89 jobs found

Cyber Threat Intelligence Analyst 3-Month Fixed-Term Contract £45,000 £55,000 pro rata (3-month fixed-term contract) Fully remote Must be UK based UK-Based Immediate Start Preferred Are you a Cyber Threat Intelligence Analyst who thrives on staying ahead of emerging threats? Do you enjoy analysing complex threat data and turning it into clear, actionable insight for security teams? Are you available for a 3-month contract where you can make an immediate impact within a threat-informed security function? We are recruiting for a Cyber Threat Intelligence Analyst to join an established cyber security function on a 3-month fixed-term contract. Reporting into the Cyber Threat Intelligence Manager, you will play a key role in delivering and enhancing the organisation s Cyber Threat Intelligence (CTI) capability, supporting the wider vision of a threat-informed cyber security operations model. With new vulnerabilities and adversarial activity emerging daily, this role is critical in ensuring intelligence is accurate, timely, and actionable. This is not a developmental role, we are looking for someone who can step in quickly, operate with minimal supervision, and add value from day one. The Role You will be responsible for monitoring, analysing, and producing intelligence across tactical, operational, and strategic domains, ensuring the security function operates from an intelligence-led, proactive position rather than a reactive one. Key responsibilities include: Delivering Cyber Threat Intelligence services aligned to recognised best practice and industry standards Monitoring changes in the global threat landscape that may impact the organisation and its customers Analysing threat data from multiple sources to identify patterns, trends, gaps, and emerging risks Producing clear, concise, and actionable intelligence products for technical and senior stakeholders Tracking relevant threat actors and adversarial groups, including their tactics, techniques, and procedures (TTPs) Maintaining and managing a cyber threat intelligence reference library Promoting a culture of threat-informed security across the CISO function Building strong relationships with internal and external stakeholders, championing the value of intelligence-led security Working with third-party intelligence providers to ensure effective delivery of external threat services Evaluating current security controls against known threat actors using frameworks such as MITRE ATT&CK and CIS Controls Supporting threat intelligence-led security testing initiatives, including red and purple teaming exercises Contributing to continuous improvement of the CTI capability What We Are Looking For Proven experience in Cyber Threat Intelligence analysis Ability to work autonomously within a short-term contract environment and deliver measurable outcomes quickly Strong understanding of threat actor behaviours, TTPs, and global threat trends Experience working with frameworks such as MITRE ATT&CK and CIS Ability to analyse large datasets and translate findings into meaningful intelligence outputs Experience producing intelligence reports across tactical, operational, and strategic levels Strong stakeholder communication skills Exposure to red/purple teaming or intelligence-driven testing initiatives is desirable Why This Role? Opportunity to contribute to a mature and evolving CTI function Immediate impact role within a forward-thinking cyber security team High visibility across the security and wider business function Fixed-term contract ideal for experienced analysts available at short notice If you are immediately available (or coming to the end of a contract) and would like to discuss this opportunity in more detail, I would be very happy to have a confidential conversation.

Role: T2 SOC Analyst Location: Manchester (Hybrid - 2 days on-site) Work Pattern: 24/7 (4 on 4 off) Salary: Up to £40,000 + 15% Shift Allowance Another fantastic opportunity has opened for an experienced SOC Analyst to join a UK-based Managed Security Service Provider as a Tier 2 SOC Analyst, supporting their key client. This is a hybrid role based in Doncaster on their 24/7 SOC operation. As part of this team, you will work alongside Tier 1 and Tier 3 Analysts, as well as a SOC Lead, to deliver continuous security monitoring, analysis, and incident response for their clients. This is an excellent opportunity for a current Tier 2 SOC Analyst looking for their next challenge, or for an experienced Tier 1 Analyst ready to step up into a Tier 2 role. Key Responsibilites: Monitor, assess, and investigate security alerts using security monitoring tools in line with agreed procedures and SLAs. Classify and prioritise potential incidents according to SOC processes and recognised industry frameworks. Produce clear and concise incident tickets, drawing on internal knowledge bases and independent analysis. Apply relevant threat intelligence to SOC operations, maintaining awareness of current threat trends and defensive monitoring approaches. Carry out proactive threat hunting to uncover advanced or hidden threats. Assist with the development and optimisation of detection rules and monitoring capabilities. Provide guidance and support to Junior Analysts when required. Requirements: Active or eligible for SC Clearance Experience in a SOC environment Certifications such as CompTIA A+, S+, N+, SC-200, CySa+ In-depth knowledge of common security threats, attack vectors, and migration stategies In-depth knowledge and experience with SIEM, EDR/ERP, AV, and NetMon tools Benefits: Salary up to £40,000 15% Shift Allowance 23 days AL + 8 BH Role: T2 SOC Analyst Location: Doncaster (Hybrid - 2 days on-site) Work Pattern: 24/7 (4 on 4 off) Salary: Up to £40,000 + 15% Shift Allowance Oscar Associates (UK) Limited is acting as an Employment Agency in relation to this vacancy. To understand more about what we do with your data please review our privacy policy in the privacy section of the Oscar website.

Role: T2 SOC Analyst Location: Manchester (Hybrid) Work Pattern: 24/7 (4 on 4 off) Salary: Up to £40,000 + 15% Shift Allowance Another fantastic opportunity has opened for an experienced SOC Analyst to join a UK-based Managed Security Service Provider as a Tier 2 SOC Analyst, supporting their key client. This is a hybrid role based in Manchester on their 24/7 SOC operation. As part of this team, you will work alongside Tier 1 and Tier 3 Analysts, as well as a SOC Lead, to deliver continuous security monitoring, analysis, and incident response for their clients. This is an excellent opportunity for a current Tier 2 SOC Analyst looking for their next challenge, or for an experienced Tier 1 Analyst ready to step up into a Tier 2 role. Key Responsibilites: Monitor, assess, and investigate security alerts using security monitoring tools in line with agreed procedures and SLAs. Classify and prioritise potential incidents according to SOC processes and recognised industry frameworks. Produce clear and concise incident tickets, drawing on internal knowledge bases and independent analysis. Apply relevant threat intelligence to SOC operations, maintaining awareness of current threat trends and defensive monitoring approaches. Carry out proactive threat hunting to uncover advanced or hidden threats. Assist with the development and optimisation of detection rules and monitoring capabilities. Provide guidance and support to Junior Analysts when required. Requirements: Active or eligible for SC Clearance Experience in a SOC environment Certifications such as CompTIA A+, S+, N+, SC-200, CySa+ In-depth knowledge of common security threats, attack vectors, and migration stategies In-depth knowledge and experience with SIEM, EDR/ERP, AV, and NetMon tools Benefits: Salary up to £40,000 15% Shift Allowance 23 days AL + 8 BH Role: T2 SOC Analyst Location: Manchester (Hybrid) Work Pattern: 24/7 (4 on 4 off) Salary: Up to £40,000 + 15% Shift Allowance Oscar Associates (UK) Limited is acting as an Employment Agency in relation to this vacancy. To understand more about what we do with your data please review our privacy policy in the privacy section of the Oscar website.

An exciting opportunity for a passionate SOC Shift Lead to join a unique, multi-national Information Management function. Ideal candidates should be committed to protecting our critical systems and ensuring the integrity and security of our network infrastructure. Salary: Circa £70,000, depending on experience+ Shift Premium Location: Stevenage Shift pattern: This role is on prem only. Shifts consisting of days (including early shift) and nights (including evening shift), with two working weekends per month and rest days, within an agreed team rota Security Clearance: British Citizen or a Dual UK national with British citizenship. This role will require SC Clearance and applicants will be required to undergo DV clearance if they do not already possess it. Restrictions and/or limitations relating to nationality and/or rights to work may apply. As a minimum and after offer stage, all successful candidates will need to undergo HMG Basic Personnel Security Standard checks (BPSS) and a Security Check (SC) clearance, which are managed by the MBDA Personnel Security Team. What we can offer you: Company Bonus: Bonus of up to 21% of base salary Pension: maximum total (employer and employee) contribution of up to 14% Enhanced parental leave: offers up to 26 weeks for maternity, adoption and shared parental leave -enhancements are available for paternity leave, neonatal leave and fertility testing and treatments Facilities: Fantastic site facilities including subsidised meals, free car parking and much more The opportunity: An opportunity has arisen within the Cyber Security Operation Centre (SOC) to establish a new pivotal role that ensures operational excellence and team continuity across a 24x7 defence environment. The SOC Shift Lead will provide quality assurance & continuity working across three rotating teams of Tier 1 and Tier 2 analysts, providing live operational oversight, procedural assurance, and ongoing mentorship. This role ensures each analyst team is aligned with evolving cyber threat detection standards, works in sync with response and intelligence functions, and delivers consistent high-quality casework across shifts. This is a senior operational role that builds upon the responsibilities of a senior SOC Analyst, introducing additional duties in mentoring, knowledge dissemination, quality control, and SOC capability uplift. If you are looking to leverage your technical skills in a values led company that values innovation and diversity, this is the place to make an impact. In addition to Senior SOC Analyst responsibilities (alert triage, threat detection, ticket response, and tooling operation), the SOC Shift Lead will provide: Shift Continuity & QA Operational assurance and standard enforcement across all active shifts. Review, assess, and QA analyst triage, case notes, and escalations. Ensure seamless shift handovers by maintaining clear communication protocols and supporting consistent documentation. Mentorship & Analyst Development Act as mentor for less experienced analysts, delivering just-in-time support and real-time knowledge sharing. Identify capability gaps within the shift team and report training needs to SOC management. Facilitate awareness of the latest threats, detection guidance, and tooling updates through briefings or job aids. Escalation & Communication Interface Serve as the first point of contact for non-critical escalations and queries within the shift team. Liaise with SOC Manager, CTI, and IR leads to clarify or communicate updated response requirements. Contribute to and support the alignment of ongoing SOC initiatives, project deliverables, and best practice dissemination. Feedback & Continuous Improvement Log procedural or workflow issues observed during shifts and propose improvements. Recommend updates to SOPs and playbooks based on frontline observations. Capture metrics on alert handling efficiency, response delays, and knowledge pain points The MBDA SOC Shift Lead reports to the SOC Manager. The MBDA SOC Shift Lead conducts a range of analysis and assists the incident response team with investigations that need to be escalated to an embedded MBDA member of staff. What we're looking for from you: A career background in Cyber Security. Security awareness and experience in all areas of IT, primarily Network Security, Infrastructure and the secondary area being Operating Systems & Applications. Ability to lead by example, enforce standards diplomatically, and foster a high-performing team culture. Prior experience in mentoring, peer coaching, or quality assurance within a SOC environment. Excellent written and verbal communication for coordination, escalation, and documentation purposes. Demonstrable understanding of the OSI Reference Model and the network communication protocols, including but not limited to DNS, HTTP/S, SSL, SMTP, FTP/S, LDAP/S. Demonstrable experience with Security Information Event Monitoring Tools and/or Network Packet Capture tools. Our company: Peace is not a given, Freedom is not a given, Sovereignty is not a given MBDA is a leading defence organisation. We are proud of the role we play in supporting the Armed Forces who protect our nations. We partner with governments to work together towards a common goal, defending our freedom. We are proud of our employee-led networks, examples include: Gender Equality, Pride, Menopause Matters, Parents and Carers, Armed Forces, Ethnic Diversity, Neurodiversity, Disability and more We recognise that everyone is unique, and we encourage you to speak to us should you require any advice, support or adjustments throughout our recruitment process. Follow us on LinkedIn (MBDA), X Instagram (MBDA_UK) and Glassdoor or visit our MBDA Careers website for more information.

About the opportunity Secure a guaranteed interview support and launch a career in cyber security. Netcom Training s fully-funded Cyber Security course (NCFE Certificate in Cyber Security Practices, Level 2) equips you with the practical skills employers are actively seeking. From threat intelligence and security testing to incident response and ethical compliance, you ll gain hands-on experience that prepares you for today s fast-growing cyber security and IT roles. Our learners have gone on to roles such as IT support, second line support, junior development, cyber security analysis and business analyst positions, working with companies across tech, logistics, public services and digital sectors. Complete the course and gain a guaranteed interview with a leading employer, helping you start your career protecting businesses, data and digital systems. Course Details Start Date: 16.03 Duration: 10 weeks Format: Online, pratical workshops Schedule: Mon-Thur 6PM-9PM What you ll learn Principles: Understand cyber security principles and core frameworks Threat Intelligence: Develop expertise to identify risks Testing: Conduct cyber security testing, identify vulnerabilities and implement controls Incident Response: Prepare for and respond to cyber security incidents Ethics: Understand legislation and ethical conduct within cyber security Professional Skills: Build professional skills and behaviours for the sector Protection: Gain practical knowledge to protect and secure digital environments Eligibility To apply, you must: Live in the Sheffield area Be aged 19 or over Earn below the gross annual wage cap of £23,400 Not currently be undertaking other government-funded training Not be in the UK on a student, graduate, postgraduate, or sponsored visa, or as a dependent Cost This is a fully-funded course with no fees complete the training, gain essential cyber security skills and secure your guaranteed interview.

About the opportunity Are you ready to launch a career in cyber security? Netcom Training s fully-funded Cyber Security course (NCFE Certificate in Cyber Security Practices, Level 2) equips you with the practical skills employers are actively seeking. From threat intelligence and security testing to incident response and ethical compliance, you ll gain hands-on experience that prepares you for today s fast-growing cyber security and IT roles. Our learners have gone on to roles such as IT support, second line support, junior development, cyber security analysis and business analyst positions, working with companies across tech, logistics, public services and digital sectors. Complete the course and gain a guaranteed interview with a leading employer, helping you start your career protecting businesses, data and digital systems. Course Details Start Date: 23/02 Duration: 10 weeks Format: Online, pratical workshops Schedule: Mon-Thur 6PM-9PM What you ll learn Principles: Understand cyber security principles and core frameworks Threat Intelligence: Develop expertise to identify risks Testing: Conduct cyber security testing, identify vulnerabilities and implement controls Incident Response: Prepare for and respond to cyber security incidents Ethics: Understand legislation and ethical conduct within cyber security Professional Skills: Build professional skills and behaviours for the sector Protection: Gain practical knowledge to protect and secure digital environments Career Pathway Successful participants are guaranteed an interview with us or our network of UK-wide partners working with leading brands. Eligibility To apply, you must: Live in the Sheffield area Be aged 19 or over Earn below the gross annual wage cap of £23,400 Not currently be undertaking other government-funded training Not be in the UK on a student, graduate, postgraduate, or sponsored visa, or as a dependent Cost This is a fully-funded course with no fees complete the training, gain essential cyber security skills and secure your guaranteed interview provided you meet the learner obligations outlined in our employablility terms and conditions, which can be found on our website.

About the opportunity Send your CV to us, complete the fully-funded course and get a certified qualification. Are you ready to launch a career in cyber security? Netcom Training s fully-funded Cyber Security course (NCFE Certificate in Cyber Security Practices, Level 2) equips you with the practical skills employers in Greater Manchester are actively seeking. From threat intelligence and security testing to incident response and ethical compliance, you ll gain hands-on experience that prepares you for today s fast-growing cyber security and IT roles. Our learners have gone on to roles such as Cyber Security Analyst, Junior Penetration Tester, SOC Analyst, and IT Support, working with companies across tech, logistics, public services, and digital sectors. Complete the course and gain a guaranteed interview with a leading employer, helping you start your career protecting businesses, data, and digital systems. Course Details Start Date: 16/02 Duration: 14 weeks Format: Online, practical workshops Schedule: Mon-Thurs 6-9PM What you ll learn Cyber Principles: Understand core frameworks and security principles. Threat Intelligence: Develop expertise to identify risks and analyze threats. Vulnerability Testing: Conduct cyber security testing, identify vulnerabilities, and implement controls. Incident Response: Prepare for and respond to live cyber security incidents. Ethics & Law: Understand legislation and ethical conduct within the cyber security sector. Professional Skills: Build the behaviours required for the modern cyber security workplace. Career Pathway Successful participants are guaranteed an interview with us or our network of UK-wide partners working with leading brands. Potential Roles: Trainee Cyber Security Analyst, SOC Analyst, Junior Information Security Officer Eligibility This is a government-funded opportunity. To apply, you must: Live in Greater Manchester. Be aged 19 or over. Earn below the gross annual wage cap of £32,400. Not currently be undertaking other government-funded training. Right to Work: You must have lived in the UK/EU for the last 3 years and have the right to work in the UK (Student/Graduate visas are not eligible). Cost This is a fully-funded course with no fees complete the training, gain essential cyber security skills, and secure your guaranteed interview. IT Support: Manage helpdesk tickets, resolve technical issues, and configure operating systems. Network & Cloud: Configure network devices and explore cloud computing models like IaaS and SaaS. Digital Security: Learn to protect data using risk management, SIEM tools, and vulnerability assessments. Data Management: Source, cleanse, and analyse data to present actionable insights. Digital Transformation: Explore Agile project management and how to support digital change. Sector Skills: Understand IT policies, legislation, and industry structure. Career Pathway Successful participants are guaranteed an interview with our network of partners. Potential Roles: IT Support Technician Cloud Support Assistant Junior Network Engineer Service Desk Analyst Eligibility This is a government-funded opportunity. To apply, you must: Live in Greater Manchester (GMCA region). Be aged 19 or over. Have lived in the UK/EU for a minimum of 3 years. Earn below the gross annual wage cap. Prerequisites: Basic IT skills are required. Cost This is a fully-funded course with no fees complete the training, build your portfolio, and secure your guaranteed interview. provided you meet the learner obligations outlined in our employablility terms and conditions, which can be found on our website.

About the opportunity Are you ready to launch a career in cyber security? Netcom Training s fully-funded Cyber Security course (NCFE Certificate in Cyber Security Practices, Level 2) equips you with the practical skills employers in Greater Manchester are actively seeking. From threat intelligence and security testing to incident response and ethical compliance, you ll gain hands-on experience that prepares you for today s fast-growing cyber security and IT roles. Our learners have gone on to roles such as Cyber Security Analyst, Junior Penetration Tester, SOC Analyst, and IT Support, working with companies across tech, logistics, public services, and digital sectors. Complete the course and gain a guaranteed interview with a leading employer, helping you start your career protecting businesses, data, and digital systems. Course Details Start Date: 09/03 Duration: 14 weeks Format: Online, practical workshops Schedule: Mon-Thurs 6-9PM What you ll learn Cyber Principles: Understand core frameworks and security principles. Threat Intelligence: Develop expertise to identify risks and analyze threats. Vulnerability Testing: Conduct cyber security testing, identify vulnerabilities, and implement controls. Incident Response: Prepare for and respond to live cyber security incidents. Ethics & Law: Understand legislation and ethical conduct within the cyber security sector. Professional Skills: Build the behaviours required for the modern cyber security workplace. Career Pathway Successful participants are guaranteed an interview with us or our network of UK-wide partners working with leading brands. Eligibility This is a government-funded opportunity. To apply, you must: Live in Greater Manchester. Be aged 19 or over. Earn below the gross annual wage cap of £32,400. Not currently be undertaking other government-funded training. Right to Work: You must have lived in the UK/EU for the last 3 years and have the right to work in the UK (Student/Graduate visas are not eligible). Cost This is a fully-funded course with no fees complete the training, gain essential cyber security skills, and secure your guaranteed interview provided you meet the learner obligations outlined in our employablility terms and conditions, which can be found on our website.

Cyber Security and Compliance Analyst Location: South East England (Remote - with occassional site visit) Salary: Up to 48k Contract Type: Permanent A leading UK-based organisation is seeking a Cyber Security and Compliance Analyst to strengthen its cyber and information security capabilities. This role is ideal for someone passionate about protecting infrastructure, ensuring regulatory compliance, and promoting a culture of security awareness. Key Responsibilities: Perform vulnerability assessments and penetration testing. Collaborate with technical teams to remediate risks. Maintain and evolve incident response plans and playbooks. Analyse security logs and threat intelligence feeds. Ensure compliance with GDPR, SOX, PCI, and internal policies. Lead security awareness initiatives and drills. Support day-to-day security operations and reporting. Tech Environment: Microsoft stack including Azure, Dynamics 365, and Office 365. E5, Requirements: Minimum 3 years in IT or ERP support within a service-focused environment. Strong understanding of service management frameworks. Excellent analytical and communication skills. Experience managing small to medium-sized technology projects. This company are planning some exciting things for 2026 an beyond so there will be lots to get your teeth stuck in to. If you're interested please apply!

Principal Cyber Security Incident Response Analyst 60,000 - 70,000 Full Time / Permanent West Midlands / Hybrid (1-2 days a month in the office ideally) The Role I am looking for a driven and experienced Principal Cyber Security Incident Response Analyst to join a large nationally recognised brand head quartered in the West Midlands. As a Principal Cyber Security Incident Response Analyst, you will play a pivotal role in protecting critical systems, assets, and people from cyber security threats. You'll be part of a world-class team, working at the forefront of threat detection and response. We are ideally looking for someone Midlands based who can be on site in Warwickshire 1-2 days a month on average. Responsibilities: Provide leadership and mentorship to Analysts and Senior Analysts, fostering a culture of excellence and continuous development. Drive the evolution and enhancement of the Cyber Security Incident Response function, ensuring the team consistently meets and exceeds key performance indicators. Lead investigations and remediation efforts for cyber security incidents and alerts across diverse sources, including network, endpoint, cloud environments, and threat intelligence feeds. Perform in-depth trend analysis to identify patterns and inform improvements in organisational controls and threat detection capabilities. Develop, maintain, and continuously improve documentation and reporting frameworks to support transparency, consistency, and strategic decision-making. Experience required: Previous experience in a similar Cyber Incident Response Analyst role, preferably in a senior or lead capacity. Strong experience in security monitoring across diverse systems and environments, including cloud and on-premises. Proven leadership in incident response within SOC settings. Deep understanding of the cyber threat landscape, attack vectors, and detection techniques. Proficient in cybersecurity tools, regulations, and compliance standards. Excellent communication and stakeholder engagement skills, with the ability to convey technical insights to varied audiences. Please apply via the link or contact (url removed) for more information Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law. Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers. By applying for this role your details will be submitted to Modis International Ltd and/ or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.

Cybersecurity Vulnerability Lead - £700 per day - Inside IR35 - Remote - 6 Months initial contract. Our client, the UKs leading producer of Zero Carbon energy, is looking for a Cybersecurity Vulnerability Lead to join them on a contract basis. This is a senior role with responsibility for the organisation s vulnerability management programme across multiple business units, technologies, and regulatory environments. The organisation has made significant investment in Tenable as its core vulnerability management platform. You ll be expected to lead its strategic and day-to-day usage, ensuring vulnerabilities are accurately identified, prioritised, and remediated while driving continuous improvement in how the platform is integrated and utilised. Candidates with strong Tenable expertise, particularly those who have embedded it at scale in large or regulated environments such as financial services, will be especially attractive for this role. Security Clearance - Due to the sensitive nature of the work, candidates must be eligible for SC clearance. Candidates with active or recently lapsed SC clearance will be prioritised. Applicants without clearance must be willing and eligible to undergo vetting. The Role - As Cybersecurity Vulnerability Lead, you will: Own the end-to-end vulnerability management programme, with Tenable One at the core. Define and deliver the strategy, policies, SLAs, and operating rhythm. Lead on risk-based prioritisation using exploit intelligence, asset criticality, and business impact. Translate scan data into clear, actionable remediation plans for technical teams. Build dashboards and executive reports (ServiceNow, Power BI). Provide rapid risk assessments and emergency patch governance during incidents. Support audits and regulatory compliance (ISO27001, CE+, GDPR, NIS2, ONR). Drive automation, integrating tools and workflows to improve efficiency. Act as subject matter expert for Tenable and related tooling, ensuring platforms are fully leveraged. Mentor analysts and security champions, building maturity across the team. About You - You will bring experience leading vulnerability management at enterprise scale, ideally in financial services or similarly regulated industries. You should also have hands-on knowledge of the following: Core Vulnerability Management - Tenable One (Exposure Management, Attack Surface Management, Attack Paths, Identity) AWS Inspector Agent-based and network-based scanning Cloud integrations (AWS, Azure, GCP) Dashboards and risk-based prioritisation Patch & Endpoint Management - Microsoft Intune / SCCM / WSUS Jamf Workflow & ITSM Integration - ServiceNow (dashboards, SOAR) Jira Cloud & Application Security - AWS Security Hub Azure Defender for Cloud Veracode Threat Intelligence & Exploit Context - Tenable Threat Intelligence Exploit DB Metasploit SIEM, SOAR & Monitoring - Microsoft Sentinel SOAR platforms (ServiceNow SOAR) Automation & Scripting - Python, PowerShell, Bash, Ansible Reporting & Metrics - Power BI ServiceNow dashboards Excel (advanced analysis) Frameworks & Standards - NIST CSF, ISO 27001, OWASP, CE / CE+, GDPR, NIS2, ONR Security Domains / Capabilities - Identity and Access Management (IAM) Network Security Data Protection Cloud Security Controls Application Security Security Monitoring Processes & Practices - Vulnerability Management Programmes Incident Response and Threat Assessment Emergency Patch Governance Risk-based Prioritisation (CVEs, exploit intelligence, asset criticality, business impact) Audit Support (internal assurance, penetration test follow-ups, external audits) Exception and exemption management Automation of manual tasks Dashboarding for risk and SLA metrics What's on Offer - A leadership role with significant influence across a major UK organisation. Opportunity to work with a forward-thinking Cyber Services function pushing boundaries in vulnerability management.

Threat Intelligence Analyst Fully Onsite in London Inside IR35 Contract Deerfoot Recruitment has been engaged to identify an experienced Threat Intelligence Analyst for a leading global banking organisation with an advanced cyber defence function in London. This is a fantastic opportunity to shape threat intelligence, work alongside Red/Blue Teams, and operationalise intelligence using the latest cybersecurity, penetration testing, and Breach & Attack Simulation (BAS) platforms. Key Responsibilities: Monitor and analyse global cyber threat landscapes, identifying threats, adversary tactics, and emerging risks Collaborate with Red Team, Blue Team, and Penetration Testing specialists to integrate intelligence into Breach & Attack Simulation (BAS) scenarios Act as a point of contact between threat intelligence, Red/Blue, and SOC teams to align threat modelling and adversary simulation Support threat hunting activities and provide tactical, contextual intelligence to stakeholders Model and assess threat actors, including motivations, capabilities, attack vectors, and impacts Leverage the MITRE ATT&CK framework for mapping adversary behaviours and detection Develop and update threat profiles, attack surface assessments, and adversary emulation plans Present high-quality threat briefings, risk assessments, and operational recommendations Participate in incident response, providing context, attributions, and support as required Required Skills & Experience: Extensive experience in threat intelligence, cybersecurity operations, or penetration testing Proven ability to work collaboratively with Red/Blue teams and Security Operations Centres (SOC) Hands-on experience with TIPs (Threat Intelligence Platforms), SIEM tools, and threat data enrichment solutions Practical exposure to Breach & Attack Simulation (BAS) tools for threat scenario development Strong knowledge of adversary TTPs, MITRE ATT&CK, and modern threat modelling techniques Technical proficiency with pentesting tools such as Metasploit Framework, Burp Suite, Kali Linux, and Pentera Experience producing actionable threat intelligence reports and clear technical briefings If you are ready to drive the next wave of cyber defense, apply via Deerfoot Recruitment today to learn more about this exciting contract opportunity. Deerfoot Recruitment Solutions Ltd is a leading independent tech recruitment consultancy in the UK. For every CV sent to clients, we donate £1 to The Born Free Foundation. We are a Climate Action Workforce in partnership with Ecologi. If this role isn't right for you, explore our referral reward program with payouts at interview and placement milestones. Visit our website for details. Deerfoot Recruitment Solutions Ltd acts as an Employment Business in relation to this vacancy.

Job Title: Senior Cyber Security Analyst - SC Location : Hybrid/London - 3 days a week on site Contract Duration : 3 months initially Daily Rate: £800/day (Umbrella - Maximum) IR35 Status: Inside IR35 Minimum requirement: Experience of investigating and responding to cyber incidents, coordinating incident response in large org 5+ years' experience with SPLUNK EDR (Endpoint Detection and Response) Analytical, problem solving Security Clearance: SC Senior Cyber Security Analyst The Cyber Defence team delivers cyber threat intelligence, threat detection, incident response and Vulnerability management capabilities for the organisation, and is responsible for defending both internal IT infrastructure and citizen-facing services. As a senior security analyst, you'll take a leading role in building and delivering these core capabilities, focusing on incident response. As a senior security analyst with responsibility for incident response, you will l: Lead the investigation of security alerts to understand the nature and extent of possible cyber incidents Lead the forensic analysis of systems, files, network traffic and cloud environments Lead the technical response to cyber incidents by identifying and implementing (or coordinating the implementation of) containment, eradication and recovery actions Support the wider coordination of cyber incidents Review previous incidents to identify lessons and actions Identify and deliver opportunities for continual improvement of the incident response capability Work closely alongside other Cyber Defence functions, supporting the continual improvement of wider capabilities Develop and update internal plans, playbooks and knowledge base articles Act as an escalation point for, and provide coaching and mentoring to, security analysts Be responsible for leadership and line management of security analysts Cyber incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join. We're interested in people who have: Significant experience investigating and responding to cyber incidents Significant experience using security tools (eg, EDR, SIEM) to support the investigation and response to cyber incidents Experience managing and coordinating the response to cyber incidents Experience coaching and mentoring junior staff An in-depth understanding of the tools, techniques and procedures used by threat actors Excellent analytical and problem solving skills Excellent verbal and written communication skills Experience with Splunk Experience working in an Agile environment Experience with cloud environments such as AWS Disability Confident As a member of the disability confident scheme, CLIENT guarantees to interview all candidates who have a disability and who meet all the essential criteria for the vacancy. In cases where we have a high volume of candidates who have a disability who meet all the essential criteria, we will interview the best candidates from within that group. Armed Forces Covenant CLIENT is proud to support the Armed Forces Covenant and as such, we guarantee to interview all veterans or spouses/partners of military personnel who meet all the essential criteria for the vacancy. In cases where we have a high volume of ex-military candidates/military spouses or partners, who meet all of the essential criteria, we will interview the best candidates from within that group. If you qualify for the above, please notify us. We will be in touch to discuss your suitability and arrange your Guaranteed Interview. Should you require reasonable adjustments at any point during the recruitment process or if there is a more accessible way for us to communicate, please do let me know. To apply for this role please submit your latest CV or contact Aspect Resources

Job Title: Security Orchestration, Automation & Response (SOAR) Engineer Duration: 6-month contract Location: Welwyn garden city - Hybrid (1 to 2 days per week on site) Daily Rate: 850 inside umbrella About the role: As a SOAR Engineer, you will be at the forefront of enhancing security capabilities. Your contributions will play a pivotal role in detecting and preventing security threats while ensuring faster and more effective responses. You'll collaborate across various teams, empowering your colleagues to focus on what they do best. Key Responsibilities: Design and develop security automations across SOAR platforms and various security tools. Collaborate with analysts and engineers to improve workflows and enhance operational efficiency. Maintain and improve existing playbooks and automations for optimal platform performance. Stay updated on the latest security trends and techniques to continually refine our strategies. What We're Looking For: To thrive in this role, you should possess the following technical skills and experience: Cyber Security Tools : Hands-on experience with SOAR platforms and Threat Intelligence Platforms. Programming Expertise : Proficiency in Python script with a solid experience of REST APIs to develop and interact with them effectively. Framework Knowledge : Familiarity with the MITRE ATT&CK framework or equivalent, including knowledge of emerging threat actor tactics, techniques, and procedures. Operating Systems : Experience and working knowledge of both Linux and Windows platforms. Public Cloud Experience: Familiarity with working in public cloud environments is a plus! Adecco is a disability-confident employer. It is important to us that we run an inclusive and accessible recruitment process to support candidates of all backgrounds and all abilities to apply. Adecco is committed to building a supportive environment for you to explore the next steps in your career. If you require reasonable adjustments at any stage, please let us know and we will be happy to support you.

Cyber Threat Intelligence Analyst: Cyber, Threat, SOC, Security Clearance Our Global Enterprise client is looking for a skilled Cyber Security Analyst with 5-6 years of experience within Threat Intelligence to join their team. Start Date: ASAP Duration: 55 days Pay Rate: £487 per hour (PLEASE NOTE: Employer NI is paid for by the client) Total Daily Earnings: £553 (includes rolled up holiday) IR35 Status: Inside Location: Hybrid/Hatfield (some travel to Blackfriars if required but this will be on a rare occasion) NOTE: Active SC Clearance is highly desirable. Responsibilities: Threat Intelligence Platform (TIP) Maintenance (20%): Take ownership of the threat intelligence platform and related tooling, ensuring its effective utilisation for monitoring and analysing both cyber and geopolitical threats. Optimise the platform to enhance the team's capabilities in threat detection and response. Continue to develop access to internal data and leverage threat intelligence tooling to maximise intelligence opportunities. Cyber Threat Analysis & Dissemination (50%): Identify intelligence of concern for Computacenter across various sources and tooling and conduct analysis and assessment of such threats and their potential impact to the business. Monitor and analyse geopolitical events to identify potential impacts on the organisation's cyber security landscape. Using a variety of sources to increase knowledge, corroborate and parallel information. This involves engaging in communities and intelligence sharing initiatives. Have confidence in your ability to draw conclusions and provide intelligence led recommendations. Own and run regular briefings of Threat Intelligence to the wider security team. Respond to intelligence requests from internal teams, using all available sources of intelligence to produce assessments on the threat to support decision-making. Ensure clear and concise communication of assessments and complex bits of information for various stakeholders. Collaborate with cross-functional teams to address immediate intelligence needs and contribute to the overall security posture. Work closely alongside other Security Operations teams such as SOC Develop hypotheses based on threat intelligence to direct joint operations with Cyber Threat technical resources to direct threat hunting? Continue to develop access to internal data and leverage threat intelligence tooling to maximise intelligence opportunities. Dark Web Monitoring Ensuring Threat Intelligence Programme Meets Organisational Aims (15%): Collection of Priority Intelligence Requirements from key stakeholders Effective tracking of intelligence activities against these PIRs Reporting of service quality against KPIs Incident Response Support (15%): Required to work out of hours, when situation dictates, to support Incident Response activities Technical Skills & Experience: 5-6 years of experience within Threat Intelligence. Demonstrable experience in analysing and assessing cyber threats, including the ability to identify patterns and trends. Proficient in gathering, correlating, and interpreting data from various sources to produce actionable intelligence. Experience of giving detailed verbal threat briefings to key stakeholders. Experience working with a Threat Intelligence Platform (TIP). Excellent communication skills, including the ability to influence and persuade stakeholders to enact a more security focused approach. Understanding of the intelligence life cycle, from collection through to feedback. Experience in producing high-quality intelligence products and documentation for a variety of audiences. Familiarity with common cyber threats, threat actors, attack vectors, and vulnerabilities. Experience in leveraging open-source intelligence tools and techniques to gather information about threats. Knowledge of information assurance standards and frameworks including CIS, NIST, ISO 27001, Cyber Essentials/Essentials Plus, GDPR. Strong familiarity of threat cyber security frameworks such as MITRE ATT&CK, Killchain and NIST CSF 2.0 Desirable: Recognised information security and/or information technology industry certification. Good organisational and time management skills Experience of delivering and shaping Threat Modelling programmes Soft Skills: Excellent written and verbal English. Good presentation and moderation skills; professional and convincing manner of appearance and expression; clear, targeted communication (verbal and written). A strong desire to help others by sharing knowledge, peer reviewing, and contributing to technical and process standards. Work well within a team, report issues and risks, take part in team meetings, share ideas and work towards improving our service. Excellent communication and Customer facing customer service skills previous experience is essential. Ability to work independently and as part of a team is essential. To apply for this Cyber Threat Intelligence Analyst contract job, please click the button below and submit your latest CV. Curo Services endeavours to respond to all applications, however this may not always be possible during periods of high volume. Thank you for your patience. Curo Services is a trading name of Curo Resourcing Ltd and acts as an Employment Business for contract and temporary recruitment as well as an Employment Agency in relation to permanent vacancies.

Incident Response Analyst Permanent - 52k - 57k + strong benefits Location: Hybrid - South Wales Your new company I am looking to recruit an Incident Response Analyst to join a leader in the utilities space. The business have been investing in their cyber security and IT estate and are continuing to grow and enhance their security posture. The company has a strong reputation, and we have placed numerous people into careers there, with strong feedback. Your new role This is an interesting opportunity to help deliver strategy which will enhance the organisation's security resilience, proactively contributing to mitigating threats, at a good time when the company is expanding and investing in its IT and cyber security estate. Working alongside the SOC, the primary responsibility of an incident responder is to rapidly investigate and document cybersecurity incidents within the organisation. Key parts of the role: Monitor and analyse network traffic, system logs, and other data sources to identify potential security incidents. Investigate alerts and suspicious activity to determine if an incident has occurred. Contain affected systems and networks to prevent the incident from spreading. Implement temporary measures to mitigate the impact of the incident. Work with other teams, such as IT and security operations, to develop and implement a containment strategy. Analyse incident data to determine the root cause of the incident and identify recommendations for improvement. Document and report incidents to the incident response team and other relevant stakeholders. Stay informed about emerging cyber threats and vulnerabilities. What you'll need to succeed Experience in a similar role, ideally around CNI and OT, with exposure to cyber plans. Proven experience operating in a SOC or a related cyber security role. In-depth knowledge of cyber threats, threat intelligence frameworks and cyber security best practice. Strong analytical and problem-solving skills. Ability to work independently and as part of a team. Excellent communication and interpersonal skills. Ability to obtain UK Security Clearance What you'll get in return Salary of between 52k- 57k Hybrid working 2/3 days in South Wales per week Possible bonus 5% pension contribution from you, the company pays 10% Enhanced pay for parental leave And more! What you need to do now If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV. If this job isn't quite right for you, but you are looking for a new position, please contact us for a confidential discussion about your career. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)

Location Dstl Porton Down, Salisbury, Wiltshire, SP4 0JQ or Dstl Portsdown West, Fareham, Hampshire, PO17 6AD About the job Job summary Dstl is the science and technology arm of the Ministry of Defence.  We improve the front-line capability of the UK Armed Forces helping keep our country safe.   The Cyber Security and Safety Group has never been more important. Many military platforms such as fast jets, unmanned air vehicles, helicopters, naval vessels, and land vehicles are becoming increasingly reliant on Software, Artificial Intelligence (AI) and Autonomous functions to control all aspects of their behaviour.   We’re looking for mathematically strong data scientists to help make AI reliant military systems robust and trustworthy in complex operations to help save lives. An example of our world class inspiring work is designing and trialling a variety of autonomous air and ground vehicles out in Salisbury plain with the US and Australia. AI models were retrained in flight to meet changing mission situations to enhance commanders’ decision-making. You could be involved in: Assessing and improving AI content in Defence and Security safety critical systems in the Air, Sea and Land domains, to ensure that they are safe, secure and protected. Applying the latest thinking in verification and validation of artificial intelligence and autonomous functions for defence and security purposes. Innovating to support the delivery of the UK Cyber Strategy by researching algorithms for Cyber defence. Dstl recognises the importance of diversity and inclusion as people from diverse backgrounds bring fresh ideas. We are committed to building an inclusive working environment in which each employee fulfils their potential and maximises their contribution. We particularly welcome female and ethnic minority applicants and those from the LGBTQI community, as they are under-represented within Dstl at these levels. Job description In this role you will: Have a drive for keeping abreast of the latest developments in cyber security and emerging trends in artificial intelligence. We give our people the opportunity to think and innovate. We offer loads of opportunities for training and scholarships, attending and presenting at conferences, and collaborating with internal research and industry and academia. Work in a team consisting of highly professional Autonomy and Mathematical experts with enviable national and international reputations to take part in cutting edge research.  Use your critical thinking and creative problem solving skills to implement state of art methods and tools.   Develop a knowledge of undertaking verification, validation and vulnerability assessments on Systems of interest.     Appreciate the importance of safety, security requirements to have a positive impact on defence and security of the UK.   Deliver technical reports and recommendations to leadership, senior officials across government and military and other non-technical audiences through clear data storytelling and well-crafted verbal presentations Person specification We are looking for someone who has: A keen interest in algorithms, AI, ML or statistical analysis along with a willingness to develop additional capabilities in cyber security and safety. Experience contributing to Software or AI / ML intensive projects. Is looking for a career with a difference, doing a job that provides the latest and most effective tools to defend our nation and uphold the principle of freedom.  Important Information: Our work in defence, security and intelligence requires our employees to be UK Nationals who are able to gain a high level of security clearance to undertake the projects we are involved in to protect us from security threats. For this reason, only UK Nationals will be able to apply for this role. If you are an international or dual-national candidate, and you think you have the skills we need, please consider applying to any of our government, security or defence partners. This role will require full UK security clearance and you should have resided in the UK for the past 5 years. For some roles Developed Vetting will also be required, in this case you should have resided in the UK for the past 10 years.   Behaviours We'll assess you against these behaviours during the selection process: Changing and Improving Communicating and Influencing Seeing the Big Picture Working Together Benefits Benefits  Dstl’s full range of great benefits can be found in the information pack which includes: Financial : An excellent pension scheme starting from 26% employer contribution ( find out more here ). In Year Rewarding Achievement bonuses and thank you vouchers. Rental deposit scheme and cycle to work scheme. Flexible working :  Options include alternative working patterns such as; compressed hours (e.g. working a 4 day week/ 9 day fortnight), job shares and annualised hours (agreed number of hours per annum paid monthly i.e. working term-time only). Working hours:  Flexibility around your working day (e.g. start time, finish time). Ability to bank hours in a 12 month reference period including the ability to accrue and use 3 days per calendar month. Where you work:  Depending on your role, blended working may be available including remote working to suit you and your team. This can be discussed at interview. Annual leave:  25 days pro rata (rising to 30 after 5 years) plus 8 public holidays with the ability to buy/sell 5 additional days per annum. Family:  Maternity, adoption or shared parental leave of up to 26 weeks with full pay, an additional 13 weeks statutory pay and a further 13 weeks unpaid Learning and Development:  Dstl encourages and supports charterships, accreditations and provides employees access to fully funded apprenticeships up to level 7 (Masters Degree). Dstl will pay for 2 memberships with relevant bodies/institutions. Employees also have access to Civil Service Learning. Facilities:  Onsite parking, EV Charging points, restaurants, cafés and gyms. Things you need to know Selection process details This vacancy is using  Success Profiles (opens in a new window) , and will assess your Behaviours and Experience. We want you to have your best chance of success in our recruitment process, so If at any stage of the application process you would like help or assistance please contact the Dstl Recruitment Team dstlrecruitment@dstl.gov.uk and we will do all we can to support you. Sifting will be taking place bi-weekly throughout the campaign, successful applicants will be invited to attend an online interview via MS Teams. Feedback will only be provided if you attend an interview or assessment. Security Successful candidates must undergo a criminal record check. Successful candidates must meet the security requirements before they can be appointed. The level of security needed is  security check (opens in a new window) . See our vetting charter (opens in a new window) . People working with government assets must complete  baseline personnel security standard (opens in new window)  checks. Nationality requirements Open to UK nationals only. This job is not open to candidates who hold a dual nationality. Working for the Civil Service The  Civil Service Code (opens in a new window)  sets out the standards of behaviour expected of civil servants. We recruit by merit on the basis of fair and open competition, as outlined in the Civil Service Commission's  recruitment principles (opens in a new window) . The Civil Service embraces diversity and promotes equal opportunities. As such, we run a Disability Confident Scheme (DCS) for candidates with disabilities who meet the minimum selection criteria. The Civil Service also offers a Redeployment Interview Scheme to civil servants who are at risk of redundancy, and who meet the minimum requirements for the advertised vacancy. Apply and further information This vacancy is part of the  Great Place to Work for Veterans (opens in a new window)  initiative. Once this job has closed, the job advert will no longer be available. You may want to save a copy for your records. Contact point for applicants Job contact : Name : Dstl Recruitment Email : dstlrecruitment@dstl.gov.uk Recruitment team Email : dstlrecruitment@dstl.gov.uk Further information Should you wish to raise a formal complaint about the Dstl recruitment process you should email dstlrecruitment@dstl.gov.uk stating the nature of the issue. We will respond within 5 working days. Attachments 20230626_CSAS_Data_Scientist_Autonomy_Dependability_L5  Opens in new window (docx, 66kB) Candidate_info_pack_CIS - 20220824  Opens in new window (pdf, 1378kB)

Job Description: Job Title: Application Security Analyst Corporate Title: Vice President Location: Chester Role Description: Resource will function as a member of an enterprise network application layer intrusion, detection, prevention, and response team. Will develop and implement custom alerts and dashboards monitoring controls based on OSI layer 7 attack and threat indicators. Provides leadership in assessing new threat vectors and designing and implementing effective controls. Leverages advanced investigative skills using best in class data correlation and network/packet analysis tools. Will partner with senior leaders from lines of business organizations to triage security events and report on impacting security initiatives. Responsible for mentoring and developing the skill sets of less experienced team members. Develops and implements processes or controls in support of audit and risk requirements. The Team: The Network and Endpoint Cybersecurity Operations team provides the first line of defense for Bank of America's global network. It defends against various threats including DDoS, Malware, Web Based Attacks, Remote Attacks, and provides network access assurance across our network and endpoint boundaries. Provides network and endpoint anomaly monitoring for indicators of compromise, and a 24x7 rapid response capability for network and endpoint security related events and incidents. Core Skills: Required Skills: Strong Splunk skill set. The security analyst will leverage Splunk to analyze logs and other security events to find targeted attacks against network-based bank assets. Strong Intrusion Analysis background. Resource must be able to identify and interpret weblogs from various webservers. Knowledgeable of current exploits. Resource must be able to identify common exploits from the appropriate web and event logs. Working knowledge of Linux, Windows, and OS X operating systems. Comfortable with scripting languages and regular expressions Strong knowledge common network protocols Working knowledge of enterprise Client / Server architecture Working knowledge of OSI model 3 through 7 We are a front-line team that handles active security events and highly current threats. On call and after-hours work can be expected although we rotate to approximately one week every 2 months. The analyst will use new intelligence to update existing controls to detect new threats against the bank. Will be expected to have solid technical skills to operate independently and to support others within the security team. Preferred Skills: Experience doing packet captures and interpreting them (wireshark for example). Understanding of stateful firewalls and able to interpret firewall rules. Able to interpret SQL, Apache web logs, IIS, Active Directory and other security logs. Full understanding of modern web site deployments and technology. Familiarity with web application attacks including SQL injection, cross-site scripting, and remote file inclusion. Use tools to detect anomalous/malicious data transmissions on the network. Use advanced analytics / security tools to detect malware on the network. Bank of America: Every day, across the globe, our employees bring a commitment to our purpose and to driving responsible growth by living our values: deliver together, act responsibly, realize the power of our people and trust the team. A key aspect of driving responsible growth is doing so in a sustainable manner, a critical pillar of which is being a great place to work for our teammates. In line with these values, in EMEA we have 9 Employee Networks, a wide range of Sports & Social clubs, and other development and networking opportunities so that you can enjoy a range of experiences and connect with colleagues across the bank. We also offer exclusive discounts to some of the most iconic cultural experiences for you to enjoy in your spare time outside of work. Learn more about our benefits here. Good conduct and sound judgment is crucial to our long term success. It's important that all employees in the organisation understand the expected standards of conduct and how we manage conduct risk. Individual accountability and an ownership mind-set are the cornerstones of our Code of Conduct and are at the heart of managing risk well. We are an equal opportunities employer, and ensure that no applicant is subject to less favourable treatment on the grounds of gender, gender identity, marital status, race, colour, nationality, ethnic or national origins, age, sexual orientation, socio-economic background, responsibilities for dependants, physical or mental disability. The Bank selects candidates for interview based on their skills, qualifications and experience. We strive to ensure that our recruitment processes are accessible for all candidates and encourage any candidates to tell us about any adjustment requirements. As part of our standard hiring process to manage risk, please note background screening checks will be conducted on all hires before commencing employment. Job Band: H5 Shift: Hours Per Week: 35 Weekly Schedule: Referral Bonus Amount: 0

Malware Reverse Engineer Location: Remote working - Office based in Reading Salary: Competitive Salary and Benefits Career Level : Specialist, Associate Manager or Manager About Accenture Cyber Threat Intelligence (ACTI) ACTI is a global team that spans 13 countries and 4 continents and speaks more than 30 languages. We are passionate about delivering intelligence analysis, and providing industry-leading analytic insights, cyber context, and critical services our clients need to achieve their business-line and strategic-growth initiatives. We know success is only possible by developing and supporting our most-critical resources: our talented analysts, developers, and supporting team members. We value creativity and entrepreneurship in our team; where possible, we back staff initiatives with opportunities and investments. We enjoy the hunt. We strive to automate and innovate while working with powerful resources and differentiated data. Above all else, we value an egoless approach to guiding our clients as they navigate their businesses through all aspects of the cyber domain. Who You Are You are passionate about cybersecurity and intelligence analysis. You stay abreast of the latest threats, recognize the value of intelligence, and believe it should drive operations. You are a devoted team member who is always willing to lend a hand, mentor a colleague, or increase our global team's awareness by sharing your knowledge and approaches with others. You are productive, easy to work with, and understand that adherence to a good process is key to excellence. Role Description As a Malware Reverse Engineer at ACTI, you will reverse engineer and analyze malware to evaluate sophisticated malicious code to settle malware capabilities and purposes. Analysis includes the use of specialized systems and tools, including dissemblers, debuggers, hex editors, unpackers, virtual machines, and those for network traffic analysis. Key Responsibilities Analyze malicious events and campaigns to determine attack vectors and retrieve malware payloads. Reverse engineer files suspected or known to belong to identified malware families to determine their command-and-control (C2) infrastructure and targeting. Incorporate analysis results into detailed reporting to include purpose, behavior, C2 server infrastructure, and mitigation techniques related to analyzed malware families, malicious campaigns, and events. Track prevailing malware families, including downloaders, banking Trojans, information stealers, ransomware, and remote access Trojans. Reverse engineer recently discovered malware variants to check potential feature augmentation or configuration structure changes. Improve existing tools that extract known malware family configurations based on reverse engineering results. Research the latest malware detection evasion techniques, such as use of customized packers, customized crypters, fully undetectable (FUD) techniques, host intrusion prevention system (HIPS) bypassing, and anti-virus (AV) software bypassing. Based on research, design and develop generic unpacking methods and tools for use as standalone tools or within automated analysis systems and sandboxes. Provide customer support by responding to requests related to suspicious file analysis that sometimes require malware reverse engineering and determination of contextual information surrounding indicators of compromise; do so by providing detailed analysis reports and mitigation recommendations. Provide customer support by responding to cybersecurity requests, including those for: open-source intelligence (OSINT) research; domain, IP address, or URL analysis; malicious campaign information; and/or event attribution. Provide answers to specific questions, the answers of which clients use for operational mentorship to aid their strategies. Design, develop, and implement Windows kernel modules to support automated malware analysis; such modules include kernel system service filtering modules able to intercept operating system services on 32-bit and 64-bit Windows operating systems without triggering those systems' self-protection mechanisms, and kernel-mode modules able to force designated processes to load specific modules that load decoders designed for extracting malware configurations. Design, develop, and implement generic unpackers that combat widely used malware packing methods to retrieve malicious payloads from packed malware samples automatically. Create detection rules and signatures for detecting malware families, and provide detection or blocking recommendations. Develop decoders to extract malware configurations-including basic C2 settings or secondary dynamic configurations, such as those outlining targeted institutions and web injects-based on reverse engineering results. Provide junior engineers with technical training, including: training on malware analysis; reverse engineering; Windows internals; and development, identification, unpacking, and de-obfuscation of malicious code. Travel occasionally as this position may require doing so to address client needs, improve results, or otherwise support projects. Basic Qualifications Bachelor's Degree in Computer Forensics, Science, Engineering, Information Systems, or another related security field, or comparable experience. Experience with malware analysis, reverse engineering, and development. Ability to write, understand, and/or analyze code in programming and scripting languages, including Assembly x86/x64, C, C++, Python, JavaScript, Java, PHP, and HTML. Basic knowledge of and experience with malware packers, crypters, and obfuscation techniques. Understanding of operating system internals and the Windows API. Experience with debuggers, decompilers, and network traffic analysis tools. Development experience in Assembly, Python, C, or C++. Strong understanding of the intelligence lifecycle and associated analytic methodologies (Cyber Kill Chain, Diamond Model, ATT&CK, etc.). Practical understanding of malware analysis and/or reverse engineering, and the ability to develop malware detection signatures (e.g. YARA). Required Skills Ability to analyze and unpack obfuscated code. Strong written and verbal skills; can communicate complex concepts at a high level while retaining accuracy and highlighting features in a way that improves audience engagement. Strong problem solving and critical thinking capabilities. Desired Skills Two or more years of experience in malware analysis, reverse engineering, and development fields. Deep understanding of operating system internals and the Windows API. Ability to work with a high degree of independence. Ability to collaborate in a team environment to focus on a common goal. Show more Show less Qualifications What's in it for you At Accenture in addition to a competitive basic salary, you will alsohave an extensive benefits package which includes 25days' vacation per year, gym subsidy, private medical insurance and 3 extra days leave per year for charitable work of your choice! About Accenture Accenture is a leading global professional services company, providing a broad range of services in strategy and consulting, interactive, technology and operations, with digital capabilities across all of these services. We combine unmatched experience and specialized capabilities across more than 40 industries - powered by the world's largest network of Advanced Technology and Intelligent Operations centers. With 509,000 people serving clients in more than 120 countries, Accenture brings continuous innovation to help clients improve their performance and create lasting value across their enterprises. Visit us at Accenture is an equal opportunities employer and encourages applications from all sections of society and does not discriminate on grounds of race, religion or belief, ethnic or national origin, disability, age, citizenship, marital, domestic or civil partnership status, sexual orientation, or gender identity, or any other basis as protected by applicable law. Closing Date for Applications: 30/10/2022 Accenture reserves the right to close the role prior to this date should a suitable applicant be found.