Description Cyber Security Architect At Leidos, we deliver innovative solutions through the efforts of our diverse and talented people who are dedicated to our customers' success. We empower our teams, contribute to our communities, and operate sustainably. Our Mission, Vision, and Values guide the way we do business. Role overview We are seeking a Senior Cyber Security Architect to support customer projects within Civil & Devolved Government and Energy (DG&E) divisions in the UK. You must be based in the UK with the ability to hold SC Clearance or above, and you may need to apply for additional personnel security clearances. You will design and assure robust security architectures for customers, delivering high assurance with minimal friction, focusing on simple, effective security that customers value. The role supports secure, efficiently managed technical architectures for sensitive programmes. You will engage with third parties and customers, establishing and supporting ongoing growth. The role requires flexibility to operate in an agile environment with strong scheduling and prioritisation skills. Responsibilities Lead the design, implementation, and assurance of cybersecurity architectures for the protection of programme data, systems, and networks. Provide expert guidance on security architecture and design patterns for cloud and hybrid environments. Conduct risk assessments, threat modelling, and develop mitigation strategies for new and existing solutions. Embed security controls into architectural designs to protect data and infrastructure. Produce and maintain architectural documentation, reporting, and communication with relevant stakeholders. Embed the Security Architecture Framework and assurance approaches into delivery to maintain build assurance of system and service security. Lead the delivery and assurance of security requirements from design through service transition. Support customers in developing Zero Trust Network Architecture (ZTNA) strategies and roadmaps to target-state capabilities. Lead security design and requirements for Microsoft Entra ID, supporting IDAM strategy development. Lead Security Architecture Forums, driving governance outcomes for customer programmes. Engage with the broader architect community to embed security-by-design into IT Governance and Technical Design Authority processes. Develop and implement security policies and standards as required to stay secure and compliant. Candidate Information British - Many projects have nationality restrictions. SC cleared (or eligible for SC Vetting) - many projects have nationality restrictions. Education/Experience Experience in a security architecture or senior security engineering role. Experience in a technical leadership or architecture-focused position. Relevant security architecture certifications (e.g., SABSA, TOGAF, CISSP-ISSAP, Microsoft Certified: Cybersecurity Architect Expert, AWS Certified Security - Specialty, or similar) is an advantage. Essential Process Skills/Experience Excellent verbal and written communication skills; works well in a team environment. Experience of the IT systems engineering and architecture lifecycle. Understanding of systems engineering lifecycle controls (requirements management, configuration management, testing and assurance) and where security architecture fits. Familiarity with lifecycles/methodologies (waterfall, incremental, agile, DevOps). Solid understanding of Confidentiality, Integrity, and Availability (CIA) and applying it in architectural delivery. Experience designing secure solutions for sensitive environments. Understanding of service operations and security operational management planning. Awareness of Security Frameworks such as ISO 27001, ISO 27002, NIST, and NCSC Cloud Security Principles. Experience mentoring and acting in a team lead or senior role, including work on accredited security solutions in sensitive government or CNI scenarios. Desirable Experience Experience in both customer delivery and consulting environments. Experience in SecDevOps, infrastructure as code, or security as code. Experience in CNI or Public Sector project environments. Experience working in AGILE environments. Experience defining and implementing Zero Trust/ZTNA roadmaps and identity security patterns (e.g., Microsoft Entra ID governance and access controls). Technology Skills/Experience Deep understanding of network and boundary protection technologies (firewalls, mail gateways, load balancers, anti-virus, IPS, IDS). Experience architecting Cloud Security Controls on Azure and AWS. Practical experience with Protective Monitoring systems (SIEM/SOC) and deployment principles. Understanding of authentication and authorization technologies (SAML, LDAP, PKI, etc.). Strong grasp of encryption protocols and their deployment in secure architectures. Experience defining security requirements for systems, including: Microsoft OS Linux OS Virtualisation technologies Networking Endpoint Security Products Communication and Soft Skills Capable of developing and communicating a vision to meet system and security requirements. Ability to communicate complex technical ideas across audiences. Commercial awareness and project discipline. Note: This description reflects the responsibilities and qualifications for the role and does not include non-job content such as promotional material. EEO and diversity statements are included as required by law.
11/06/2026
Full time
Description Cyber Security Architect At Leidos, we deliver innovative solutions through the efforts of our diverse and talented people who are dedicated to our customers' success. We empower our teams, contribute to our communities, and operate sustainably. Our Mission, Vision, and Values guide the way we do business. Role overview We are seeking a Senior Cyber Security Architect to support customer projects within Civil & Devolved Government and Energy (DG&E) divisions in the UK. You must be based in the UK with the ability to hold SC Clearance or above, and you may need to apply for additional personnel security clearances. You will design and assure robust security architectures for customers, delivering high assurance with minimal friction, focusing on simple, effective security that customers value. The role supports secure, efficiently managed technical architectures for sensitive programmes. You will engage with third parties and customers, establishing and supporting ongoing growth. The role requires flexibility to operate in an agile environment with strong scheduling and prioritisation skills. Responsibilities Lead the design, implementation, and assurance of cybersecurity architectures for the protection of programme data, systems, and networks. Provide expert guidance on security architecture and design patterns for cloud and hybrid environments. Conduct risk assessments, threat modelling, and develop mitigation strategies for new and existing solutions. Embed security controls into architectural designs to protect data and infrastructure. Produce and maintain architectural documentation, reporting, and communication with relevant stakeholders. Embed the Security Architecture Framework and assurance approaches into delivery to maintain build assurance of system and service security. Lead the delivery and assurance of security requirements from design through service transition. Support customers in developing Zero Trust Network Architecture (ZTNA) strategies and roadmaps to target-state capabilities. Lead security design and requirements for Microsoft Entra ID, supporting IDAM strategy development. Lead Security Architecture Forums, driving governance outcomes for customer programmes. Engage with the broader architect community to embed security-by-design into IT Governance and Technical Design Authority processes. Develop and implement security policies and standards as required to stay secure and compliant. Candidate Information British - Many projects have nationality restrictions. SC cleared (or eligible for SC Vetting) - many projects have nationality restrictions. Education/Experience Experience in a security architecture or senior security engineering role. Experience in a technical leadership or architecture-focused position. Relevant security architecture certifications (e.g., SABSA, TOGAF, CISSP-ISSAP, Microsoft Certified: Cybersecurity Architect Expert, AWS Certified Security - Specialty, or similar) is an advantage. Essential Process Skills/Experience Excellent verbal and written communication skills; works well in a team environment. Experience of the IT systems engineering and architecture lifecycle. Understanding of systems engineering lifecycle controls (requirements management, configuration management, testing and assurance) and where security architecture fits. Familiarity with lifecycles/methodologies (waterfall, incremental, agile, DevOps). Solid understanding of Confidentiality, Integrity, and Availability (CIA) and applying it in architectural delivery. Experience designing secure solutions for sensitive environments. Understanding of service operations and security operational management planning. Awareness of Security Frameworks such as ISO 27001, ISO 27002, NIST, and NCSC Cloud Security Principles. Experience mentoring and acting in a team lead or senior role, including work on accredited security solutions in sensitive government or CNI scenarios. Desirable Experience Experience in both customer delivery and consulting environments. Experience in SecDevOps, infrastructure as code, or security as code. Experience in CNI or Public Sector project environments. Experience working in AGILE environments. Experience defining and implementing Zero Trust/ZTNA roadmaps and identity security patterns (e.g., Microsoft Entra ID governance and access controls). Technology Skills/Experience Deep understanding of network and boundary protection technologies (firewalls, mail gateways, load balancers, anti-virus, IPS, IDS). Experience architecting Cloud Security Controls on Azure and AWS. Practical experience with Protective Monitoring systems (SIEM/SOC) and deployment principles. Understanding of authentication and authorization technologies (SAML, LDAP, PKI, etc.). Strong grasp of encryption protocols and their deployment in secure architectures. Experience defining security requirements for systems, including: Microsoft OS Linux OS Virtualisation technologies Networking Endpoint Security Products Communication and Soft Skills Capable of developing and communicating a vision to meet system and security requirements. Ability to communicate complex technical ideas across audiences. Commercial awareness and project discipline. Note: This description reflects the responsibilities and qualifications for the role and does not include non-job content such as promotional material. EEO and diversity statements are included as required by law.
LA International Computer Consultants Ltd
Weston-super-mare, Somerset
148773 IT System Lead ID 148773 Job Order ID on Contract Client's Job Title IT System Lead Status Live Open/Closed Open Overview Edit Activity Notes (532) Files (0) Shortlists (0) Shortlisted Candidate Interested CV Sent Interview Placement Internal Description Job Title: IT Systems, Cyber & Infrastructure Lead (SFIA Level 5+) Salary: £45,000 - £65,000 basic Location: Weston-Super-Mare (office based) Overview A growing UK-based engineering and R&D organisation is seeking a hands-on IT Systems, Cyber & Infrastructure Lead to take ownership of its internal IT environment. The role is responsible for ensuring secure, stable, and well-structured IT operations across corporate and technical systems, supporting both business operations and project delivery. Environment The IT estate includes Microsoft 365 (E5), Azure, Windows/Linux systems, and Fortinet-based networking (Firewalls, VPN, switching, failover), along with isolated technical environments supporting R&D work. Role Purpose To provide technical leadership and full operational ownership of IT infrastructure, ensuring systems are secure, reliable, and consistently managed. The role embeds cyber security into day-to-day operations and reduces reliance on external support through improved internal capability and control. Key Responsibilities Own and manage the end-to-end IT estate across infrastructure, cloud, and endpoints Define and enforce system standards, access controls, and configuration policies Lead cyber security implementation aligned to recognised frameworks (eg ISO27001, Cyber Essentials Plus) Manage network infrastructure including Firewalls, VPNs, switching, and segmentation Oversee Azure and Microsoft 365 environments, including identity, access, and device management Support and standardise Windows/Linux and specialist development environments Ensure controlled integration of external, contractor, and remote access Maintain clear technical documentation and system visibility Line manage and develop junior IT staff Report on system health, risks, and improvements to senior leadership Requirements Significant experience in IT infrastructure/systems leadership (SFIA Level 5+ equivalent) Strong hands-on expertise with Microsoft 365, networking, and enterprise IT systems Experience with Azure (desirable) and Linux environments (beneficial) Knowledge of cyber security frameworks and secure system design Ability to operate in structured, controlled, and standards-driven environments Eligible for UK security clearance (SC level) Success Measures (6-12 months) Clear ownership and control of IT systems Stable, well-documented infrastructure and cloud environments Reduced reliance on external support Improved internal capability and governance alignment Stronger security posture across all systems Working Model Full-time, office-based role Weston-Super-Mare office location Reports to senior IT leadership/board-level IT function Manages IT Technician/Apprentice Due to the nature and urgency of this post, candidates holding or who have held high level security clearance in the past are most welcome to apply. Please note successful applicants will be required to be security cleared prior to appointment which can take a minimum 10 weeks. LA International is an award-winning partner of choice for many of the world's most influential companies and government organisations. Holding Enhanced Government Security Accreditation, we are recognised as the European market leader in the delivery of Security Cleared talent to organisations that demand the very highest levels of security, compliance and assurance. An award-winning organisation, having secured the prestigious Queens Award for Enterprise: International Trade over multiple years. We are committed to fostering an inclusive, equitable and accessible workplace where everyone feels valued and supported. We welcome applications from all individuals, regardless of background or identity, and we encourage candidates who may not meet every listed requirement to still apply. If you require any adjustments or support during the recruitment process, please let us know and we will work with you to ensure a fair and accessible experience. Please Note: If a high volume of applications is received, only candidates shortlisted will be contacted.
10/06/2026
Full time
148773 IT System Lead ID 148773 Job Order ID on Contract Client's Job Title IT System Lead Status Live Open/Closed Open Overview Edit Activity Notes (532) Files (0) Shortlists (0) Shortlisted Candidate Interested CV Sent Interview Placement Internal Description Job Title: IT Systems, Cyber & Infrastructure Lead (SFIA Level 5+) Salary: £45,000 - £65,000 basic Location: Weston-Super-Mare (office based) Overview A growing UK-based engineering and R&D organisation is seeking a hands-on IT Systems, Cyber & Infrastructure Lead to take ownership of its internal IT environment. The role is responsible for ensuring secure, stable, and well-structured IT operations across corporate and technical systems, supporting both business operations and project delivery. Environment The IT estate includes Microsoft 365 (E5), Azure, Windows/Linux systems, and Fortinet-based networking (Firewalls, VPN, switching, failover), along with isolated technical environments supporting R&D work. Role Purpose To provide technical leadership and full operational ownership of IT infrastructure, ensuring systems are secure, reliable, and consistently managed. The role embeds cyber security into day-to-day operations and reduces reliance on external support through improved internal capability and control. Key Responsibilities Own and manage the end-to-end IT estate across infrastructure, cloud, and endpoints Define and enforce system standards, access controls, and configuration policies Lead cyber security implementation aligned to recognised frameworks (eg ISO27001, Cyber Essentials Plus) Manage network infrastructure including Firewalls, VPNs, switching, and segmentation Oversee Azure and Microsoft 365 environments, including identity, access, and device management Support and standardise Windows/Linux and specialist development environments Ensure controlled integration of external, contractor, and remote access Maintain clear technical documentation and system visibility Line manage and develop junior IT staff Report on system health, risks, and improvements to senior leadership Requirements Significant experience in IT infrastructure/systems leadership (SFIA Level 5+ equivalent) Strong hands-on expertise with Microsoft 365, networking, and enterprise IT systems Experience with Azure (desirable) and Linux environments (beneficial) Knowledge of cyber security frameworks and secure system design Ability to operate in structured, controlled, and standards-driven environments Eligible for UK security clearance (SC level) Success Measures (6-12 months) Clear ownership and control of IT systems Stable, well-documented infrastructure and cloud environments Reduced reliance on external support Improved internal capability and governance alignment Stronger security posture across all systems Working Model Full-time, office-based role Weston-Super-Mare office location Reports to senior IT leadership/board-level IT function Manages IT Technician/Apprentice Due to the nature and urgency of this post, candidates holding or who have held high level security clearance in the past are most welcome to apply. Please note successful applicants will be required to be security cleared prior to appointment which can take a minimum 10 weeks. LA International is an award-winning partner of choice for many of the world's most influential companies and government organisations. Holding Enhanced Government Security Accreditation, we are recognised as the European market leader in the delivery of Security Cleared talent to organisations that demand the very highest levels of security, compliance and assurance. An award-winning organisation, having secured the prestigious Queens Award for Enterprise: International Trade over multiple years. We are committed to fostering an inclusive, equitable and accessible workplace where everyone feels valued and supported. We welcome applications from all individuals, regardless of background or identity, and we encourage candidates who may not meet every listed requirement to still apply. If you require any adjustments or support during the recruitment process, please let us know and we will work with you to ensure a fair and accessible experience. Please Note: If a high volume of applications is received, only candidates shortlisted will be contacted.
Security Monitoring & SIEM Analyst Location: Berkshire (Onsite) Salary: 45,000 - 60,000 + excellent benefits & training Security Clearance: Ideally SC Cleared or eligible for SC (UK Nationals only) Company Overview An exciting opportunity to join a global technology organisation with a well-established cyber security capability supporting mission-critical environments. Cyber security is central to the organisation's strategy, with ongoing investment in tooling, threat intelligence, and specialist talent. The security function operates at a mature level, combining Security Operations, threat detection, incident response, and continuous improvement practices to defend against evolving threats. Role Overview As a Security Monitoring & SIEM Analyst, you will play a key role within the Security Operations function, focused on real-time detection, investigation, and response to cyber threats using SIEM and security tooling. This role combines hands-on SIEM analysis, alert triage, investigation, and detection improvement, alongside exposure to incident response and proactive threat detection activities. You will work across multiple data sources to identify suspicious behaviour, analyse events, and support the organisation's cyber defence posture through effective monitoring and rapid response. Key Responsibilities Monitor, analyse, and investigate security alerts across SIEM and security tooling Conduct detailed investigations across log, endpoint, identity, and network telemetry Develop and optimise detection logic and SIEM queries to improve alert fidelity Analyse security events and correlate activity across multiple data sources Support incident response activities, including containment, escalation, and remediation Perform IOC analysis, enrichment, and validation using threat intelligence sources Identify gaps in detection capabilities and contribute to continuous improvement Work closely with infrastructure, SOC, and incident response teams to enhance response capability Produce clear and structured investigation reports and escalation summaries Skills & Experience Required Core SIEM & Detection Skills Strong knowledge of SIEM platforms (e.g. Microsoft Sentinel, Splunk, Elastic) Experience writing and tuning queries using: o Kusto Query Language (KQL) o ES QL / Kibana Query Language o Splunk SPL Understanding of event correlation, alerting, and detection use-case development Technical Foundations Strong knowledge of: o Linux and Windows operating systems o Core networking concepts (TCP/IP, DNS, HTTP/S, firewalls, VPNs) Experience analysing logs across: o Endpoint, identity, network, and cloud environments Threat Detection & Security Tooling Strong knowledge of: o EDR/XDR concepts and workflows o IDS/IPS technologies and signature-based detection Experience working with tools such as: o Microsoft Defender, CrowdStrike, SentinelOne, or similar Threat & Adversary Knowledge Understanding of attacker Tactics, Techniques and Procedures (TTPs) and how they manifest in logs and telemetry Familiarity with MITRE ATT&CK framework Evidence of staying up to date with: o Emerging threats o Adversary tradecraft o Defensive techniques Incident Handling & Investigation Experience handling security incidents through: o Detection and triage o Investigation and analysis o Handover to Incident Response teams Strong understanding of: o Incident management processes o Host-based forensic concepts Ability to apply post-incident review (PIR) learnings to improve detection and response Desirable Experience Experience within a SOC or cyber defence environment Exposure to threat hunting or detection engineering Experience in high-security or regulated environments Certifications (Beneficial) Microsoft SC-200 (Security Operations Analyst) GIAC / SANS certifications (GCIH, GCIA, GCED, etc.) CREST (CPIA, CRIA, CCTIA, CCBTP) Other recognised cyber security certifications Why Join? Work within a mature Security Operations environment Exposure to advanced SIEM tooling and large-scale environments Strong investment in training, certifications, and progression Opportunity to develop into: o Senior SIEM Analyst o Detection Engineer o Threat Hunter About Adecco Adecco is acting as an Employment Agency. We are proud to be an equal opportunities employer. We are on the client's supplier list for this role.
02/06/2026
Full time
Security Monitoring & SIEM Analyst Location: Berkshire (Onsite) Salary: 45,000 - 60,000 + excellent benefits & training Security Clearance: Ideally SC Cleared or eligible for SC (UK Nationals only) Company Overview An exciting opportunity to join a global technology organisation with a well-established cyber security capability supporting mission-critical environments. Cyber security is central to the organisation's strategy, with ongoing investment in tooling, threat intelligence, and specialist talent. The security function operates at a mature level, combining Security Operations, threat detection, incident response, and continuous improvement practices to defend against evolving threats. Role Overview As a Security Monitoring & SIEM Analyst, you will play a key role within the Security Operations function, focused on real-time detection, investigation, and response to cyber threats using SIEM and security tooling. This role combines hands-on SIEM analysis, alert triage, investigation, and detection improvement, alongside exposure to incident response and proactive threat detection activities. You will work across multiple data sources to identify suspicious behaviour, analyse events, and support the organisation's cyber defence posture through effective monitoring and rapid response. Key Responsibilities Monitor, analyse, and investigate security alerts across SIEM and security tooling Conduct detailed investigations across log, endpoint, identity, and network telemetry Develop and optimise detection logic and SIEM queries to improve alert fidelity Analyse security events and correlate activity across multiple data sources Support incident response activities, including containment, escalation, and remediation Perform IOC analysis, enrichment, and validation using threat intelligence sources Identify gaps in detection capabilities and contribute to continuous improvement Work closely with infrastructure, SOC, and incident response teams to enhance response capability Produce clear and structured investigation reports and escalation summaries Skills & Experience Required Core SIEM & Detection Skills Strong knowledge of SIEM platforms (e.g. Microsoft Sentinel, Splunk, Elastic) Experience writing and tuning queries using: o Kusto Query Language (KQL) o ES QL / Kibana Query Language o Splunk SPL Understanding of event correlation, alerting, and detection use-case development Technical Foundations Strong knowledge of: o Linux and Windows operating systems o Core networking concepts (TCP/IP, DNS, HTTP/S, firewalls, VPNs) Experience analysing logs across: o Endpoint, identity, network, and cloud environments Threat Detection & Security Tooling Strong knowledge of: o EDR/XDR concepts and workflows o IDS/IPS technologies and signature-based detection Experience working with tools such as: o Microsoft Defender, CrowdStrike, SentinelOne, or similar Threat & Adversary Knowledge Understanding of attacker Tactics, Techniques and Procedures (TTPs) and how they manifest in logs and telemetry Familiarity with MITRE ATT&CK framework Evidence of staying up to date with: o Emerging threats o Adversary tradecraft o Defensive techniques Incident Handling & Investigation Experience handling security incidents through: o Detection and triage o Investigation and analysis o Handover to Incident Response teams Strong understanding of: o Incident management processes o Host-based forensic concepts Ability to apply post-incident review (PIR) learnings to improve detection and response Desirable Experience Experience within a SOC or cyber defence environment Exposure to threat hunting or detection engineering Experience in high-security or regulated environments Certifications (Beneficial) Microsoft SC-200 (Security Operations Analyst) GIAC / SANS certifications (GCIH, GCIA, GCED, etc.) CREST (CPIA, CRIA, CCTIA, CCBTP) Other recognised cyber security certifications Why Join? Work within a mature Security Operations environment Exposure to advanced SIEM tooling and large-scale environments Strong investment in training, certifications, and progression Opportunity to develop into: o Senior SIEM Analyst o Detection Engineer o Threat Hunter About Adecco Adecco is acting as an Employment Agency. We are proud to be an equal opportunities employer. We are on the client's supplier list for this role.
Cyber Threat Detection / SIEM Analyst - SANS/GIAC Cyber Threat Detection Analyst Location: Wokingham, Berkshire (On-site) Salary: Competitive (dependent on experience) + excellent benefits & training Security Clearance: Ideally SC Cleared or eligible for SC Role Overview As a Cyber Threat Detection Analyst, you will play a hands-on role within an advanced cyber defence function, focused on proactive threat hunting, adversary behaviour analysis, and high-fidelity threat detection across enterprise environments. This role goes beyond reactive alert handling. You will actively hunt for malicious activity using telemetry, SIEM data, and threat intelligence, develop hypotheses based on MITRE ATT&CK Tactics, Techniques, and Procedures (TTPs), and support incident management and response activities when threats are identified. We are open to experienced SOC Analysts where threat hunting, investigations, and proactive detection have formed a significant part of their role, and who are looking to further develop in a more hunting-led environment. This position is well suited to analysts who enjoy thinking like an attacker, have worked alongside or supported red team or purple team activities, and want to deepen their expertise in threat detection and detection engineering. Skills & Experience We're Seeking Experience in threat hunting, cyber threat detection, SOC, blue team, or cyber defence environments, with ideally around five years hands on experience. Strong hands-on experience using SIEM platforms, including: Microsoft Sentinel (KQL) Splunk (SPL) Elastic Security/Kibana (KQL, ESQL) Practical and operational understanding of MITRE ATT&CK, attacker techniques, and adversary tradecraft Experience working with Indicators of Compromise (IOCs) and threat intelligence feeds Solid experience across the security event life cycle, including detection, investigation, and incident management Hands-on experience with EDR/XDR technologies such as Microsoft Defender, CrowdStrike, SentinelOne, or Carbon Black Strong knowledge of networking fundamentals (TCP/IP, DNS, HTTP/S, Firewalls, VPNs, Proxy technologies) Experience analysing telemetry from Windows, Linux, identity, endpoint, and network sources Strong analytical mindset with the ability to clearly communicate findings, impact, and risk Key Responsibilities Conduct proactive threat hunting activities across log, endpoint, and network telemetry to identify suspicious, stealthy, or previously unknown threats Develop and execute hunt hypotheses aligned to MITRE ATT&CK TTPs, adversary behaviours, and emerging threat intelligence Write, refine, and optimise SIEM queries using KQL, SPL, Elastic/ESQL, and Kibana Query Language Perform IOC analysis, enrichment, and validation, integrating internal and external threat intelligence sources Lead investigations from initial detection through scoping, root cause analysis, and impact assessment Support incident management and incident response activities, including containment, remediation, escalation, and lessons learned Collaborate closely with SOC teams, incident responders, red teams, and purple teams to validate detections and improve defensive coverage Contribute to detection logic improvements, use-case development, and continuous enhancement of hunting methodologies Produce clear investigation write-ups, timelines, and recommendations for technical and non-technical stakeholders Security Certifications (Highly Beneficial) SANS/GIAC certifications, including but not limited to: GCIH - Incident Handler GCIA - Intrusion Analyst GCED - Enterprise Defender GCTI - Cyber Threat Intelligence GMON - Continuous Monitoring GDAT - Defending Advanced Threats GCAT - Advanced Threat Intelligence OSCP or equivalent offensive security qualifications Crest certifications, such as: Crest Practitioner Intrusion Analyst (CPIA) Crest Registered Intrusion Analyst (CRIA) Crest Certified Threat Intelligence Analyst (CCTIA) Crest Certified Blue Team Professional (CCBTP) Microsoft SC-200 or related detection and response certifications Other recognised cyber security or threat intelligence credentials
27/05/2026
Full time
Cyber Threat Detection / SIEM Analyst - SANS/GIAC Cyber Threat Detection Analyst Location: Wokingham, Berkshire (On-site) Salary: Competitive (dependent on experience) + excellent benefits & training Security Clearance: Ideally SC Cleared or eligible for SC Role Overview As a Cyber Threat Detection Analyst, you will play a hands-on role within an advanced cyber defence function, focused on proactive threat hunting, adversary behaviour analysis, and high-fidelity threat detection across enterprise environments. This role goes beyond reactive alert handling. You will actively hunt for malicious activity using telemetry, SIEM data, and threat intelligence, develop hypotheses based on MITRE ATT&CK Tactics, Techniques, and Procedures (TTPs), and support incident management and response activities when threats are identified. We are open to experienced SOC Analysts where threat hunting, investigations, and proactive detection have formed a significant part of their role, and who are looking to further develop in a more hunting-led environment. This position is well suited to analysts who enjoy thinking like an attacker, have worked alongside or supported red team or purple team activities, and want to deepen their expertise in threat detection and detection engineering. Skills & Experience We're Seeking Experience in threat hunting, cyber threat detection, SOC, blue team, or cyber defence environments, with ideally around five years hands on experience. Strong hands-on experience using SIEM platforms, including: Microsoft Sentinel (KQL) Splunk (SPL) Elastic Security/Kibana (KQL, ESQL) Practical and operational understanding of MITRE ATT&CK, attacker techniques, and adversary tradecraft Experience working with Indicators of Compromise (IOCs) and threat intelligence feeds Solid experience across the security event life cycle, including detection, investigation, and incident management Hands-on experience with EDR/XDR technologies such as Microsoft Defender, CrowdStrike, SentinelOne, or Carbon Black Strong knowledge of networking fundamentals (TCP/IP, DNS, HTTP/S, Firewalls, VPNs, Proxy technologies) Experience analysing telemetry from Windows, Linux, identity, endpoint, and network sources Strong analytical mindset with the ability to clearly communicate findings, impact, and risk Key Responsibilities Conduct proactive threat hunting activities across log, endpoint, and network telemetry to identify suspicious, stealthy, or previously unknown threats Develop and execute hunt hypotheses aligned to MITRE ATT&CK TTPs, adversary behaviours, and emerging threat intelligence Write, refine, and optimise SIEM queries using KQL, SPL, Elastic/ESQL, and Kibana Query Language Perform IOC analysis, enrichment, and validation, integrating internal and external threat intelligence sources Lead investigations from initial detection through scoping, root cause analysis, and impact assessment Support incident management and incident response activities, including containment, remediation, escalation, and lessons learned Collaborate closely with SOC teams, incident responders, red teams, and purple teams to validate detections and improve defensive coverage Contribute to detection logic improvements, use-case development, and continuous enhancement of hunting methodologies Produce clear investigation write-ups, timelines, and recommendations for technical and non-technical stakeholders Security Certifications (Highly Beneficial) SANS/GIAC certifications, including but not limited to: GCIH - Incident Handler GCIA - Intrusion Analyst GCED - Enterprise Defender GCTI - Cyber Threat Intelligence GMON - Continuous Monitoring GDAT - Defending Advanced Threats GCAT - Advanced Threat Intelligence OSCP or equivalent offensive security qualifications Crest certifications, such as: Crest Practitioner Intrusion Analyst (CPIA) Crest Registered Intrusion Analyst (CRIA) Crest Certified Threat Intelligence Analyst (CCTIA) Crest Certified Blue Team Professional (CCBTP) Microsoft SC-200 or related detection and response certifications Other recognised cyber security or threat intelligence credentials
SIEM Analyst / Cyber Threat Detection Analyst - SANS/GIAC Cyber Threat Detection Analyst Location: Wokingham, Berkshire (On-site) Salary: Competitive (dependent on experience) + excellent benefits & training Security Clearance: Ideally SC Cleared or eligible for SC Role Overview As a SIEM Analyst Cyber Threat Detection, you will play a hands-on role within an advanced cyber defence function, focused on proactive threat hunting, adversary behaviour analysis, and high-fidelity threat detection across enterprise environments. This role goes beyond reactive alert handling. You will actively hunt for malicious activity using telemetry, SIEM data, and threat intelligence, develop hypotheses based on MITRE ATT&CK Tactics, Techniques, and Procedures (TTPs), and support incident management and response activities when threats are identified. We are open to experienced SOC Analysts where threat hunting, investigations, and proactive detection have formed a significant part of their role, and who are looking to further develop in a more hunting-led environment. This position is well suited to analysts who enjoy thinking like an attacker, have worked alongside or supported red team or purple team activities, and want to deepen their expertise in threat detection and detection engineering. Skills & Experience We're Seeking Experience in threat hunting, cyber threat detection, SOC, blue team, or cyber defence environments, with ideally around five years hands on experience. Strong hands-on experience using SIEM platforms, including: Microsoft Sentinel (KQL) Splunk (SPL) Elastic Security/Kibana (KQL, ESQL) Practical and operational understanding of MITRE ATT&CK, attacker techniques, and adversary tradecraft Experience working with Indicators of Compromise (IOCs) and threat intelligence feeds Solid experience across the security event life cycle, including detection, investigation, and incident management Hands-on experience with EDR/XDR technologies such as Microsoft Defender, CrowdStrike, SentinelOne, or Carbon Black Strong knowledge of networking fundamentals (TCP/IP, DNS, HTTP/S, Firewalls, VPNs, Proxy technologies) Experience analysing telemetry from Windows, Linux, identity, endpoint, and network sources Strong analytical mindset with the ability to clearly communicate findings, impact, and risk Key Responsibilities Conduct proactive threat hunting activities across log, endpoint, and network telemetry to identify suspicious, stealthy, or previously unknown threats Develop and execute hunt hypotheses aligned to MITRE ATT&CK TTPs, adversary behaviours, and emerging threat intelligence Write, refine, and optimise SIEM queries using KQL, SPL, Elastic/ESQL, and Kibana Query Language Perform IOC analysis, enrichment, and validation, integrating internal and external threat intelligence sources Lead investigations from initial detection through scoping, root cause analysis, and impact assessment Support incident management and incident response activities, including containment, remediation, escalation, and lessons learned Collaborate closely with SOC teams, incident responders, red teams, and purple teams to validate detections and improve defensive coverage Contribute to detection logic improvements, use-case development, and continuous enhancement of hunting methodologies Produce clear investigation write-ups, timelines, and recommendations for technical and non-technical stakeholders Security Certifications (Highly Beneficial) SANS/GIAC certifications, including but not limited to: GCIH - Incident Handler GCIA - Intrusion Analyst GCED - Enterprise Defender GCTI - Cyber Threat Intelligence GMON - Continuous Monitoring GDAT - Defending Advanced Threats GCAT - Advanced Threat Intelligence OSCP or equivalent offensive security qualifications Crest certifications, such as: Crest Practitioner Intrusion Analyst (CPIA) Crest Registered Intrusion Analyst (CRIA) Crest Certified Threat Intelligence Analyst (CCTIA) Crest Certified Blue Team Professional (CCBTP) Microsoft SC-200 or related detection and response certifications Other recognised cyber security or threat intelligence credentials
21/05/2026
Full time
SIEM Analyst / Cyber Threat Detection Analyst - SANS/GIAC Cyber Threat Detection Analyst Location: Wokingham, Berkshire (On-site) Salary: Competitive (dependent on experience) + excellent benefits & training Security Clearance: Ideally SC Cleared or eligible for SC Role Overview As a SIEM Analyst Cyber Threat Detection, you will play a hands-on role within an advanced cyber defence function, focused on proactive threat hunting, adversary behaviour analysis, and high-fidelity threat detection across enterprise environments. This role goes beyond reactive alert handling. You will actively hunt for malicious activity using telemetry, SIEM data, and threat intelligence, develop hypotheses based on MITRE ATT&CK Tactics, Techniques, and Procedures (TTPs), and support incident management and response activities when threats are identified. We are open to experienced SOC Analysts where threat hunting, investigations, and proactive detection have formed a significant part of their role, and who are looking to further develop in a more hunting-led environment. This position is well suited to analysts who enjoy thinking like an attacker, have worked alongside or supported red team or purple team activities, and want to deepen their expertise in threat detection and detection engineering. Skills & Experience We're Seeking Experience in threat hunting, cyber threat detection, SOC, blue team, or cyber defence environments, with ideally around five years hands on experience. Strong hands-on experience using SIEM platforms, including: Microsoft Sentinel (KQL) Splunk (SPL) Elastic Security/Kibana (KQL, ESQL) Practical and operational understanding of MITRE ATT&CK, attacker techniques, and adversary tradecraft Experience working with Indicators of Compromise (IOCs) and threat intelligence feeds Solid experience across the security event life cycle, including detection, investigation, and incident management Hands-on experience with EDR/XDR technologies such as Microsoft Defender, CrowdStrike, SentinelOne, or Carbon Black Strong knowledge of networking fundamentals (TCP/IP, DNS, HTTP/S, Firewalls, VPNs, Proxy technologies) Experience analysing telemetry from Windows, Linux, identity, endpoint, and network sources Strong analytical mindset with the ability to clearly communicate findings, impact, and risk Key Responsibilities Conduct proactive threat hunting activities across log, endpoint, and network telemetry to identify suspicious, stealthy, or previously unknown threats Develop and execute hunt hypotheses aligned to MITRE ATT&CK TTPs, adversary behaviours, and emerging threat intelligence Write, refine, and optimise SIEM queries using KQL, SPL, Elastic/ESQL, and Kibana Query Language Perform IOC analysis, enrichment, and validation, integrating internal and external threat intelligence sources Lead investigations from initial detection through scoping, root cause analysis, and impact assessment Support incident management and incident response activities, including containment, remediation, escalation, and lessons learned Collaborate closely with SOC teams, incident responders, red teams, and purple teams to validate detections and improve defensive coverage Contribute to detection logic improvements, use-case development, and continuous enhancement of hunting methodologies Produce clear investigation write-ups, timelines, and recommendations for technical and non-technical stakeholders Security Certifications (Highly Beneficial) SANS/GIAC certifications, including but not limited to: GCIH - Incident Handler GCIA - Intrusion Analyst GCED - Enterprise Defender GCTI - Cyber Threat Intelligence GMON - Continuous Monitoring GDAT - Defending Advanced Threats GCAT - Advanced Threat Intelligence OSCP or equivalent offensive security qualifications Crest certifications, such as: Crest Practitioner Intrusion Analyst (CPIA) Crest Registered Intrusion Analyst (CRIA) Crest Certified Threat Intelligence Analyst (CCTIA) Crest Certified Blue Team Professional (CCBTP) Microsoft SC-200 or related detection and response certifications Other recognised cyber security or threat intelligence credentials
I am currently looking for 2 experienced Cyber Security Engineers (DV Cleared) for a client, based in Milton Keynes with occasional travel to London. DV Clearance is essential - applicants without current clearance unfortunately cannot be considered. About the Role: These roles sit within a client's Cybersecurity Operations function. You will play a key part in designing, implementing, and maintaining the platforms that support enterprise-scale security operations. From SIEM and log collection to endpoint detection, automation, and integration, you'll help ensure the SOC team has the reliable and scalable infrastructure it needs to detect, investigate, and respond to threats. Responsibilities: Manage and optimise SIEM platforms (Splunk, Microsoft Sentinel, open-source alternatives) across hybrid-cloud environments Configure and maintain log/data pipelines from endpoints, cloud services, and network devices Ensure high availability, reliability, and performance of core security platforms Integrate new security tools into the ecosystem, including automation via APIs, Scripting, and AI Maintain clear documentation, diagrams, and procedures to support knowledge sharing and consistency Skills & Experience: Strong hands-on experience with SIEM technologies (Splunk, Sentinel, etc.) Knowledge of cloud platforms (Azure, AWS, GCP) and hybrid environments Scripting skills (Python, PowerShell) for automation and integration Experience with SOAR and SecDevOps practices (Git, GitHub, Azure DevOps, CI/CD) Good understanding of frameworks such as NIST, MITRE ATT&CK, CAF Background in Incident Response or SOC analysis is highly valued Soft Skills: Strong analytical and problem-solving mindset Effective communication and collaboration skills Ability to thrive in a fast-paced, dynamic environment Certifications (Splunk, Microsoft, SANS, etc.) are desirable but not required. Location: Milton Keynes (with some travel to London) Positions: 2 available If you're DV cleared and want to take on a challenging and rewarding role with a leading organisation, I'd love to hear from you.
06/10/2025
Contractor
I am currently looking for 2 experienced Cyber Security Engineers (DV Cleared) for a client, based in Milton Keynes with occasional travel to London. DV Clearance is essential - applicants without current clearance unfortunately cannot be considered. About the Role: These roles sit within a client's Cybersecurity Operations function. You will play a key part in designing, implementing, and maintaining the platforms that support enterprise-scale security operations. From SIEM and log collection to endpoint detection, automation, and integration, you'll help ensure the SOC team has the reliable and scalable infrastructure it needs to detect, investigate, and respond to threats. Responsibilities: Manage and optimise SIEM platforms (Splunk, Microsoft Sentinel, open-source alternatives) across hybrid-cloud environments Configure and maintain log/data pipelines from endpoints, cloud services, and network devices Ensure high availability, reliability, and performance of core security platforms Integrate new security tools into the ecosystem, including automation via APIs, Scripting, and AI Maintain clear documentation, diagrams, and procedures to support knowledge sharing and consistency Skills & Experience: Strong hands-on experience with SIEM technologies (Splunk, Sentinel, etc.) Knowledge of cloud platforms (Azure, AWS, GCP) and hybrid environments Scripting skills (Python, PowerShell) for automation and integration Experience with SOAR and SecDevOps practices (Git, GitHub, Azure DevOps, CI/CD) Good understanding of frameworks such as NIST, MITRE ATT&CK, CAF Background in Incident Response or SOC analysis is highly valued Soft Skills: Strong analytical and problem-solving mindset Effective communication and collaboration skills Ability to thrive in a fast-paced, dynamic environment Certifications (Splunk, Microsoft, SANS, etc.) are desirable but not required. Location: Milton Keynes (with some travel to London) Positions: 2 available If you're DV cleared and want to take on a challenging and rewarding role with a leading organisation, I'd love to hear from you.
An exciting opportunity has arisen to join a world leading global organisation. Our client, a blue-chip IT company, is currently seeking an Azure and Active Directory Specialist Security Cleared based on their customer site in Aldermaston. This is a Full-time, permanent role, Monday to Friday then Monday to Thursday alternating weeks, 8 hours, and 20 minutes per day between 08:00 and 18:00 to start ASAP. The role is paying up to £65K depending on experience. Role Overview: We are looking for customer-focused Azure and Active Directory Engineer to join our busy Infrastructure Team supporting a hybrid AD environment. You should have a genuine interest in solving IT issues and empathetic to customer needs and requirements. Day to day tasks include expert management and troubleshooting of Azure and Active Directory services and issues within a complex locked down Infrastructure. You should possess good written and verbal communication skills, be willing to collaborate with the wider IT support teams and help us develop a strong partnership with our customers' IT Leadership. DV or SC clearance is preferred but not essential as there is the potential to obtain clearance Essential Skills/Qualifications: A dministration of Azure Active Directory Good understanding of Azure Security including Conditional Access Policies and Multi Factor Authentication and Privileged Identity Management Basic Azure Monitoring and log analytics Basic Azure PowerShell scripting Administration of Microsoft Windows Server 2 Group Policy Management Administration of DNS, WINS and DHCP Managing PKI Service requests Strong communication skills both written and verbal Self-motivated with a positive attitude and comfortable working with ambiguity Scripting experience using BAT, PowerShell Awareness of Change and Release Management Basic knowledge in Active Directory Federation Services Create Operations Guides Create High-level designs Minimum of 5yrs in 3rd Line Active AD role Desirable Skills/Qualifications: Azure Networking though not essential Basic knowledge with Azure Firewalls Basic knowledge Azure Windows Virtual Desktop & Management Azure Enterprise and ADFS Application Provisioning Basic Exchange Online administration skills Role & Functional based Security Delegation and Layers and Role Based Access Control Knowledge with MS Endpoint management Good knowledge across Office 365 ITIL Foundation certified with a broad experience across Service Management disciplines and Agile delivery Microsoft Azure Foundation Course and or Certification Some Business Intelligence / Data expertise using Microsoft products
07/10/2021
Full time
An exciting opportunity has arisen to join a world leading global organisation. Our client, a blue-chip IT company, is currently seeking an Azure and Active Directory Specialist Security Cleared based on their customer site in Aldermaston. This is a Full-time, permanent role, Monday to Friday then Monday to Thursday alternating weeks, 8 hours, and 20 minutes per day between 08:00 and 18:00 to start ASAP. The role is paying up to £65K depending on experience. Role Overview: We are looking for customer-focused Azure and Active Directory Engineer to join our busy Infrastructure Team supporting a hybrid AD environment. You should have a genuine interest in solving IT issues and empathetic to customer needs and requirements. Day to day tasks include expert management and troubleshooting of Azure and Active Directory services and issues within a complex locked down Infrastructure. You should possess good written and verbal communication skills, be willing to collaborate with the wider IT support teams and help us develop a strong partnership with our customers' IT Leadership. DV or SC clearance is preferred but not essential as there is the potential to obtain clearance Essential Skills/Qualifications: A dministration of Azure Active Directory Good understanding of Azure Security including Conditional Access Policies and Multi Factor Authentication and Privileged Identity Management Basic Azure Monitoring and log analytics Basic Azure PowerShell scripting Administration of Microsoft Windows Server 2 Group Policy Management Administration of DNS, WINS and DHCP Managing PKI Service requests Strong communication skills both written and verbal Self-motivated with a positive attitude and comfortable working with ambiguity Scripting experience using BAT, PowerShell Awareness of Change and Release Management Basic knowledge in Active Directory Federation Services Create Operations Guides Create High-level designs Minimum of 5yrs in 3rd Line Active AD role Desirable Skills/Qualifications: Azure Networking though not essential Basic knowledge with Azure Firewalls Basic knowledge Azure Windows Virtual Desktop & Management Azure Enterprise and ADFS Application Provisioning Basic Exchange Online administration skills Role & Functional based Security Delegation and Layers and Role Based Access Control Knowledge with MS Endpoint management Good knowledge across Office 365 ITIL Foundation certified with a broad experience across Service Management disciplines and Agile delivery Microsoft Azure Foundation Course and or Certification Some Business Intelligence / Data expertise using Microsoft products
We are currently recruiting on behalf of our global client, based in Hampshire and seeking an experienced SC/DV Security Cleared EndPoint Security Engineer. This role is a Full time site-based. The role will sit within the UK and Ireland Secure Infrastructure capability within the Security delivery organisation. It will require deep architectural and implementation knowledge of multiple security technologies. It is essential to have extensive knowledge and experience of infrastructure security technologies across endpoint and network security technologies and ability to architect and implement solutions for enterprise-scale clients. Day to day duties may include: Provide technology consulting to external customers and internal project teams. Responsible for providing technical support and/or leadership in the creation and delivery of technology solutions designed to meet customers' business needs and consequently, for understanding customers' businesses. As trusted advisor create and maintain effective customer relationships so as to ensure customer satisfaction. Maintain knowledge of leading edge technologies and industry/market domain knowledge. Actively contribute to client's Security's solutions portfolio by providing information ranging from technical knowledge to methodologies based on experience gained from customer projects. Shape technical direction and technical strategies within the organisation and for external customers. Accountable for consistent and significant chargeability levels (or expense relief for internal project teams) and for assisting in meeting or exceeding revenue and customer satisfaction goals. Contribute to organisation's profitability by generating and cultivating new business opportunities and by providing technical support for deal proposal development. Technical Skills and Experience Required: Essential Requirement: 5 years minimum proven track record of extensive experience in enabling installations and configurations products mapping to the client's Security portfolio Strong endpoint/network security skills with experience of configuring complex environments are paramount to this role. Implementation Experience within the below (experience within a minimum of 2 and below required) McAfee Microsoft Trend Broadcom (Symantec) Cisco F5 Check Point Blue Coat Fortinet FireEye Advantageous: Professional Accreditations/Certifications are preferred Additional Information: Due to the nature of the role, the successful candidate will have a valid UK Security Clearance prior to the start.
04/10/2021
Full time
We are currently recruiting on behalf of our global client, based in Hampshire and seeking an experienced SC/DV Security Cleared EndPoint Security Engineer. This role is a Full time site-based. The role will sit within the UK and Ireland Secure Infrastructure capability within the Security delivery organisation. It will require deep architectural and implementation knowledge of multiple security technologies. It is essential to have extensive knowledge and experience of infrastructure security technologies across endpoint and network security technologies and ability to architect and implement solutions for enterprise-scale clients. Day to day duties may include: Provide technology consulting to external customers and internal project teams. Responsible for providing technical support and/or leadership in the creation and delivery of technology solutions designed to meet customers' business needs and consequently, for understanding customers' businesses. As trusted advisor create and maintain effective customer relationships so as to ensure customer satisfaction. Maintain knowledge of leading edge technologies and industry/market domain knowledge. Actively contribute to client's Security's solutions portfolio by providing information ranging from technical knowledge to methodologies based on experience gained from customer projects. Shape technical direction and technical strategies within the organisation and for external customers. Accountable for consistent and significant chargeability levels (or expense relief for internal project teams) and for assisting in meeting or exceeding revenue and customer satisfaction goals. Contribute to organisation's profitability by generating and cultivating new business opportunities and by providing technical support for deal proposal development. Technical Skills and Experience Required: Essential Requirement: 5 years minimum proven track record of extensive experience in enabling installations and configurations products mapping to the client's Security portfolio Strong endpoint/network security skills with experience of configuring complex environments are paramount to this role. Implementation Experience within the below (experience within a minimum of 2 and below required) McAfee Microsoft Trend Broadcom (Symantec) Cisco F5 Check Point Blue Coat Fortinet FireEye Advantageous: Professional Accreditations/Certifications are preferred Additional Information: Due to the nature of the role, the successful candidate will have a valid UK Security Clearance prior to the start.
