33 jobs found

Security Analyst SOC, Tier 2 SOC Analyst to join an award winning managed service provider 24x7 security team. As a Tier 2 Analyst, you will lead the investigation, containment, and coordination of security incidents, working closely with Tier 1 analysts, internal IT teams, and external stakeholders. Taking ownership of complex alerts, support threat hunting and intelligence efforts, and contribute to the refinement of detection rules, playbooks, and response procedures. You will be involved in • Incident Detection & Response • Threat Intelligence and Analysis • Security Monitoring and Detection Engineering • Compliance, Reporting and Documentation • Vulnerability Management • Collaboration and knowledge sharing This would suit an experienced security analyst who has proved experience working in a busy security department, working in security operations. Strong alert triage, incident response, security monitoring, and threat analysis. Experience handling real-world security incidents and working with SIEM, EDR, or vulnerability management tools. Ideally have a strong bachelor s degree in computer science, Information Security, Cyber Security or related field with any SIEM-specific certification or vendor-specific training. Relevant cybersecurity certifications such as Certified Cloud Security Professional (CCSP) or other relevant security certifications, Security+ (CompTIA), CEH (Certified Ethical Hacker), CISSP, BTL1, BTL2 or others are highly desirable but not essential. Office based in Stoke on Trent, shifts, rota basis of 4 days on working - early's, late's and nights. This is an excellent opportunity for an experienced security analyst ready to take the next step with a chance to mentor junior analysts, deepen your technical expertise, and help shape our evolving security posture in a collaborative, hands-on environment.

Cyber Threat Detection Analyst Location: Berkshire (On-site) Salary: Competitive (dependent on experience) + excellent benefits & training Security Clearance: Ideally SC Cleared or eligible for SC (UK Nationals only) Company Overview An exciting opportunity to join a global technology Powerhouse with a highly regarded cyber security capability supporting mission-critical environments across multiple industries. Cyber security sits at the heart of the organisation's operations, with sustained investment in people, tooling, threat intelligence, and continuous professional development. The security function operates at a mature level, bringing together blue team, red team, threat hunting, and collaborative purple-team practices to proactively defend against real-world adversaries. Role Overview As a Cyber Threat Detection Analyst, you will play a hands-on role within an advanced cyber defence function, focused on proactive threat hunting, adversary behaviour analysis, and high-fidelity threat detection across enterprise environments. This role goes beyond reactive alert handling. You will actively hunt for malicious activity using telemetry, SIEM data, and threat intelligence, develop hypotheses based on MITRE ATT&CK Tactics, Techniques, and Procedures (TTPs), and support incident management and response activities when threats are identified. We are open to experienced SOC Analysts where threat hunting, investigations, and proactive detection have formed a significant part of their role, and who are looking to further develop in a more hunting-led environment. This position is well suited to analysts who enjoy thinking like an attacker, have worked alongside or supported red team or purple team activities, and want to deepen their expertise in threat detection and detection engineering. Skills & Experience We're Seeking Experience in threat hunting, cyber threat detection, SOC, blue team, or cyber defence environments, with ideally around five years hands on experience. Strong hands-on experience using SIEM platforms, including: Microsoft Sentinel (KQL) Splunk (SPL) Elastic Security/Kibana (KQL, ESQL) Practical and operational understanding of MITRE ATT&CK, attacker techniques, and adversary tradecraft Experience working with Indicators of Compromise (IOCs) and threat intelligence feeds Solid experience across the security event life cycle, including detection, investigation, and incident management Hands-on experience with EDR/XDR technologies such as Microsoft Defender, CrowdStrike, SentinelOne, or Carbon Black Strong knowledge of networking fundamentals (TCP/IP, DNS, HTTP/S, Firewalls, VPNs, Proxy technologies) Experience analysing telemetry from Windows, Linux, identity, endpoint, and network sources Strong analytical mindset with the ability to clearly communicate findings, impact, and risk Key Responsibilities Conduct proactive threat hunting activities across log, endpoint, and network telemetry to identify suspicious, stealthy, or previously unknown threats Develop and execute hunt hypotheses aligned to MITRE ATT&CK TTPs, adversary behaviours, and emerging threat intelligence Write, refine, and optimise SIEM queries using KQL, SPL, Elastic/ESQL, and Kibana Query Language Perform IOC analysis, enrichment, and validation, integrating internal and external threat intelligence sources Lead investigations from initial detection through scoping, root cause analysis, and impact assessment Support incident management and incident response activities, including containment, remediation, escalation, and lessons learned Collaborate closely with SOC teams, incident responders, red teams, and purple teams to validate detections and improve defensive coverage Contribute to detection logic improvements, use-case development, and continuous enhancement of hunting methodologies Produce clear investigation write-ups, timelines, and recommendations for technical and non-technical stakeholders Particularly Interested In Candidates With Experience supporting or collaborating with Red Team or Purple Team exercises Exposure to adversary emulation, attack simulation, detection validation, or detection engineering Experience working in regulated, high-security, or mission-critical environments Background in advanced SOC functions with a strong emphasis on investigation and threat hunting Security Certifications (Highly Beneficial) SANS/GIAC certifications, including but not limited to: GCIH - Incident Handler GCIA - Intrusion Analyst GCED - Enterprise Defender GCTI - Cyber Threat Intelligence GMON - Continuous Monitoring GDAT - Defending Advanced Threats GCAT - Advanced Threat Intelligence OSCP or equivalent offensive security qualifications Crest certifications, such as: Crest Practitioner Intrusion Analyst (CPIA) Crest Registered Intrusion Analyst (CRIA) Crest Certified Threat Intelligence Analyst (CCTIA) Crest Certified Blue Team Professional (CCBTP) Microsoft SC-200 or related detection and response certifications Other recognised cyber security or threat intelligence credentials Why Join? Threat-hunting-led role within a mature cyber defence organisation Exposure to real adversary behaviour, Red Team activity, and advanced attack scenarios Competitive salary with an excellent benefits package Significant investment in training, certifications, and long-term career progression Opportunity to work alongside experienced Blue, Red, and Purple Team professionals Don't delay - apply now via the link below. About Adecco Adecco is acting as an Employment Agency. We are proud to be an equal opportunities employer. We are on the client's supplier list for this role.

Palo Alto XSoar Developer Role Candidates in this role are responsible for the development and maintenance of the code and capabilities of the Security Orchestration, Automation and Response (SOAR) platform. Candidates will work with the Manager of Detection & Response Engineering and will work jointly with our detection engineering, threat detection and response teams to specify clear priorities, evaluate technical tradeoffs, and build high-impact features within the SOAR platform. The candidates' main responsibilities will be to: Focus on the development, maintenance, and delivery of new Security Orchestration and Automation content including custom SOAR Playbooks, Automations/Scripts, Jobs, dashboards, reports, widgets, RESTful API integrations, and code via Continuous Integration/Continuous Delivery pipelines adhering to an Agile development practice Reduce Incident Response efforts and increase quality leveraging XSOAR for Security Orchestration, Automation and Response (SOAR) Automate manual SOC procedures and develop, implement, and maintain playbooks Detail SOAR workflows, scripts, and develop, test and debug code and use established code repository for tracking. Use python/other Scripting languages to perform the customizations to develop the required automation. Work with the existing playbook framework and ensure the amendments are hooked accurately to the existing framework. Prioritize and coordinate backlog of SOAR integration and automation requests, making sure we have a healthy balance between defect resolution and new features. Work in partnership with the incident response team to craft find opportunities for improvement Qualifications Technical Skills 3+ year prior experience in a similar position Sophisticated knowledge of the Palo Alto Cortex XSOAR platform Ability to create documentation for Palo Alto Networks Cortex XSOAR playbooks Proficient in Python, JavaScript, and PowerShell are an asset Good understanding of REST/SOAP/WSDL/XML (Web services) Understanding of cybersecurity incident response procedures, experience as a Security Incident Responder or SOC analyst is a plus Strong understanding of cybersecurity technologies, protocols, and applications Soft Skills Strong analytical skills to evaluate complex multivariate problems and find a systematic approach to gain a quick resolution, often under stress! Strong problem solving, documentation, process execution, time management and interpersonal skills. Ability to communicate sophisticated information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means. Passion and drive to work in start-up division with potential of significant growth in scope and services

We are recruiting a Tier 2 SOC Analyst to support advanced cyber threat detection and response within an established Security Operations Centre. The successful candidate will manage escalated security incidents, perform detailed investigations, tune security tooling, and provide direct client support during active cyber events. This role is ideal for an experienced SOC analyst seeking ownership and technical depth. Key Duties Handle escalated incidents from Tier 1 analysts Carry out root cause and post-incident analysis Lead incident containment and remediation activities Support firewall alert analysis and network troubleshooting Improve detection accuracy through tuning and optimisation Develop SOC playbooks and automation workflows Maintain high-quality incident documentation Required Experience Previous experience in a SOC or security operations role Strong knowledge of cyber attack techniques and defence strategies Experience with SIEM, EDR, XDR, and SOAR platforms Networking fundamentals including firewalls and protocols Strong analytical and problem-solving ability Certifications (Desirable) Microsoft SC-200 CompTIA Security+ Blue Team Labs Level 1 Check Point CCSA Fortinet NSE4

Detection & Response Analyst (SOC / Security Engineering Pathway) Portsmouth (Hybrid) Why this role is different Most SOC roles are alert-heavy and repetitive. This isn't one of them. You'll be joining a team that's actively moving beyond traditional SOC work-focusing on threat detection, automation, and security engineering , not just ticket handling. If you're looking to step up from SOC OR move closer to engineering / threat hunting , this is a genuine pathway role. What you'll be doing Investigating and responding to security incidents across enterprise environments Building and improving SIEM detection rules / use cases Working with security tooling (EDR, SIEM, cloud security platforms) Supporting threat hunting and proactive detection activities Collaborating with engineering teams to improve automation and response Contributing to continuous improvement of security operations What we're looking for We're open to people from a range of backgrounds, including SOC, SecOps, or infrastructure with security exposure. You might have: Experience in a SOC, SecOps, or similar security-focused role Exposure to tools like SIEM (Splunk, Sentinel, QRadar, etc.) or EDR Understanding of common attack techniques (MITRE ATT&CK, incident response basics) An interest in detection engineering, automation, or threat hunting Not ticking every box? That's fine-we're hiring for potential as well as experience . Progression & development This role is designed as a stepping stone into more advanced security work , including: Threat Hunting Detection Engineering Security Engineering / Automation Incident Response You'll be supported with training, certifications, and hands-on exposure to modern tooling. Working setup Hybrid Flexible working environment Portsmouth office for collaboration when needed Why join? Clear progression beyond traditional SOC work Opportunity to work on modern security tooling and detection engineering Supportive team environment with real development focus Chance to build skills that are highly in demand across cyber security

SOC Engineer - Farnborough or Hemel Hempstead, UK Up to £65,000 Depending on Experience + Night Shift allowance Onsite in Farnborough or Hemel Hempstead Active SC required, with willingness to go through DV ABOUT THE CLIENT Our client is a highly respected technology consultancy working across complex and security critical environments. They deliver cutting edge digital and cybersecurity solutions to major public sector organisations. Due to continued growth, they are looking to appoint a SOC Engineer to strengthen their security capability. THE BENEFITS 25 days annual leave Health cash plan Life assurance Pension scheme Structured training and development Career progression opportunities Collaborative and supportive environment THE SOC ENGINEER ROLE: As a SOC Engineer, you will play a key role in ensuring security monitoring and protective tooling is deployed and operating effectively. You will support SOC operations by enabling analysts to detect and respond to threats quickly and efficiently. Install, configure and maintain security monitoring tools Ensure SOC tooling is optimised and operating effectively Support SIEM platforms and threat intelligence tooling Work with teams to assess risk and design security controls Apply updates, patches and follow change processes Stay current with emerging threats and recommend improvements SOC ENGINEER ESSENTIAL SKILLS Strong understanding of information security fundamentals Experience with SIEM tools such as Sentinel or Splunk Familiarity with security monitoring technologies Analytical mindset with strong problem solving skills Ability to manage multiple priorities and meet deadlines Strong communication and collaboration skills TO BE CONSIDERED: Please either apply through this advert or email me directly to discuss. By applying for this role, you give consent for your application to be submitted to our client in connection with this vacancy. KEY SKILLS SOC Engineer, SIEM, Sentinel, Splunk, Cyber Security, Security Monitoring, Threat Detection, Azure, AWS, Network Security, NSD

SOC Analyst (Level 2) Location: Aylesbury (Hybrid) Salary: Up to £45,000 (depending on experience) CTA are working with a Cyber Security company who are for a SOC Analyst (L2) to join their growing Security Operations Centre. This role is ideal for a junior analyst looking to build hands-on experience in monitoring, triaging, and responding to security incidents in a fast-paced, shift-based environment. Key Responsibilities Advanced Security Monitoring: Analyse SIEM alerts, logs, and security events to identify and respond to complex threats. Incident Response: Lead investigations, perform deep analysis, determine impact, and coordinate response activities. Threat Detection & Analysis: Develop and refine detection rules and use cases to improve threat visibility. Threat Hunting: Proactively hunt for advanced threats and indicators of compromise across the environment. Vulnerability Management: Identify, assess, and prioritise vulnerabilities and recommend remediation actions. Security Reporting: Produce detailed reports on incidents, trends, and overall security posture. Process Improvement & Automation: Enhance SOC processes, playbooks, and automation capabilities. Skills & Experience Strong experience with SIEM platforms (e.g., Microsoft Sentinel, Sumo Logic) Hands-on experience with EDR/XDR tools (e.g., CrowdStrike, Microsoft Defender) Solid understanding of: Incident response lifecycle Threat detection methodologies Networking protocols (TCP/IP, DNS, HTTP/S) Experience analysing logs from multiple sources (endpoints, network, cloud) Ability to independently investigate and resolve security incidents Scripting or automation experience (e.g., Python, PowerShell) is a plus Strong communication and stakeholder management skills What You'll Be Doing Acting as an escalation point for Level 1 analysts Working closely with customers and internal teams on incident investigations Tuning detection rules and improving alert quality Staying up to date with emerging threats, vulnerabilities, and attack techniques Supporting and mentoring junior analysts Requirements UK Citizenship (required due to the nature of the role) If you are looking for a progressive move with an established Cyber company, please do send your application through for consideration.

This role has a starting salary of 53,713 per annum, for working 36 hours per week. We are excited to be recruiting a Senior Security Analyst to join our fantastic team based at Woodhatch Place in Reigate. We offer a hybrid working model with a minimum of two office days per week. Our Offer to You 26 days' holiday, rising to 28 days after 2 years' service and 31 days after 5 years' service (prorated for part time staff) Option to buy up to 10 days of additional annual leave A generous local government salary related pension Up to 5 days of carer's leave and 2 paid volunteering days per year Paternity, adoption and dependents leave An Employee Assistance Programme (EAP) to support health and wellbeing Learning and development hub where you can access a wealth of resources Wellbeing and lifestyle discounts including gym, travel, and shopping A chance to make a real difference to the lives of our residents. About The Role As a Senior Security Analyst, you will play a central role in strengthening Surrey County Council's cyber resilience. Your day-to-day work will include proactive security monitoring across our hybrid cloud and on premises environment, triaging and investigating alerts, and supporting coordinated incident response activities. You will operate our vulnerability management processes, translate threat intelligence into actionable defences, and contribute to the improvement of detection content and security controls. You will also work closely with IT colleagues and suppliers to address risks, gather evidence for audits, and prepare clear reporting on security posture and emerging trends. This role does not include direct line management responsibilities, but you will regularly provide specialist guidance, coaching, and support to colleagues across IT&D and partner teams. Over the next 12 to 18 months, you will contribute to several high impact initiatives including: Establishing a more mature, risk based vulnerability management lifecycle and reducing exposure windows across critical systems Enhancing incident response readiness through improved playbooks, scenario testing, and lessons learned processes Uplifting monitoring coverage and the effectiveness of SIEM/EDR/NDR tooling, including tuning and detection improvements Strengthening supplier assurance processes, especially for cloud and SaaS services Supporting the development of updated cyber security policies, standards and operating procedures This is a pivotal role for a motivated cyber professional who wants to make a measurable difference. You will directly influence Surrey County Council's operational security posture and help reduce risk across services that support residents, communities, and frontline operations. Your insights and expertise will shape decision making, improve control maturity, and contribute to a safer, more resilient public service environment. Your Application In order to be considered for shortlisting, your application will clearly evidence the following skills and align withour behaviour: Strong experience in cyber security operations, including alert triage, investigation, and incident response Demonstrable capability in vulnerability management and translating technical risk into meaningful actions Ability to analyse complex information and present clear, concise reports and recommendations Proven ability to work collaboratively with technical and non technical stakeholders Commitment to continuous professional development and staying current with emerging threats High-level proficiency with security tooling (SIEM, EDR, cloud security tools) and modern IT environments Alignment with our values of accountability, teamwork, and inclusive service delivery To apply, we request that you submit a CV and you will be asked the following 4 questions: Give an example of how you have helped build a positive security culture across teams. Describe a time when you led or contributed to triage, investigation, or response during a cyber security incident. What actions did you take, and what was the outcome? Give an example of when you identified a significant technical vulnerability or risk. How did you communicate it to stakeholders, and what actions were taken as a result? Tell us about a situation where you analysed complex security information or data and produced a report or recommendation. How did you ensure your findings were clear, concise, and actionable? The job advert closes at 23:59 on 12/04/2026, with interviews planned to follow shortly thereafter. Local Government Reorganisation (LGR) Surrey County Council is undergoing Local Government Reorganisation, moving from a two-tier system to two new unitary councils in April 2027. If you are employed by Surrey on 1st April 2027, your role will transfer with current terms and conditions to one of the new organisations, supporting local devolution and greater powers for our communities. Join our dynamic team and shape the future of local government. Make a lasting impact with innovative solutions and improved services for our community. Help us build a brighter future for our residents! Our Commitment We are a disability confident employer which means if you have shared a disability on your application form and have evidenced you meet the minimum criteria, we guarantee you an interview. Your skills and experience truly matter to us. From application to your first day, we're committed to supporting you with any adjustments you need, we value inclusion and warmly welcome you to join and help build a workplace where everyone belongs.

Position: SOC Analyst Location: Cheltenham (Hybrid - 3 days a week) Contract Type: 3 months Hours: 40 per week Start Date: 16/10/2025 Holiday Entitlement: 33 days Pay Rate: £380 PAYE/£504 Umbrella PD About the Team: You will have the opportunity to leverage the latest technologies and develop your skills in an innovative, collaborative environment that supports career growth and learning. What You Will Do: As a SOC Analyst, you will play a key role in monitoring and responding to security alerts, assisting with incident investigations, and supporting clients to strengthen their security posture. Key responsibilities include: Working a combination of day and night shifts. Responding to security alerts and incidents. Collaborating closely with client analysts. Conducting detailed analysis of monitoring system data. Escalating incidents when necessary and serving as a point of contact. Planning and conducting threat hunting under supervision. Reviewing alerts for tuning opportunities. Performing proactive threat research. Supporting the creation and implementation of new detection signatures. Assisting in client engagements and service meetings. Contributing to the development of SOC playbooks. Required Skills and Experience: Strong understanding of computer networks, operating systems, software, hardware, and security principles. Knowledge of cyber security risks and mitigation strategies. Working familiarity with security technologies such as Firewalls, host intrusion prevention, and antivirus solutions. Relevant academic or industry-specific training. Preferred Attributes: Ability to identify more efficient ways of working. Maintain focus, energy, and effort under pressure. Proven creativity and innovation in problem-solving. Commitment to learning new skills, applications, and technologies. If you are interested, please apply directly. Randstad Technologies is acting as an Employment Business in relation to this vacancy.

*12 hour shift patterns & inside IR35* As a SOC Analyst you will: * Work a combination of day and night shifts. * Respond to alerts. * Work closely with client organization analysts. * Perform detailed analysis of the data captured by monitoring systems. * Escalate incidents where necessary and act as a point of contact throughout * Under supervision, plan and conduct threat hunting across client environments. * Review and identify alerts for further tuning. * Conduct proactive threat research. * Support the recommendation and implementation of new detection signatures. * Support client engagements and/or service meetings. * Support the development of SOC playbooks. The following skills and experience are required for this role: * A good understanding of computer networks, operating systems, software, hardware and security. * An understanding of cyber security risks associated with various technologies and ways to manage them. * A good working knowledge of various security technologies such as network and application Firewalls, host intrusion prevention and antivirus. * Any relevant academic or industry specific training. Set yourself apart: * Ability to seek out new ways of working more efficiently. * Sustain a high level of focus, effort, and energy. * Proven history developing innovative & creative solutions. * Strives to learn new skills, applications, and technologies through focused effort. LA International is a HMG approved ICT Recruitment and Project Solutions Consultancy, operating globally from the largest single site in the UK as an IT Consultancy or as an Employment Business & Agency depending upon the precise nature of the work, for security cleared jobs or non-clearance vacancies, LA International welcome applications from all sections of the community and from people with diverse experience and backgrounds. Award Winning LA International, winner of the Recruiter Awards for Excellence, Best IT Recruitment Company, Best Public Sector Recruitment Company and overall Gold Award winner, has now secured the most prestigious business award that any business can receive, The Queens Award for Enterprise: International Trade, for the second consecutive period.

Principal Cyber Security Incident Response Analyst 60,000 - 70,000 Full Time / Permanent West Midlands / Hybrid (1-2 days a month in the office ideally) The Role I am looking for a driven and experienced Principal Cyber Security Incident Response Analyst to join a large nationally recognised brand head quartered in the West Midlands. As a Principal Cyber Security Incident Response Analyst, you will play a pivotal role in protecting critical systems, assets, and people from cyber security threats. You'll be part of a world-class team, working at the forefront of threat detection and response. We are ideally looking for someone Midlands based who can be on site in Warwickshire 1-2 days a month on average. Responsibilities: Provide leadership and mentorship to Analysts and Senior Analysts, fostering a culture of excellence and continuous development. Drive the evolution and enhancement of the Cyber Security Incident Response function, ensuring the team consistently meets and exceeds key performance indicators. Lead investigations and remediation efforts for cyber security incidents and alerts across diverse sources, including network, endpoint, cloud environments, and threat intelligence feeds. Perform in-depth trend analysis to identify patterns and inform improvements in organisational controls and threat detection capabilities. Develop, maintain, and continuously improve documentation and reporting frameworks to support transparency, consistency, and strategic decision-making. Experience required: Previous experience in a similar Cyber Incident Response Analyst role, preferably in a senior or lead capacity. Strong experience in security monitoring across diverse systems and environments, including cloud and on-premises. Proven leadership in incident response within SOC settings. Deep understanding of the cyber threat landscape, attack vectors, and detection techniques. Proficient in cybersecurity tools, regulations, and compliance standards. Excellent communication and stakeholder engagement skills, with the ability to convey technical insights to varied audiences. Please apply via the link or contact (url removed) for more information Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law. Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers. By applying for this role your details will be submitted to Modis International Ltd and/ or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.

Threat Intelligence Analyst Fully Onsite in London Inside IR35 Contract Deerfoot Recruitment has been engaged to identify an experienced Threat Intelligence Analyst for a leading global banking organisation with an advanced cyber defence function in London. This is a fantastic opportunity to shape threat intelligence, work alongside Red/Blue Teams, and operationalise intelligence using the latest cybersecurity, penetration testing, and Breach & Attack Simulation (BAS) platforms. Key Responsibilities: Monitor and analyse global cyber threat landscapes, identifying threats, adversary tactics, and emerging risks Collaborate with Red Team, Blue Team, and Penetration Testing specialists to integrate intelligence into Breach & Attack Simulation (BAS) scenarios Act as a point of contact between threat intelligence, Red/Blue, and SOC teams to align threat modelling and adversary simulation Support threat hunting activities and provide tactical, contextual intelligence to stakeholders Model and assess threat actors, including motivations, capabilities, attack vectors, and impacts Leverage the MITRE ATT&CK framework for mapping adversary behaviours and detection Develop and update threat profiles, attack surface assessments, and adversary emulation plans Present high-quality threat briefings, risk assessments, and operational recommendations Participate in incident response, providing context, attributions, and support as required Required Skills & Experience: Extensive experience in threat intelligence, cybersecurity operations, or penetration testing Proven ability to work collaboratively with Red/Blue teams and Security Operations Centres (SOC) Hands-on experience with TIPs (Threat Intelligence Platforms), SIEM tools, and threat data enrichment solutions Practical exposure to Breach & Attack Simulation (BAS) tools for threat scenario development Strong knowledge of adversary TTPs, MITRE ATT&CK, and modern threat modelling techniques Technical proficiency with pentesting tools such as Metasploit Framework, Burp Suite, Kali Linux, and Pentera Experience producing actionable threat intelligence reports and clear technical briefings If you are ready to drive the next wave of cyber defense, apply via Deerfoot Recruitment today to learn more about this exciting contract opportunity. Deerfoot Recruitment Solutions Ltd is a leading independent tech recruitment consultancy in the UK. For every CV sent to clients, we donate £1 to The Born Free Foundation. We are a Climate Action Workforce in partnership with Ecologi. If this role isn't right for you, explore our referral reward program with payouts at interview and placement milestones. Visit our website for details. Deerfoot Recruitment Solutions Ltd acts as an Employment Business in relation to this vacancy.

Senior Cyber Security Analyst - Central Gov (Contract) Incident Response | Threat Detection | Forensics | SIEM The Cyber Defence team is hiring a Senior Cyber Security Analyst to lead on incident response and protect critical citizen-facing services. You'll: Investigate and respond to cyber incidents at scale Lead forensic analysis (systems, files, network, cloud) Coordinate containment, eradication & recovery actions Mentor Junior Analysts and shape IR playbooks Must have strong Splunk skills. Requirements: Strong incident response & cyber investigation experience Skilled with EDR/SIEM tools - splunk Deep knowledge of attacker TTPs Excellent problem solving & communication London | Competitive Day Rate | SC Clearance required | On-call rota

*Senior Cyber Security Analyst - £600-800pd (experience dependent) INSIDE IR35 - 3 month initial contract - London (3 days per week onsite)* Please note: Due to the nature of the role, we are ideally looking for candidates to hold an active SC clearance. We are looking for a SC Cleared Senior Cyber Security Analyst with SPLUNK experience to join our central government client on an initial 3-month contract. You must have experience investigating and responding to cyber incidents, co-ordinating incident response in a large organisation. We have both a Senior and mid-level role available. Main responsibilities: As a senior security analyst with responsibility for incident response, you will: Lead the investigation of security alerts to understand the nature and extent of possible cyber incidents Lead the forensic analysis of systems, files, network traffic and cloud environment Lead the technical response to cyber incidents by identifying and implementing (or coordinating the implementation of) containment, eradication and recovery actions Support the wider coordination of cyber incidents Review previous incidents to identify lessons and actions Identify and deliver opportunities for continual improvement of the incident response capability Work closely alongside other Cyber Defence functions, supporting the continual improvement of wider capabilities Develop and update internal plans, playbooks and knowledge base articles Act as an escalation point for, and provide coaching and mentoring to, security analysts Be responsible for leadership and line management of security analysts Cyber incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join. Essential skills and experience: SPLUNK EDR (Endpoint Detection and Response) Significant experience investigating and responding to cyber incidents Significant experience using security tools (eg, EDR, SIEM) to support the investigation and response to cyber incidents Experience managing and coordinating the response to cyber incidents Experience coaching and mentoring junior staff An in-depth understanding of the tools, techniques and procedures used by threat actors Damia Group Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept our Data Protection Policy which can be found on our website. Please note that no terminology in this advert is intended to discriminate on the grounds of a person's gender, marital status, race, religion, colour, age, disability or sexual orientation. Every candidate will be assessed only in accordance with their merits, qualifications and ability to perform the duties of the job. Damia Group is acting as an Employment Business in relation to this vacancy and in accordance to Conduct Regulations 2003.

Job Title: Senior Cyber Security Analyst - SC Location : Hybrid/London - 3 days a week on site Contract Duration : 3 months initially Daily Rate: £800/day (Umbrella - Maximum) IR35 Status: Inside IR35 Minimum requirement: Experience of investigating and responding to cyber incidents, coordinating incident response in large org 5+ years' experience with SPLUNK EDR (Endpoint Detection and Response) Analytical, problem solving Security Clearance: SC Senior Cyber Security Analyst The Cyber Defence team delivers cyber threat intelligence, threat detection, incident response and Vulnerability management capabilities for the organisation, and is responsible for defending both internal IT infrastructure and citizen-facing services. As a senior security analyst, you'll take a leading role in building and delivering these core capabilities, focusing on incident response. As a senior security analyst with responsibility for incident response, you will l: Lead the investigation of security alerts to understand the nature and extent of possible cyber incidents Lead the forensic analysis of systems, files, network traffic and cloud environments Lead the technical response to cyber incidents by identifying and implementing (or coordinating the implementation of) containment, eradication and recovery actions Support the wider coordination of cyber incidents Review previous incidents to identify lessons and actions Identify and deliver opportunities for continual improvement of the incident response capability Work closely alongside other Cyber Defence functions, supporting the continual improvement of wider capabilities Develop and update internal plans, playbooks and knowledge base articles Act as an escalation point for, and provide coaching and mentoring to, security analysts Be responsible for leadership and line management of security analysts Cyber incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join. We're interested in people who have: Significant experience investigating and responding to cyber incidents Significant experience using security tools (eg, EDR, SIEM) to support the investigation and response to cyber incidents Experience managing and coordinating the response to cyber incidents Experience coaching and mentoring junior staff An in-depth understanding of the tools, techniques and procedures used by threat actors Excellent analytical and problem solving skills Excellent verbal and written communication skills Experience with Splunk Experience working in an Agile environment Experience with cloud environments such as AWS Disability Confident As a member of the disability confident scheme, CLIENT guarantees to interview all candidates who have a disability and who meet all the essential criteria for the vacancy. In cases where we have a high volume of candidates who have a disability who meet all the essential criteria, we will interview the best candidates from within that group. Armed Forces Covenant CLIENT is proud to support the Armed Forces Covenant and as such, we guarantee to interview all veterans or spouses/partners of military personnel who meet all the essential criteria for the vacancy. In cases where we have a high volume of ex-military candidates/military spouses or partners, who meet all of the essential criteria, we will interview the best candidates from within that group. If you qualify for the above, please notify us. We will be in touch to discuss your suitability and arrange your Guaranteed Interview. Should you require reasonable adjustments at any point during the recruitment process or if there is a more accessible way for us to communicate, please do let me know. To apply for this role please submit your latest CV or contact Aspect Resources

Cyber Security Analyst - Manchester - £50,000 The Company: Lorien are working in partnership with a leading name in Manchester. With a strong focus on protecting their digital estate, they're now looking to hire a Cyber Security Analyst to help strengthen their InfoSec capabilities and ensure resilience against cyber threats. The Role: This is a hands-on role focused on protecting the organisation's network and systems from cyber-attacks. You'll be responsible for managing and remediating security incidents, tuning SIEM alerts, supporting endpoint detection and response tooling, and contributing to post-incident investigations.You'll also play a key role in vulnerability management, security reporting, and supporting the deployment and maintenance of security tooling across the estate. Working closely with the IT Security & Compliance Manager, you'll help shape the business's cyber defence strategy and educate stakeholders on best practices. The Skill Requirements:Successful candidates will have a blend of the following: Experience in Infrastructure support or working within a SOC/Security team Strong understanding of Microsoft O365/Azure Security, endpoint and email security tooling Familiarity with SIEM tools and IT Service Management platforms Knowledge of current and emerging cyber threats and security technologies Experience with vulnerability identification and remediation The Benefits: Salary up to £50,000 + bonus Hybrid working model (2 days onsite in Manchester) 25 days annual leave plus bank holidays Flexible working hours Opportunity to work in a fast-paced, high-impact environment If this sounds like something you'd be interested in, submit your application to be considered. Interviews will be scheduled over the coming weeks. Carbon60, Lorien & SRG - The Impellam Group STEM Portfolio are acting as an Employment Business in relation to this vacancy.

Cyber Threat Intelligence Analyst: Cyber, Threat, SOC, Security Clearance Our Global Enterprise client is looking for a skilled Cyber Security Analyst with 5-6 years of experience within Threat Intelligence to join their team. Start Date: ASAP Duration: 55 days Pay Rate: £487 per hour (PLEASE NOTE: Employer NI is paid for by the client) Total Daily Earnings: £553 (includes rolled up holiday) IR35 Status: Inside Location: Hybrid/Hatfield (some travel to Blackfriars if required but this will be on a rare occasion) NOTE: Active SC Clearance is highly desirable. Responsibilities: Threat Intelligence Platform (TIP) Maintenance (20%): Take ownership of the threat intelligence platform and related tooling, ensuring its effective utilisation for monitoring and analysing both cyber and geopolitical threats. Optimise the platform to enhance the team's capabilities in threat detection and response. Continue to develop access to internal data and leverage threat intelligence tooling to maximise intelligence opportunities. Cyber Threat Analysis & Dissemination (50%): Identify intelligence of concern for Computacenter across various sources and tooling and conduct analysis and assessment of such threats and their potential impact to the business. Monitor and analyse geopolitical events to identify potential impacts on the organisation's cyber security landscape. Using a variety of sources to increase knowledge, corroborate and parallel information. This involves engaging in communities and intelligence sharing initiatives. Have confidence in your ability to draw conclusions and provide intelligence led recommendations. Own and run regular briefings of Threat Intelligence to the wider security team. Respond to intelligence requests from internal teams, using all available sources of intelligence to produce assessments on the threat to support decision-making. Ensure clear and concise communication of assessments and complex bits of information for various stakeholders. Collaborate with cross-functional teams to address immediate intelligence needs and contribute to the overall security posture. Work closely alongside other Security Operations teams such as SOC Develop hypotheses based on threat intelligence to direct joint operations with Cyber Threat technical resources to direct threat hunting? Continue to develop access to internal data and leverage threat intelligence tooling to maximise intelligence opportunities. Dark Web Monitoring Ensuring Threat Intelligence Programme Meets Organisational Aims (15%): Collection of Priority Intelligence Requirements from key stakeholders Effective tracking of intelligence activities against these PIRs Reporting of service quality against KPIs Incident Response Support (15%): Required to work out of hours, when situation dictates, to support Incident Response activities Technical Skills & Experience: 5-6 years of experience within Threat Intelligence. Demonstrable experience in analysing and assessing cyber threats, including the ability to identify patterns and trends. Proficient in gathering, correlating, and interpreting data from various sources to produce actionable intelligence. Experience of giving detailed verbal threat briefings to key stakeholders. Experience working with a Threat Intelligence Platform (TIP). Excellent communication skills, including the ability to influence and persuade stakeholders to enact a more security focused approach. Understanding of the intelligence life cycle, from collection through to feedback. Experience in producing high-quality intelligence products and documentation for a variety of audiences. Familiarity with common cyber threats, threat actors, attack vectors, and vulnerabilities. Experience in leveraging open-source intelligence tools and techniques to gather information about threats. Knowledge of information assurance standards and frameworks including CIS, NIST, ISO 27001, Cyber Essentials/Essentials Plus, GDPR. Strong familiarity of threat cyber security frameworks such as MITRE ATT&CK, Killchain and NIST CSF 2.0 Desirable: Recognised information security and/or information technology industry certification. Good organisational and time management skills Experience of delivering and shaping Threat Modelling programmes Soft Skills: Excellent written and verbal English. Good presentation and moderation skills; professional and convincing manner of appearance and expression; clear, targeted communication (verbal and written). A strong desire to help others by sharing knowledge, peer reviewing, and contributing to technical and process standards. Work well within a team, report issues and risks, take part in team meetings, share ideas and work towards improving our service. Excellent communication and Customer facing customer service skills previous experience is essential. Ability to work independently and as part of a team is essential. To apply for this Cyber Threat Intelligence Analyst contract job, please click the button below and submit your latest CV. Curo Services endeavours to respond to all applications, however this may not always be possible during periods of high volume. Thank you for your patience. Curo Services is a trading name of Curo Resourcing Ltd and acts as an Employment Business for contract and temporary recruitment as well as an Employment Agency in relation to permanent vacancies.

Purple Team Analyst/Cyber Security Analyst - £90,000 base + bonus London - Canary Wharf - 2 days in the office Financial Services Purple Team Analyst/Cyber Security Analyst The Company This financial services business supports a truly global client base, managing trillions of dollars each day. They are looking to hire a Purple Team Analyst/Cyber Security Analyst into a newly created role to support increased Purple Teaming activities within the SecOps Function Purple Team Analyst/Cyber Security Analyst The Role The successful applicant for the Purple Team Analyst/Cyber Security Analyst will be responsible for: Planning, managing and running all Purple teaming activities across the SecOps and wider technology estate Producing playbooks and other documentation relevant to both Purple Teaming and the wider SecOps team Supporting the Threat hunting teams with related activities Engage in security reviews for integrations and new service s Assist with escalations from the SOC team Support with Security risk assessments for all high impact projects Review and update Security protocols to mitigate current threats and best practice Acting as a Subject Matter Expert for Purple Teaming within the wider IT Security Team Purple Team Analyst/Cyber Security Analyst Your background The successful candidate for the Purple Team Analyst/Cyber Security Analyst will have experience with: Planning and executing Purple tests Hands on IT Security analysis and security engineering in particular: Security systems Securing Networks On - call experience Malware analysis, Intrusion detection and Incident Response across a hybrid estate Ensuring a risk based approach to security Monitoring and tuning technical IT Security Controls The ideal Purple Team Analyst/Cyber Security Analyst will need strong people skills and the ability to work across and with multiple teams in the business To find out more, click the apply button now, or call to speak to Abigail Moss. We invite individuals from underrepresented groups to apply for any of our roles and are committed to supporting accessibility needs.

Job Title: Cyber Security Incident Response Specialist Location: London, Wokingham, or Warwick (2 days per week onsite - hybrid working) Contract Duration: 6months + initially, with high potential for extension (long-term programme) Clearance: SC required or eligible THIS PROJECT IS INSIDE IR35 Project Overview: We are looking for an experienced Cyber Security Incident Response Specialist to join a high-impact security programme supporting the resilience of UK critical national infrastructure (CNI) . You'll join a team responsible for responding to cyber threats across both cyber and physical domains - helping to manage the full incident life cycle, improve response maturity, and develop scalable IR documentation and exercises. This is a specialist role for someone with real-world IR experience and the ability to assess, escalate, and coordinate technical and business responses. Key Responsibilities: Lead or support incident response (IR) activities across the full life cycle: detection, triage, containment, eradication, recovery, and lessons learned Develop and maintain IR playbooks, plans, and post-incident reports Support post-incident reviews , including root cause analysis (RCA) and lessons learned sessions Design and deliver incident response exercises (eg tabletop simulations) Act as a subject matter expert (SME) for incident response processes and frameworks Collaborate with SOC teams, technical SMEs, and non-technical stakeholders Communicate IR outcomes effectively via reports, presentations, and briefings Build working relationships across internal security functions and external CNI/regulatory stakeholders Mandatory Requirements (Must-Have): Strong, recent experience in cybersecurity incident response Ability to make informed decisions during incidents (triage, escalate, communicate) Experience working in Critical National Infrastructure (CNI) sectors - eg utilities, energy, telco, banking, health, defence, or transport Working knowledge of NIST, MITRE ATT&CK , or equivalent frameworks Proven ability to communicate IR findings to technical and non-technical audiences Experience contributing to or owning IR playbooks, SOPs, or RCA documentation Must hold current SC clearance or have been previously cleared within the last 12-18 months Desirable Skills (Nice-to-Have): Experience within the energy or utilities sector Exposure to OT/ICS environments (eg SCADA, PLCs, DCS) Experience delivering or supporting tabletop IR exercises Familiarity with tools like Microsoft Sentinel, Defender, Splunk, QRadar, Tenable, CrowdStrike, etc. Industry certifications such as CISSP, GCFA, GEIR, CCIM, CISM, CEH , or equivalent What We're Not Looking For: Junior SOC analysts (L1/L2 triage only) Generalist cyber roles without deep IR exposure Candidates without experience in CNI or enterprise-scale IR

My client is a leading international Services busines and is looking for a forward thinking Senior Cyber Security Analyst to join our ambitious team on an exciting growth journey. In this key role, you will: Maintain and enhance our accredited Information Security Management System (ISMS), focusing on ISO 27001 and Cyber Essentials Plus . Mentor and guide Cyber Analysts, helping to define and mature Security Operations Centre ( SOC ) processes. Take a leading role in threat detection and incident response to protect critical assets and ensure effective security operations. Bring expertise in endpoint and network detection and response ( EDR/NDR ), information security standards, and frameworks such as MITRE ATT&CK and NIST . If you have a strong technical background in cyber security and Crowdstrike Falcon , thrive on continuous improvement, and enjoy empowering those around you, this is your chance to make a difference in a forward-thinking organisation committed to innovation and sustainability. This role is 3 days working hybrid in Crewe DCS Recruitment and all associated companies are committed to creating a working environment where diversity is celebrated and everyone is treated fairly, regardless of gender, gender identity, disability, ethnic origin, religion or belief, sexual orientation, marital or transgender status, age, or nationality