling, and response processes. Apply now to speak with VIQU More ❯

Microsoft Sentinel (SIEM) and Microsoft Defender suite (Defender for Endpoint, Identity, Cloud, etc.). Proven track record in security monitoring, incident response, and alert troubleshooting . Working knowledge of SOAR platforms (preferably within Sentinel or similar). Understanding of threat detection, log analysis, and automation within Microsoft’s security ecosystem. Experience with Tenable is beneficial Knowledge of Microsoft Purview would … security alerts and incidents in Microsoft Sentinel and Microsoft Defender . Perform detailed security event analysis and correlation, escalating incidents where necessary. Develop and optimise SOAR (Security Orchestration, Automation and Response) playbooks to enhance incident response and efficiency. Collaborate with wider IT and security teams to improve threat detection, incident handling, and response processes. Apply now to speak with VIQU More ❯

test, and tune KQL analytics, scheduled rules, UEBA policies, MSTIC notebooks, watchlists, and hunting queries that map to industry frameworks (MITRE ATT&CK). Build incident response playbooks and SOAR automation with Logic Apps to enrich, correlate, contain, notify, and ticket, reducing MTTD/MTTR and false positives. Run the incident lifecycle: triage, investigation, containment, eradication, recovery, lessons learned, and … horizon scan and research effectively to find the missing details. SIEM & Sentinel Expertise – Proven experience in architecting, implementing, and operating Microsoft Sentinel at scale: data connectors, KQL, analytics, UEBA, SOAR (Logic Apps), workbooks, and cost governance. SOC Leadership – Demonstrated capability to build and run a SOC internally, including processes, on‐call, playbooks, case management, ticketing, and continuous detection engineering Incident More ❯

investigation of identity-based attacks. Validate secure delegation models, access review processes, and identity lifecycle controls defined by IAM. Threat Detection, Monitoring & Incident Response Own and operate SIEM and SOAR tooling, including Microsoft Sentinel, Defender XDR, Identity Protection, and threat analytics. Develop and refine detection rules, correlation logic, threat hunting use cases, and behavioural analytics. Investigate and support incident response … for Cloud, Conditional Access, and identity protection tooling. Deep knowledge of Microsoft Entra ID, AD DS, MFA, PIM, RBAC, and hybrid identity security. Hands-on experience with SIEM (Sentinel), SOAR, EDR (MDE), CSPM, and vulnerability management tools. Experience securing Windows Server, PKI/ADCS, domain controllers, and virtualisation environments. Practical understanding of Zero Trust security principles and secure-by-design. More ❯

etc. a plus. Nice to Have Cloud certifications (Azure, AWS, GCP) Experience working in regulated environments (e.g., finance, government) SAFe Agile or Scrum certifications Prior experience with SIEM/SOAR integration, API security, or Identity Governance Why Join Us Play a key role in shaping enterprise-wide secure access architecture Work with a forward-thinking, cross-functional security team Be More ❯

are now looking for a more consultative, client-facing role. Ideal Background: Proven experience in cyber security design, architecture, or consultancy. Hands-on expertise across domains such as SIEM, SOAR, EDR, Vulnerability Management, WAF, IDAM , and Cloud Security . Strong understanding of vendor technologies (e.g., Fortinet, Palo Alto, Juniper ). Excellent communication and stakeholder engagement skills, able to translate complex More ❯

resilient, resourceful, and relentless in your pursuit of product excellence. As a bonus, you understand and have built integrations for popular cybersecurity partner solutions, such as Splunk Enterprise, Splunk SOAR, Palo Alto Networks Cortex XSOAR, Microsoft Sentinel, Google SecOps, and/or others. #LI-BM #LI-REMOTE About Dataminr At Dataminr, we are a mission driven team of talented builders More ❯

Sentinel, migrating AV to MDE, building detections, integrations, and automation, and shaping the SOC technology roadmap. Key Requirements: Deep hands-on expertise with Microsoft Sentinel (KQL, analytic rules, UEBA, SOAR). Proven experience migrating from LogRhythm or another legacy SIEM to Sentinel. Strong experience building and tuning detections mapped to MITRE ATT&CK. Experience migrating Trend Micro ? Microsoft Defender for More ❯

the Technical Operations function by providing support to other members of the team to protect against cyber threats. Lead in the identification and the creation, maintenance and troubleshooting of SOAR playbooks, automations and enrichments. Apply critical thinking to solve unique problems in the information security space. Enhancing the processes around interacting with large datasets to construct actionable information to enhance More ❯

Cloud (Defend, Runtime Sensor, Code), CSPM, and CWP. Automation & Integration : Using Sentinel Graph, Microsoft Graph Security API, playbooks, Logic Apps, Power Automate. Threat Management : SIEM for detection, response, hunting; SOAR workflow design; KQL queries, custom rules, UEBA. Identity & Access Security : Entra ID, Conditional Access, Identity Protection, PIM. Email Security : Microsoft Defender for O365, Darktrace AI, anti-phishing, Safe Links/… and its application in threat detection and response. Understanding of compliance standards (ISO 27001, NIST CSF, GDPR, SOC 2). Familiarity with third-party integrations (e.g., Threat Intelligence Platforms, SOAR tools, Security APIs). Certifications (Preferred): Microsoft SC-100, AZ-500, SC-200, SC-300. CISSP, CCSP. Benefits - GB: Enjoy a benefits package designed to help you thrive, both professionally More ❯

and evolve secure frameworks using Microsoft Security (Defender, Sentinel, Purview, Entra) and integrate Qualys vulnerability management for continuous threat detection and remediation. Automate & Innovate: Lead the charge on automation (SOAR, IaC, workflow automation) and embed Gen AI into security operations, threat intelligence, and reporting. Set Standards: Develop and enforce security architecture standards, governance, and best practicesespecially for AI and automation … for emerging tech. The following would also be of interest: Certifications in automation/cloud (Azure Solutions Architect, Terraform, GIAC), vulnerability management (Qualys, ISO 27001, NIST). Experience with SOAR, SIEM, XDR, and cloud-native security (especially Azure). Pre-sales or solution architecture exposure. What can we offer you? Through our one of a kind training programme, the Littlefish More ❯

security logs across multiple domains identity and access, network, system, data, application, cloud and multiple product types. Proficiency in data analysis and scripting languages (e.g., PowerShell, Python). Strong Security Orchestration, Automation and Response (SOAR) knowledge. Team leadership experience with great collaboration and stakeholder management skills JBRP1_UKTJ More ❯

security logs across multiple domains identity and access, network, system, data, application, cloud and multiple product types. Proficiency in data analysis and scripting languages (e.g., PowerShell, Python). Strong Security Orchestration, Automation and Response (SOAR) knowledge. Team leadership experience with great collaboration and stakeholder management skills More ❯

comprehensive Insider Threat program Hands-on experience conducting DLP operations in the Cloud as well as desired knowledge of other solutions like UEBA,CASB etc. Experience utilizing SIEM/SOAR for data analytics and investigations Passionate about innovation and enjoys the challenges of creating something new Ideally having experience leading teams operationally and mentoring technical associates Stays current with evolving More ❯

Ensure monitoring outputs are actionable, enriching detection and response activities and informing risk and compliance stakeholders. Technical Architecture & Integration * Design and implement a continuous monitoring reference architecture, leveraging SIEM, SOAR, UEBA, and threat intelligence. * Establish enterprise logging standards covering log coverage, retention, encryption, access, and integrity requirements. * Drive automation of monitoring workflows and correlation logic to reduce dwell time and … years in cybersecurity operations, with at least 5 years in security monitoring, SOC leadership, or equivalent detection & response functions. * Proven track record of building or maturing monitoring capabilities (SIEM, SOAR, telemetry pipelines, UEBA, threat intel integration). * Knowledge of log ingestion, normalization, correlation, and enrichment processes. * Familiarity with leading monitoring technologies: Splunk, DataDog, Microsoft Defender, CrowdStrike Falcon, Azure/AWS … security posture. Technical & Functional Expertise * Develops and executes the continuous monitoring strategy, aligned to enterprise security goals and SecOPS direction. * Demonstrates deep technical expertise in telemetry ingestion, SIEM/SOAR integration, log management, and threat intelligence enrichment. * Serves as a recognized expert in monitoring and detection, providing guidance to peers and influencing related security domains. * Codifies monitoring practices and standards More ❯

Response: Improve playbooks and processes, lead escalated security incidents, oversee remediation and recovery actions, track incidents, liaise with partners, report findings, and apply root cause analysis with lessons learned. SOAR Development: Support and develop the SOAR platform by producing workflows to automate responses to common attack types and enhance operational playbooks. Digital Forensics: Use forensic tools and techniques to analyse … log correlation, analysis, forensics, and chain of custody requirements. Familiarity with regulatory frameworks (NCSC CAF, ISO/IEC 27001/27002, GDPR, CIS, NIST). Practical knowledge of SIEM, SOAR, EDR, AV, IDS/IPS, NAC, AD, DLP, web/email filtering, behavioural analytics, TCP/IP and OT protocols, and security applications. Understanding of adversarial TTPs and frameworks such … as MITRE ATT&CK. Experience with SIEM and SOAR solutions, IAM, and DLP tools (e.g. FortiSIEM, Q-Radar, Microsoft Secure Gateway, Darktrace, Microsoft Defender, Sentinel). Experience developing incident response playbooks, SOAR workflows, red-team exercises, and tabletop simulations. Experience in investigating advanced intrusions, such as targeted ransomware or state-sponsored attacks. Summary: My client are looking for an experienced More ❯

and efficiency of our Security Operations Centre (SOC). This role is perfect for someone who thrives on solving complex technical challenges, enjoys working with tools like Splunk and SOAR, and wants to contribute to a mission that truly matters. Salary : Circa £50,000 – £60,000 depending on experience Dynamic (hybrid) working : 2 days per week on-site due to … threat landscape. Key responsibilities include; Act as the subject matter expert (SME) for Splunk across all cyber security and observability use cases. Lead SOC automation initiatives using scripting and SOAR tools, optimising processes through AI and ML technologies. Support alert tuning, connectivity, and visibility across monitored networks and infrastructure. Maintain and document SOC integrations, ensuring accurate configuration and performance visibility. More ❯

and efficiency of our Security Operations Centre (SOC). This role is perfect for someone who thrives on solving complex technical challenges, enjoys working with tools like Splunk and SOAR, and wants to contribute to a mission that truly matters. Salary : Circa £50,000 – £60,000 depending on experience Dynamic (hybrid) working :2 days per week on-site due to … threat landscape. Key responsibilities include; Act as the subject matter expert (SME) for Splunk across all cyber security and observability use cases. Lead SOC automation initiatives using scripting and SOAR tools, optimising processes through AI and ML technologies. Support alert tuning, connectivity, and visibility across monitored networks and infrastructure. Maintain and document SOC integrations, ensuring accurate configuration and performance visibility. More ❯

and efficiency of our Security Operations Centre (SOC). This role is perfect for someone who thrives on solving complex technical challenges, enjoys working with tools like Splunk and SOAR, and wants to contribute to a mission that truly matters. Salary : Circa £50,000 - £60,000 depending on experience Dynamic (hybrid) working : 2 days per week on-site due to … threat landscape. Key responsibilities include; Act as the subject matter expert (SME) for Splunk across all cyber security and observability use cases. Lead SOC automation initiatives using scripting and SOAR tools, optimising processes through AI and ML technologies. Support alert tuning, connectivity, and visibility across monitored networks and infrastructure. Maintain and document SOC integrations, ensuring accurate configuration and performance visibility. More ❯

and efficiency of our Security Operations Centre (SOC). This role is perfect for someone who thrives on solving complex technical challenges, enjoys working with tools like Splunk and SOAR, and wants to contribute to a mission that truly matters. Salary : Circa £50,000 - £60,000 depending on experience Dynamic (hybrid) working :2 days per week on-site due to … threat landscape. Key responsibilities include; Act as the subject matter expert (SME) for Splunk across all cyber security and observability use cases. Lead SOC automation initiatives using scripting and SOAR tools, optimising processes through AI and ML technologies. Support alert tuning, connectivity, and visibility across monitored networks and infrastructure. Maintain and document SOC integrations, ensuring accurate configuration and performance visibility. More ❯

log sources, create custom parsers, and develop analytic rules. Design and maintain detection rulesets, scope, plan, and track log integrations. Develop automation for alert triage and incident remediation through SOAR tools. Collaborate with Threat Detection & Response teams to ensure the SIEM platform aligns with security monitoring requirements. Participate in infrastructure projects and security tool integrations. Lead and mentor junior SIEM … of security log management across multiple domains (identity, access, network, systems, cloud, and applications). Proficiency in Python and/or PowerShell for data analysis and automation. Experience with SOAR platforms and security automation workflows. Excellent problem-solving, stakeholder management, and collaboration skills. Team leadership or mentoring experience is highly desirable. Preferred Technologies/Tools: Splunk, QRadar, LogRhythm, Sentinel, ArcSight More ❯