Cyber Threat Detection / SIEM Analyst - SANS/GIAC Cyber Threat Detection Analyst Location: Wokingham, Berkshire (On-site) Salary: Competitive (dependent on experience) + excellent benefits & training Security Clearance: Ideally SC Cleared or eligible for SC Role Overview As a Cyber Threat Detection Analyst, you will play a hands-on role within an advanced cyber defence function, focused on proactive threat hunting, adversary behaviour analysis, and high-fidelity threat detection across enterprise environments. This role goes beyond reactive alert handling. You will actively hunt for malicious activity using telemetry, SIEM data, and threat intelligence, develop hypotheses based on MITRE ATT&CK Tactics, Techniques, and Procedures (TTPs), and support incident management and response activities when threats are identified. We are open to experienced SOC Analysts where threat hunting, investigations, and proactive detection have formed a significant part of their role, and who are looking to further develop in a more hunting-led environment. This position is well suited to analysts who enjoy thinking like an attacker, have worked alongside or supported red team or purple team activities, and want to deepen their expertise in threat detection and detection engineering. Skills & Experience We're Seeking Experience in threat hunting, cyber threat detection, SOC, blue team, or cyber defence environments, with ideally around five years hands on experience. Strong hands-on experience using SIEM platforms, including: Microsoft Sentinel (KQL) Splunk (SPL) Elastic Security/Kibana (KQL, ESQL) Practical and operational understanding of MITRE ATT&CK, attacker techniques, and adversary tradecraft Experience working with Indicators of Compromise (IOCs) and threat intelligence feeds Solid experience across the security event life cycle, including detection, investigation, and incident management Hands-on experience with EDR/XDR technologies such as Microsoft Defender, CrowdStrike, SentinelOne, or Carbon Black Strong knowledge of networking fundamentals (TCP/IP, DNS, HTTP/S, Firewalls, VPNs, Proxy technologies) Experience analysing telemetry from Windows, Linux, identity, endpoint, and network sources Strong analytical mindset with the ability to clearly communicate findings, impact, and risk Key Responsibilities Conduct proactive threat hunting activities across log, endpoint, and network telemetry to identify suspicious, stealthy, or previously unknown threats Develop and execute hunt hypotheses aligned to MITRE ATT&CK TTPs, adversary behaviours, and emerging threat intelligence Write, refine, and optimise SIEM queries using KQL, SPL, Elastic/ESQL, and Kibana Query Language Perform IOC analysis, enrichment, and validation, integrating internal and external threat intelligence sources Lead investigations from initial detection through scoping, root cause analysis, and impact assessment Support incident management and incident response activities, including containment, remediation, escalation, and lessons learned Collaborate closely with SOC teams, incident responders, red teams, and purple teams to validate detections and improve defensive coverage Contribute to detection logic improvements, use-case development, and continuous enhancement of hunting methodologies Produce clear investigation write-ups, timelines, and recommendations for technical and non-technical stakeholders Security Certifications (Highly Beneficial) SANS/GIAC certifications, including but not limited to: GCIH - Incident Handler GCIA - Intrusion Analyst GCED - Enterprise Defender GCTI - Cyber Threat Intelligence GMON - Continuous Monitoring GDAT - Defending Advanced Threats GCAT - Advanced Threat Intelligence OSCP or equivalent offensive security qualifications Crest certifications, such as: Crest Practitioner Intrusion Analyst (CPIA) Crest Registered Intrusion Analyst (CRIA) Crest Certified Threat Intelligence Analyst (CCTIA) Crest Certified Blue Team Professional (CCBTP) Microsoft SC-200 or related detection and response certifications Other recognised cyber security or threat intelligence credentials
24/06/2026
Full time
Cyber Threat Detection / SIEM Analyst - SANS/GIAC Cyber Threat Detection Analyst Location: Wokingham, Berkshire (On-site) Salary: Competitive (dependent on experience) + excellent benefits & training Security Clearance: Ideally SC Cleared or eligible for SC Role Overview As a Cyber Threat Detection Analyst, you will play a hands-on role within an advanced cyber defence function, focused on proactive threat hunting, adversary behaviour analysis, and high-fidelity threat detection across enterprise environments. This role goes beyond reactive alert handling. You will actively hunt for malicious activity using telemetry, SIEM data, and threat intelligence, develop hypotheses based on MITRE ATT&CK Tactics, Techniques, and Procedures (TTPs), and support incident management and response activities when threats are identified. We are open to experienced SOC Analysts where threat hunting, investigations, and proactive detection have formed a significant part of their role, and who are looking to further develop in a more hunting-led environment. This position is well suited to analysts who enjoy thinking like an attacker, have worked alongside or supported red team or purple team activities, and want to deepen their expertise in threat detection and detection engineering. Skills & Experience We're Seeking Experience in threat hunting, cyber threat detection, SOC, blue team, or cyber defence environments, with ideally around five years hands on experience. Strong hands-on experience using SIEM platforms, including: Microsoft Sentinel (KQL) Splunk (SPL) Elastic Security/Kibana (KQL, ESQL) Practical and operational understanding of MITRE ATT&CK, attacker techniques, and adversary tradecraft Experience working with Indicators of Compromise (IOCs) and threat intelligence feeds Solid experience across the security event life cycle, including detection, investigation, and incident management Hands-on experience with EDR/XDR technologies such as Microsoft Defender, CrowdStrike, SentinelOne, or Carbon Black Strong knowledge of networking fundamentals (TCP/IP, DNS, HTTP/S, Firewalls, VPNs, Proxy technologies) Experience analysing telemetry from Windows, Linux, identity, endpoint, and network sources Strong analytical mindset with the ability to clearly communicate findings, impact, and risk Key Responsibilities Conduct proactive threat hunting activities across log, endpoint, and network telemetry to identify suspicious, stealthy, or previously unknown threats Develop and execute hunt hypotheses aligned to MITRE ATT&CK TTPs, adversary behaviours, and emerging threat intelligence Write, refine, and optimise SIEM queries using KQL, SPL, Elastic/ESQL, and Kibana Query Language Perform IOC analysis, enrichment, and validation, integrating internal and external threat intelligence sources Lead investigations from initial detection through scoping, root cause analysis, and impact assessment Support incident management and incident response activities, including containment, remediation, escalation, and lessons learned Collaborate closely with SOC teams, incident responders, red teams, and purple teams to validate detections and improve defensive coverage Contribute to detection logic improvements, use-case development, and continuous enhancement of hunting methodologies Produce clear investigation write-ups, timelines, and recommendations for technical and non-technical stakeholders Security Certifications (Highly Beneficial) SANS/GIAC certifications, including but not limited to: GCIH - Incident Handler GCIA - Intrusion Analyst GCED - Enterprise Defender GCTI - Cyber Threat Intelligence GMON - Continuous Monitoring GDAT - Defending Advanced Threats GCAT - Advanced Threat Intelligence OSCP or equivalent offensive security qualifications Crest certifications, such as: Crest Practitioner Intrusion Analyst (CPIA) Crest Registered Intrusion Analyst (CRIA) Crest Certified Threat Intelligence Analyst (CCTIA) Crest Certified Blue Team Professional (CCBTP) Microsoft SC-200 or related detection and response certifications Other recognised cyber security or threat intelligence credentials
Senior Vulnerability Analyst - Cyber Security Vulnerability Scanning Overview: The Senior Vulnerability Analyst is accountable for supporting the vulnerability scanning capability within the Vulnerability Management function. This includes scanning platforms, ensuring timely and accurate vulnerability identification, and driving improvements to coverage, automation, reporting and overall scan effectiveness. The role acts as a subject matter expert for vulnerability scanning-ensuring vulnerabilities are accurately detected, communicated to stakeholders, and aligned with Mastercard's broader security strategy. It also contributes to continuous improvement across the vulnerability management lifecycle. Key Responsibilities Operations Support the Vulnerability Scanning team. Oversee daily scanning operations, ensuring accuracy, completeness and adherence to SLAs. Ensure timely delivery of scan results, reporting, and escalations. Technology Ownership Maintain the vulnerability scanning toolsets across infrastructure, applications, cloud and network environments. Ensure scanning coverage remains complete and up to date across all assets. Monitor scan performance, tune configurations, and optimize scanning processes. Champion automation and integration with asset management tools. Governance, Controls & Standards Maintain policies, standards and processes related to vulnerability scanning. Ensure alignment with Mastercard security policies, regulatory requirements, and industry best practice. Support audits, compliance reviews and evidence requests relating to scanning. Analysis, Reporting & Continuous Improvement Provide expert interpretation of scan results, threat alerts and vulnerability intelligence. Deliver high quality management information, dashboards and reporting to senior leaders. Identify and drive continuous improvements in scanning effectiveness, coverage and process efficiency. Propose enhancements to technology, workflows or methodologies based on metrics and stakeholder feedback. Collaboration & Stakeholder Engagement Act as a point of contact for scanning related queries. Partner closely with remediation teams, threat intelligence, engineering, and application teams. Contribute to incident response and investigations where vulnerabilities are involved. Represent the scanning function in cross functional projects and working groups. About You Experience & Expertise Demonstrable experience leading a vulnerability scanning or vulnerability management team. Strong technical expertise with enterprise vulnerability scanning technologies (e.g., Tenable, Qualys, Rapid7, Prisma, or equivalent). Strong understanding of network, cloud, application and container security principles. Experience implementing vulnerability management strategies, tools and process improvements. Solid understanding of malware behaviours, attack vectors, and exploit methodologies. Skills (Technical) Excellent knowledge of security standards, frameworks and regulatory expectations. Strong analytical and problem solving skills. Ability to interpret vulnerability data and communicate in business friendly language. Strong understanding of network design, traffic flows, and firewall architecture. Skills (Professional) Excellent communication and presentation abilities. Ability to prioritise and manage competing demands in a fast paced environment. Strong business acumen and ability to influence across technical and non technical teams. Corporate Security Responsibilities Abide by Mastercard's security policies and practices. Ensure confidentiality, integrity and appropriate use of information. Report any suspected security incidents or breaches. Complete required security training as mandated.
24/06/2026
Full time
Senior Vulnerability Analyst - Cyber Security Vulnerability Scanning Overview: The Senior Vulnerability Analyst is accountable for supporting the vulnerability scanning capability within the Vulnerability Management function. This includes scanning platforms, ensuring timely and accurate vulnerability identification, and driving improvements to coverage, automation, reporting and overall scan effectiveness. The role acts as a subject matter expert for vulnerability scanning-ensuring vulnerabilities are accurately detected, communicated to stakeholders, and aligned with Mastercard's broader security strategy. It also contributes to continuous improvement across the vulnerability management lifecycle. Key Responsibilities Operations Support the Vulnerability Scanning team. Oversee daily scanning operations, ensuring accuracy, completeness and adherence to SLAs. Ensure timely delivery of scan results, reporting, and escalations. Technology Ownership Maintain the vulnerability scanning toolsets across infrastructure, applications, cloud and network environments. Ensure scanning coverage remains complete and up to date across all assets. Monitor scan performance, tune configurations, and optimize scanning processes. Champion automation and integration with asset management tools. Governance, Controls & Standards Maintain policies, standards and processes related to vulnerability scanning. Ensure alignment with Mastercard security policies, regulatory requirements, and industry best practice. Support audits, compliance reviews and evidence requests relating to scanning. Analysis, Reporting & Continuous Improvement Provide expert interpretation of scan results, threat alerts and vulnerability intelligence. Deliver high quality management information, dashboards and reporting to senior leaders. Identify and drive continuous improvements in scanning effectiveness, coverage and process efficiency. Propose enhancements to technology, workflows or methodologies based on metrics and stakeholder feedback. Collaboration & Stakeholder Engagement Act as a point of contact for scanning related queries. Partner closely with remediation teams, threat intelligence, engineering, and application teams. Contribute to incident response and investigations where vulnerabilities are involved. Represent the scanning function in cross functional projects and working groups. About You Experience & Expertise Demonstrable experience leading a vulnerability scanning or vulnerability management team. Strong technical expertise with enterprise vulnerability scanning technologies (e.g., Tenable, Qualys, Rapid7, Prisma, or equivalent). Strong understanding of network, cloud, application and container security principles. Experience implementing vulnerability management strategies, tools and process improvements. Solid understanding of malware behaviours, attack vectors, and exploit methodologies. Skills (Technical) Excellent knowledge of security standards, frameworks and regulatory expectations. Strong analytical and problem solving skills. Ability to interpret vulnerability data and communicate in business friendly language. Strong understanding of network design, traffic flows, and firewall architecture. Skills (Professional) Excellent communication and presentation abilities. Ability to prioritise and manage competing demands in a fast paced environment. Strong business acumen and ability to influence across technical and non technical teams. Corporate Security Responsibilities Abide by Mastercard's security policies and practices. Ensure confidentiality, integrity and appropriate use of information. Report any suspected security incidents or breaches. Complete required security training as mandated.
Monitor security event identification via the third-party security operations service. Triage, analyse, and investigate incidents to validate potential threats, anomalies, or policy violations. Coordinate incident response activities including containment, evidence collection, documentation, and recovery support. Contribute to threat hunting activities using KQL queries and intelligence-led techniques. Maintain accurate incident records, ensuring actions and outcomes are logged to a high standard. Facilitate security testing and awareness through threat simulations. Support the triage and processing of data subject rights (DSR) requests, including subject access requests (SARs). Conduct data discovery and collection across systems, ensuring completeness and accuracy. Support DPIA processes through data mapping, evidence gathering, and risk assessment input. Help maintain and tune Microsoft Defender, Sentinel, and Purview policies, analytics rules, alerts, and workflows. Support the development, testing, and maintenance of automated playbooks and response actions (e.g., Logic Apps). Verifying compliance with expected practice in the operation of technology services, including security baseline and access right reviews. Support vulnerability management by tracking remediation, validating fixes, and assisting with reporting. Gather and analyse data to help identify trends, gaps, and areas for control improvement. Assist with periodic control reviews, audits, and compliance checks as required. Prepare operational reports, dashboards, and metrics for the Team Lead and wider stakeholders. Develop and maintain playbooks, runbooks, and procedural documentation. Contribute to continuous improvement activities, including identifying opportunities to streamline operations. Ensure all actions adhere to internal policies, regulatory requirements, and industry best practice. 3+ years' experience working in a security operations, IT security, privacy operations, or related technical role. Familiarity with: + Microsoft Defender XDR + Microsoft Sentinel (SIEM/SOAR) + Privacy Management Solutions (e.g. Purview, OneTrust) Basic understanding of key cybersecurity and privacy concepts, such as: + Threat detection and analysis + Incident response lifecycle + Vulnerability and exposure management + Data privacy principles and data subject rights Experience analysing logs, alerts, or data from security tools Strong documentation, investigation, and analytical skills. Hands on experience writing KQL queries, PowerShell, or CLI commands. Exposure to automation or playbooks (Logic Apps, Defender workflows). Knowledge of frameworks such as MITRE ATT&CK or NIST CSF. Relevant certifications such as: + SC 900, SC 200 (or working toward), AZ 900, AZ 500 + CISSP, CIPP/E, CompTIA Security Foundation level data privacy certifications (e.g., BCS Certificate in Data Protection) Strong problem solving ability and attention to detail. Curious and proactive mindset with willingness to learn. Effective communicator able to document findings clearly and concisely. Highly organised and able to manage multiple tasks with competing priorities. Collaborative team player with a commitment to continuous improvement. Monitor security event identification via the third-party security operations service. Triage, analyse, and investigate incidents to validate potential threats, anomalies, or policy violations. Coordinate incident response activities including containment, evidence collection, documentation, and recovery support. Contribute to threat hunting activities using KQL queries and intelligence-led techniques. Maintain accurate incident records, ensuring actions and outcomes are logged to a high standard. Facilitate security testing and awareness through threat simulations. Support the triage and processing of data subject rights (DSR) requests, including subject access requests (SARs). Conduct data discovery and collection across systems, ensuring completeness and accuracy. Support DPIA processes through data mapping, evidence gathering, and risk assessment input. Help maintain and tune Microsoft Defender, Sentinel, and Purview policies, analytics rules, alerts, and workflows. Support the development, testing, and maintenance of automated playbooks and response actions (e.g., Logic Apps). Verifying compliance with expected practice in the operation of technology services, including security baseline and access right reviews. Support vulnerability management by tracking remediation, validating fixes, and assisting with reporting. Gather and analyse data to help identify trends, gaps, and areas for control improvement. Assist with periodic control reviews, audits, and compliance checks as required. Prepare operational reports, dashboards, and metrics for the Team Lead and wider stakeholders. Develop and maintain playbooks, runbooks, and procedural documentation. Contribute to continuous improvement activities, including identifying opportunities to streamline operations. Ensure all actions adhere to internal policies, regulatory requirements, and industry best practice. 3+ years' experience working in a security operations, IT security, privacy operations, or related technical role. Familiarity with: + Microsoft Defender XDR + Microsoft Sentinel (SIEM/SOAR) + Privacy Management Solutions (e.g. Purview, OneTrust) Basic understanding of key cybersecurity and privacy concepts, such as: + Threat detection and analysis + Incident response lifecycle + Vulnerability and exposure management + Data privacy principles and data subject rights Experience analysing logs, alerts, or data from security tools. Strong documentation, investigation, and analytical skills. Hands on experience writing KQL queries, PowerShell, or CLI commands. Exposure to automation or playbooks (Logic Apps, Defender workflows). Knowledge of frameworks such as MITRE ATT&CK or NIST CSF. Relevant certifications such as: + SC 900, SC 200 (or working toward), AZ 900, AZ 500 + CISSP, CIPP/E, CompTIA Security Foundation level data privacy certifications (e.g., BCS Certificate in Data Protection) Strong problem solving ability and attention to detail. Curious and proactive mindset with willingness to learn. Effective communicator able to document findings clearly and concisely. Highly organised and able to manage multiple tasks with competing priorities. Collaborative team player with a commitment to continuous improvement. Ability to work with sensitive data responsibly and confidentially.
24/06/2026
Full time
Monitor security event identification via the third-party security operations service. Triage, analyse, and investigate incidents to validate potential threats, anomalies, or policy violations. Coordinate incident response activities including containment, evidence collection, documentation, and recovery support. Contribute to threat hunting activities using KQL queries and intelligence-led techniques. Maintain accurate incident records, ensuring actions and outcomes are logged to a high standard. Facilitate security testing and awareness through threat simulations. Support the triage and processing of data subject rights (DSR) requests, including subject access requests (SARs). Conduct data discovery and collection across systems, ensuring completeness and accuracy. Support DPIA processes through data mapping, evidence gathering, and risk assessment input. Help maintain and tune Microsoft Defender, Sentinel, and Purview policies, analytics rules, alerts, and workflows. Support the development, testing, and maintenance of automated playbooks and response actions (e.g., Logic Apps). Verifying compliance with expected practice in the operation of technology services, including security baseline and access right reviews. Support vulnerability management by tracking remediation, validating fixes, and assisting with reporting. Gather and analyse data to help identify trends, gaps, and areas for control improvement. Assist with periodic control reviews, audits, and compliance checks as required. Prepare operational reports, dashboards, and metrics for the Team Lead and wider stakeholders. Develop and maintain playbooks, runbooks, and procedural documentation. Contribute to continuous improvement activities, including identifying opportunities to streamline operations. Ensure all actions adhere to internal policies, regulatory requirements, and industry best practice. 3+ years' experience working in a security operations, IT security, privacy operations, or related technical role. Familiarity with: + Microsoft Defender XDR + Microsoft Sentinel (SIEM/SOAR) + Privacy Management Solutions (e.g. Purview, OneTrust) Basic understanding of key cybersecurity and privacy concepts, such as: + Threat detection and analysis + Incident response lifecycle + Vulnerability and exposure management + Data privacy principles and data subject rights Experience analysing logs, alerts, or data from security tools Strong documentation, investigation, and analytical skills. Hands on experience writing KQL queries, PowerShell, or CLI commands. Exposure to automation or playbooks (Logic Apps, Defender workflows). Knowledge of frameworks such as MITRE ATT&CK or NIST CSF. Relevant certifications such as: + SC 900, SC 200 (or working toward), AZ 900, AZ 500 + CISSP, CIPP/E, CompTIA Security Foundation level data privacy certifications (e.g., BCS Certificate in Data Protection) Strong problem solving ability and attention to detail. Curious and proactive mindset with willingness to learn. Effective communicator able to document findings clearly and concisely. Highly organised and able to manage multiple tasks with competing priorities. Collaborative team player with a commitment to continuous improvement. Monitor security event identification via the third-party security operations service. Triage, analyse, and investigate incidents to validate potential threats, anomalies, or policy violations. Coordinate incident response activities including containment, evidence collection, documentation, and recovery support. Contribute to threat hunting activities using KQL queries and intelligence-led techniques. Maintain accurate incident records, ensuring actions and outcomes are logged to a high standard. Facilitate security testing and awareness through threat simulations. Support the triage and processing of data subject rights (DSR) requests, including subject access requests (SARs). Conduct data discovery and collection across systems, ensuring completeness and accuracy. Support DPIA processes through data mapping, evidence gathering, and risk assessment input. Help maintain and tune Microsoft Defender, Sentinel, and Purview policies, analytics rules, alerts, and workflows. Support the development, testing, and maintenance of automated playbooks and response actions (e.g., Logic Apps). Verifying compliance with expected practice in the operation of technology services, including security baseline and access right reviews. Support vulnerability management by tracking remediation, validating fixes, and assisting with reporting. Gather and analyse data to help identify trends, gaps, and areas for control improvement. Assist with periodic control reviews, audits, and compliance checks as required. Prepare operational reports, dashboards, and metrics for the Team Lead and wider stakeholders. Develop and maintain playbooks, runbooks, and procedural documentation. Contribute to continuous improvement activities, including identifying opportunities to streamline operations. Ensure all actions adhere to internal policies, regulatory requirements, and industry best practice. 3+ years' experience working in a security operations, IT security, privacy operations, or related technical role. Familiarity with: + Microsoft Defender XDR + Microsoft Sentinel (SIEM/SOAR) + Privacy Management Solutions (e.g. Purview, OneTrust) Basic understanding of key cybersecurity and privacy concepts, such as: + Threat detection and analysis + Incident response lifecycle + Vulnerability and exposure management + Data privacy principles and data subject rights Experience analysing logs, alerts, or data from security tools. Strong documentation, investigation, and analytical skills. Hands on experience writing KQL queries, PowerShell, or CLI commands. Exposure to automation or playbooks (Logic Apps, Defender workflows). Knowledge of frameworks such as MITRE ATT&CK or NIST CSF. Relevant certifications such as: + SC 900, SC 200 (or working toward), AZ 900, AZ 500 + CISSP, CIPP/E, CompTIA Security Foundation level data privacy certifications (e.g., BCS Certificate in Data Protection) Strong problem solving ability and attention to detail. Curious and proactive mindset with willingness to learn. Effective communicator able to document findings clearly and concisely. Highly organised and able to manage multiple tasks with competing priorities. Collaborative team player with a commitment to continuous improvement. Ability to work with sensitive data responsibly and confidentially.
We don't just believe in better. We make it happen. Better content. Better products. And better careers. Working in Tech, Product or Data at Sky is about building the next and the new. From broadband to broadcast, streaming to mobile, Sky Stream to Sky Glass, we never stand still. We optimise and innovate. We turn big ideas into the products, content and services millions of people love. And we do it all right here at Sky. Role overview Our products, platforms and technologies are constantly evolving that's why keeping Sky safe from cyber-attacks is one of our top priorities. Our Cyber Security team helps the business grow while protecting our customers, colleagues and partners from increasingly sophisticated cyber threats. Our team includes Cyber Fusion Centre, Security Services, Risk and Compliance, Programme Delivery and Business Security, and we work across the UK, Italy and Germany. Join us and you'll get involved in tackling challenges and future threats in an ever-changing cyber landscape. You will join our comprehensive Cyber Defence Department as a senior member of the dedicated Threat Hunt team. You will operate within a robust security ecosystem, partnering directly with Cyber Operations, Threat Intelligence, Engineering, and Threat Vulnerability Management. What you'll do : Conduct proactive threat hunts across the enterprise, broadcast, and telco networks to identify abnormal activity, emerging attack techniques, and advanced threats. Develop and execute hypothesis-driven threat hunts utilising datasets across a variety of security tooling, including EDR, SIEM, and network-layer defences. Collaborate directly with the Cyber Threat Intelligence team to operationalise intelligence, maintaining and refining hunting playbooks for priority threat actors and relevant TTPs. Partner with security engineering teams to translate hunt findings into productionised, high-fidelity detections and drive continuous improvement in data source coverage and quality. Act as a technical mentor within the Cyber Defence function, guiding junior analysts, conducting peer reviews, and fostering a culture of continuous learning. Document and communicate hunt outcomes comprehensively, translating complex technical findings into actionable remediation strategies and executive-level summaries. What you'll bring : Essential Criteria Extensive prior experience in threat hunting at a large enterprise environment. Experience with incident response, SOC, or detection engineering. Deep understanding of the MITRE ATT&CK framework and how to practically apply it to threat hunting methodologies and detection logic. Proficiency in complex query writing (e.g., KQL, SPL, SQL) to filter, analyse, and visualise large, disparate datasets. Hands-on experience with EDR, NDR, SIEM, SOAR security platforms and data analysis platforms such as Databricks. Strong investigative acumen combined with a curious, highly analytical mindset capable of navigating ambiguity. Proven ability to work cross-functionally, bridging the gap between security and broader technology teams to demonstrably improve the overall security posture. Desirable skills and experience: Scripting and automation capabilities, particularly utilising Python, PySpark, and SQL to streamline analytical workflows. Experience navigating cloud-native security environments (AWS, Azure, or GCP) alongside familiarity with the Microsoft 365 ecosystem. Advanced knowledge of offensive security methodologies, including common exploit chains, reverse engineering basics, or penetration testing techniques. Relevant industry certifications demonstrating specialised knowledge in threat hunting, incident response, or forensics (e.g., SANS GCIA, GCIH, GCFA, OSCP). Benefits and perks There's one thing people can't stop talking about when it comes to life at Sky: the perks . Here's a taster: Free Sky TV or NOW package, including Sky Sports and Sky Cinema Pension package with up to 9% employer contribution Private healthcare with mental health support Aviva Digital GP and dental insurance Discounts on Sky products, including Sky Mobile, Sky Broadband, Sky Glass and Sky Protect Sharesave and Tech schemes A range of Sky VIP rewards and experiences How you'll work Osterley The hybrid working expectations for this role are 2 days in the office per week. Our Sky Group HQ. Equipped with state-of-the-art technology and workspaces, there's plenty of space to see your big ideas come to life. Here you'll find 13 subsidised restaurants and cafes. You can re-energise at our gym, catch the latest films at our cinema, get your car washed and even get pampered at our beauty salon . Our Osterley Campus is just a 10-minute walk from Syon Lane train station, or you can get one of our free shuttle buses from Osterley, Gunnersbury and Ealing Broadway stations. Plus, there's free onsite parking available for cars, motorbikes and bicycles. Who we are We're Sky, a leading media and entertainment company who connect millions with entertainment, sports, news and arts through innovative products and services. Working with us means you'll be bringing the joy of a better experience to more people, every day. All so we can do better and deliver better for our customers, colleagues and society. We're an equal opportunity employer and value diversity at our company. We're a Disability Confident Accredited Employer, and welcome and encourage applications from all candidates. We will look to ensure a fair and consistent experience for all and will make reasonable adjustments to support you where appropriate . Please flag any adjustments you need as early as you can. Just so you know: if your application is successful, we'll ask you to complete a criminal record check. And depending on the role you have applied for and the nature of any convictions you may have, we might have to withdraw the offer. To be eligible for this role you are required to have the appropriate right to work in the UK. Please be aware Sky does not offer sponsorship for this position. To find out more about working with us, search on social media.
23/06/2026
Full time
We don't just believe in better. We make it happen. Better content. Better products. And better careers. Working in Tech, Product or Data at Sky is about building the next and the new. From broadband to broadcast, streaming to mobile, Sky Stream to Sky Glass, we never stand still. We optimise and innovate. We turn big ideas into the products, content and services millions of people love. And we do it all right here at Sky. Role overview Our products, platforms and technologies are constantly evolving that's why keeping Sky safe from cyber-attacks is one of our top priorities. Our Cyber Security team helps the business grow while protecting our customers, colleagues and partners from increasingly sophisticated cyber threats. Our team includes Cyber Fusion Centre, Security Services, Risk and Compliance, Programme Delivery and Business Security, and we work across the UK, Italy and Germany. Join us and you'll get involved in tackling challenges and future threats in an ever-changing cyber landscape. You will join our comprehensive Cyber Defence Department as a senior member of the dedicated Threat Hunt team. You will operate within a robust security ecosystem, partnering directly with Cyber Operations, Threat Intelligence, Engineering, and Threat Vulnerability Management. What you'll do : Conduct proactive threat hunts across the enterprise, broadcast, and telco networks to identify abnormal activity, emerging attack techniques, and advanced threats. Develop and execute hypothesis-driven threat hunts utilising datasets across a variety of security tooling, including EDR, SIEM, and network-layer defences. Collaborate directly with the Cyber Threat Intelligence team to operationalise intelligence, maintaining and refining hunting playbooks for priority threat actors and relevant TTPs. Partner with security engineering teams to translate hunt findings into productionised, high-fidelity detections and drive continuous improvement in data source coverage and quality. Act as a technical mentor within the Cyber Defence function, guiding junior analysts, conducting peer reviews, and fostering a culture of continuous learning. Document and communicate hunt outcomes comprehensively, translating complex technical findings into actionable remediation strategies and executive-level summaries. What you'll bring : Essential Criteria Extensive prior experience in threat hunting at a large enterprise environment. Experience with incident response, SOC, or detection engineering. Deep understanding of the MITRE ATT&CK framework and how to practically apply it to threat hunting methodologies and detection logic. Proficiency in complex query writing (e.g., KQL, SPL, SQL) to filter, analyse, and visualise large, disparate datasets. Hands-on experience with EDR, NDR, SIEM, SOAR security platforms and data analysis platforms such as Databricks. Strong investigative acumen combined with a curious, highly analytical mindset capable of navigating ambiguity. Proven ability to work cross-functionally, bridging the gap between security and broader technology teams to demonstrably improve the overall security posture. Desirable skills and experience: Scripting and automation capabilities, particularly utilising Python, PySpark, and SQL to streamline analytical workflows. Experience navigating cloud-native security environments (AWS, Azure, or GCP) alongside familiarity with the Microsoft 365 ecosystem. Advanced knowledge of offensive security methodologies, including common exploit chains, reverse engineering basics, or penetration testing techniques. Relevant industry certifications demonstrating specialised knowledge in threat hunting, incident response, or forensics (e.g., SANS GCIA, GCIH, GCFA, OSCP). Benefits and perks There's one thing people can't stop talking about when it comes to life at Sky: the perks . Here's a taster: Free Sky TV or NOW package, including Sky Sports and Sky Cinema Pension package with up to 9% employer contribution Private healthcare with mental health support Aviva Digital GP and dental insurance Discounts on Sky products, including Sky Mobile, Sky Broadband, Sky Glass and Sky Protect Sharesave and Tech schemes A range of Sky VIP rewards and experiences How you'll work Osterley The hybrid working expectations for this role are 2 days in the office per week. Our Sky Group HQ. Equipped with state-of-the-art technology and workspaces, there's plenty of space to see your big ideas come to life. Here you'll find 13 subsidised restaurants and cafes. You can re-energise at our gym, catch the latest films at our cinema, get your car washed and even get pampered at our beauty salon . Our Osterley Campus is just a 10-minute walk from Syon Lane train station, or you can get one of our free shuttle buses from Osterley, Gunnersbury and Ealing Broadway stations. Plus, there's free onsite parking available for cars, motorbikes and bicycles. Who we are We're Sky, a leading media and entertainment company who connect millions with entertainment, sports, news and arts through innovative products and services. Working with us means you'll be bringing the joy of a better experience to more people, every day. All so we can do better and deliver better for our customers, colleagues and society. We're an equal opportunity employer and value diversity at our company. We're a Disability Confident Accredited Employer, and welcome and encourage applications from all candidates. We will look to ensure a fair and consistent experience for all and will make reasonable adjustments to support you where appropriate . Please flag any adjustments you need as early as you can. Just so you know: if your application is successful, we'll ask you to complete a criminal record check. And depending on the role you have applied for and the nature of any convictions you may have, we might have to withdraw the offer. To be eligible for this role you are required to have the appropriate right to work in the UK. Please be aware Sky does not offer sponsorship for this position. To find out more about working with us, search on social media.
Senior Cyber Security Analyst Central London (1 day per week onsite) up to 85,000 + benefits About the Role This is a highly visible opportunity to join a growing global Cyber Defence function at an exciting stage of transformation and centralisation. Cyber security remains a core strategic priority for the organisation as it continues to modernise operations and strengthen resilience across a complex international environment. The successful individual will play a critical role in strengthening operational security capabilities while helping shape the future direction of the team as the wider security function evolves. This role offers genuine ownership, senior stakeholder exposure and strong progression potential into future lead or management responsibilities over time. The Opportunity We are seeking an experienced Senior Cyber Security Analyst to join a global Cyber Defence function. This is not a traditional SOC analyst position focused purely on alert investigation. Instead, this role requires an individual capable of leading cyber incidents operationally, technically and commercially from end-to-end. You will act as a senior technical subject matter expert across incident response, detection engineering, cloud security and vulnerability management, while also providing calm, structured leadership during high-pressure situations. The environment is heavily Microsoft-focused, with particular emphasis on: Microsoft Sentinel Microsoft Defender XDR Azure security and secure-by-design principles Detection engineering and automation Threat and vulnerability management You will work closely with global technology and cyber teams to continuously improve monitoring, detection, response and remediation capabilities across hybrid cloud and on-premise environments. Key Responsibilities Incident Response & Major Incident Management Lead the end-to-end management of cyber security incidents across global environments. Take ownership of incident triage, severity assessment and response coordination across P1-P4 incidents. Lead incident bridge calls and coordinate technical and business stakeholders throughout the incident lifecycle. Assess technical, operational and commercial impact to support effective decision-making under pressure. Provide clear, calm and structured communications to both technical teams and senior leadership. Drive containment, eradication, recovery and post-incident improvement activities. Conduct root cause analysis and ensure lessons learned are embedded into operational processes and controls. Develop and maintain incident response procedures, playbooks and documentation aligned to industry best practice. Detection Engineering & Security Automation Configure, optimise and continuously improve Microsoft Sentinel and Microsoft Defender technologies. Develop and tune detection logic using KQL to identify emerging threats and attacker behaviours. Build and maintain automated SOAR workflows using Logic Apps and related technologies. Integrate Microsoft security tooling with third-party technologies and service providers. Identify monitoring gaps and improve visibility across cloud and on-premise environments. Maintain high-quality technical documentation for detections, automations and operational workflows. Cloud Security & Secure-by-Design Support secure configuration and operational security across Azure and associated cloud services. Collaborate with infrastructure and engineering teams to embed secure-by-design principles. Evaluate configuration changes and ensure alignment with security standards and controls. Support implementation and optimisation of Microsoft Defender security policies across endpoint, identity, cloud and email platforms. Contribute to the continuous improvement of cloud security posture across global operations. Threat & Vulnerability Management Support and enhance the vulnerability management programme across infrastructure, cloud and endpoint environments. Work with tools such as Microsoft Defender Vulnerability Management and Tenable to identify and prioritise vulnerabilities. Translate vulnerability findings into actionable remediation plans with technology stakeholders. Leverage cyber threat intelligence to improve detection capabilities and prioritisation decisions. Track remediation progress and provide meaningful risk reporting to cyber leadership. Stakeholder Management & Collaboration Partner with Group IT, Regional IT and wider technology teams across multiple geographies. Act as a trusted advisor across operational security, incident response and cyber defence activities. Balance technical risk with operational realities and business priorities. Demonstrate strong stakeholder management and communication skills at all levels of the organisation. Contribute to a positive cyber security culture and continuous improvement mindset across the business. What We're Looking For Essential Experience Proven experience leading cyber security incidents end-to-end within enterprise environments. Strong background in Security Operations, Cyber Defence, Incident Response or Blue Team functions. Experience operating within hybrid cloud and on-premise environments. Hands-on experience with Microsoft Sentinel, Microsoft Defender XDR and Azure security technologies. Experience with detection engineering, threat detection and security automation. Exposure to vulnerability management platforms such as Tenable or Microsoft Defender Vulnerability Management. Experience managing stakeholder communications during high-severity incidents. Strong understanding of attacker tactics, techniques and procedures (TTPs). Technical Skills Strong Microsoft security ecosystem expertise. Advanced KQL experience for investigations, detections and reporting. Experience building automation workflows using Logic Apps or similar technologies. Knowledge of cloud security principles across Azure and ideally AWS or Google Cloud. Familiarity with industry frameworks such as NIST and ISO 27001. Personal Attributes We are particularly interested in individuals who demonstrate: Calmness under pressure Strong ownership and accountability Excellent communication and stakeholder management skills Commercial awareness alongside technical depth Gravitas and confidence leading senior incident discussions The ability to know when to stop investigating and start managing the wider incident process What's on Offer Highly visible role within a growing global cyber security function Genuine ownership and influence across security operations Opportunity to shape and mature cyber defence capabilities globally Strong balance of technical depth and business engagement Clear long-term progression opportunities as the team expands Flexible hybrid working with only 1 day per week onsite in Central London To apply for this fantastic opportunity please send your CV
23/06/2026
Full time
Senior Cyber Security Analyst Central London (1 day per week onsite) up to 85,000 + benefits About the Role This is a highly visible opportunity to join a growing global Cyber Defence function at an exciting stage of transformation and centralisation. Cyber security remains a core strategic priority for the organisation as it continues to modernise operations and strengthen resilience across a complex international environment. The successful individual will play a critical role in strengthening operational security capabilities while helping shape the future direction of the team as the wider security function evolves. This role offers genuine ownership, senior stakeholder exposure and strong progression potential into future lead or management responsibilities over time. The Opportunity We are seeking an experienced Senior Cyber Security Analyst to join a global Cyber Defence function. This is not a traditional SOC analyst position focused purely on alert investigation. Instead, this role requires an individual capable of leading cyber incidents operationally, technically and commercially from end-to-end. You will act as a senior technical subject matter expert across incident response, detection engineering, cloud security and vulnerability management, while also providing calm, structured leadership during high-pressure situations. The environment is heavily Microsoft-focused, with particular emphasis on: Microsoft Sentinel Microsoft Defender XDR Azure security and secure-by-design principles Detection engineering and automation Threat and vulnerability management You will work closely with global technology and cyber teams to continuously improve monitoring, detection, response and remediation capabilities across hybrid cloud and on-premise environments. Key Responsibilities Incident Response & Major Incident Management Lead the end-to-end management of cyber security incidents across global environments. Take ownership of incident triage, severity assessment and response coordination across P1-P4 incidents. Lead incident bridge calls and coordinate technical and business stakeholders throughout the incident lifecycle. Assess technical, operational and commercial impact to support effective decision-making under pressure. Provide clear, calm and structured communications to both technical teams and senior leadership. Drive containment, eradication, recovery and post-incident improvement activities. Conduct root cause analysis and ensure lessons learned are embedded into operational processes and controls. Develop and maintain incident response procedures, playbooks and documentation aligned to industry best practice. Detection Engineering & Security Automation Configure, optimise and continuously improve Microsoft Sentinel and Microsoft Defender technologies. Develop and tune detection logic using KQL to identify emerging threats and attacker behaviours. Build and maintain automated SOAR workflows using Logic Apps and related technologies. Integrate Microsoft security tooling with third-party technologies and service providers. Identify monitoring gaps and improve visibility across cloud and on-premise environments. Maintain high-quality technical documentation for detections, automations and operational workflows. Cloud Security & Secure-by-Design Support secure configuration and operational security across Azure and associated cloud services. Collaborate with infrastructure and engineering teams to embed secure-by-design principles. Evaluate configuration changes and ensure alignment with security standards and controls. Support implementation and optimisation of Microsoft Defender security policies across endpoint, identity, cloud and email platforms. Contribute to the continuous improvement of cloud security posture across global operations. Threat & Vulnerability Management Support and enhance the vulnerability management programme across infrastructure, cloud and endpoint environments. Work with tools such as Microsoft Defender Vulnerability Management and Tenable to identify and prioritise vulnerabilities. Translate vulnerability findings into actionable remediation plans with technology stakeholders. Leverage cyber threat intelligence to improve detection capabilities and prioritisation decisions. Track remediation progress and provide meaningful risk reporting to cyber leadership. Stakeholder Management & Collaboration Partner with Group IT, Regional IT and wider technology teams across multiple geographies. Act as a trusted advisor across operational security, incident response and cyber defence activities. Balance technical risk with operational realities and business priorities. Demonstrate strong stakeholder management and communication skills at all levels of the organisation. Contribute to a positive cyber security culture and continuous improvement mindset across the business. What We're Looking For Essential Experience Proven experience leading cyber security incidents end-to-end within enterprise environments. Strong background in Security Operations, Cyber Defence, Incident Response or Blue Team functions. Experience operating within hybrid cloud and on-premise environments. Hands-on experience with Microsoft Sentinel, Microsoft Defender XDR and Azure security technologies. Experience with detection engineering, threat detection and security automation. Exposure to vulnerability management platforms such as Tenable or Microsoft Defender Vulnerability Management. Experience managing stakeholder communications during high-severity incidents. Strong understanding of attacker tactics, techniques and procedures (TTPs). Technical Skills Strong Microsoft security ecosystem expertise. Advanced KQL experience for investigations, detections and reporting. Experience building automation workflows using Logic Apps or similar technologies. Knowledge of cloud security principles across Azure and ideally AWS or Google Cloud. Familiarity with industry frameworks such as NIST and ISO 27001. Personal Attributes We are particularly interested in individuals who demonstrate: Calmness under pressure Strong ownership and accountability Excellent communication and stakeholder management skills Commercial awareness alongside technical depth Gravitas and confidence leading senior incident discussions The ability to know when to stop investigating and start managing the wider incident process What's on Offer Highly visible role within a growing global cyber security function Genuine ownership and influence across security operations Opportunity to shape and mature cyber defence capabilities globally Strong balance of technical depth and business engagement Clear long-term progression opportunities as the team expands Flexible hybrid working with only 1 day per week onsite in Central London To apply for this fantastic opportunity please send your CV
Are you an experienced consultant with a background in risk analysis, corporate intelligence or consulting, looking to transition into the world of cybersecurity? We are looking for individuals with strong analytical skills, an investigative mindset, and problem-solving capabilities to join our team and help our clients respond and recover to cyber threats. Who We Are S-RM is a global intelligence and cyber security consultancy. Since 2005, we've helped some of the most demanding clients in the world solve some of their toughest information security challenges. We've been able to do this because of our outstanding people. We're committed to developing sharp, curious, driven individuals who want to think critically, solve complex problems, and achieve success. But we also know that work isn't everything. It's about the lives and careers it helps us build. We're immensely proud of this culture and we invest in our people's wellbeing and learning every day. The role As our practice continues to expand globally, we are looking for experienced consultants with a corporate intelligence, Risk Analysis or Consulting background to join us in a pivotal career transition into cybersecurity. Your role responsibilities may include: Responding to a range of cyber-attacks by helping clients contain the incident and restore affected systems. Presenting information to internal and external stakeholders, both verbally and written. Project management: from that first call to the incident's conclusion, you will be responsible for ensuring the response is managed effectively and efficiently, delivering for all stakeholders while on schedule and within budget. Typical workstreams include: Working with clients to ensure that incidents are contained. Overseeing a team of forensic analysts investigating the incident. Advising strategies for responding to cyber threat actors. Providing crisis management expertise to help clients navigate the incident. Relationship management: you will be responsible for building and developing relationships with the various stakeholders involved in a cyber incident, from the victims themselves to lawyers and insurance professionals. We nurture a culture of equality, diversity and inclusion, and we are dedicated to developing a workforce that displays a variety of talents, experiences, and perspectives. What we are looking for Creative problem solvers with excellent analytical skills and a keen eye for detail. 3-6 years of experience in risk analysis, corporate intelligence, or consulting. Strong and effective communicators who can articulate findings clearly in both written and spoken forms. Experience in a client-facing role, and an enjoyment for solving problems with clients and presenting information. Interest in crisis management and passion for cybersecurity. While specific technical skills are beneficial, they're not mandatory. We're focused on your ability to transfer and adapt your analytical and consulting experience to this new domain. The successful candidate must have permission to work in the UK by the start of their employment. We offer thoughtful, balanced rewards and support to help our people do their best work and live their lives outside it, this includes but is not exhaustive of: 25 days holiday per year in addition to bank holidays (+1 day for every year of service up to a maximum of 30 days); Hybrid working and flexible working hours; Matching pension contribution up to 7% and financial education; Fertility treatment leave - 5 days of leave per cycle of treatment per year; Maternity leave - 26 weeks of full pay followed by 13 weeks of half pay; Paternity leave - 6 weeks of full pay. Private dental and medical insurance (taxable benefit) for you and your family; Virtual GP for you and your family members that live in the same household; Various gym discounts for you and your partner; The role will be based in our London office. However, we have flexible working arrangements available. Interested in building your career at S-RM? Get future opportunities sent straight to your email.
23/06/2026
Full time
Are you an experienced consultant with a background in risk analysis, corporate intelligence or consulting, looking to transition into the world of cybersecurity? We are looking for individuals with strong analytical skills, an investigative mindset, and problem-solving capabilities to join our team and help our clients respond and recover to cyber threats. Who We Are S-RM is a global intelligence and cyber security consultancy. Since 2005, we've helped some of the most demanding clients in the world solve some of their toughest information security challenges. We've been able to do this because of our outstanding people. We're committed to developing sharp, curious, driven individuals who want to think critically, solve complex problems, and achieve success. But we also know that work isn't everything. It's about the lives and careers it helps us build. We're immensely proud of this culture and we invest in our people's wellbeing and learning every day. The role As our practice continues to expand globally, we are looking for experienced consultants with a corporate intelligence, Risk Analysis or Consulting background to join us in a pivotal career transition into cybersecurity. Your role responsibilities may include: Responding to a range of cyber-attacks by helping clients contain the incident and restore affected systems. Presenting information to internal and external stakeholders, both verbally and written. Project management: from that first call to the incident's conclusion, you will be responsible for ensuring the response is managed effectively and efficiently, delivering for all stakeholders while on schedule and within budget. Typical workstreams include: Working with clients to ensure that incidents are contained. Overseeing a team of forensic analysts investigating the incident. Advising strategies for responding to cyber threat actors. Providing crisis management expertise to help clients navigate the incident. Relationship management: you will be responsible for building and developing relationships with the various stakeholders involved in a cyber incident, from the victims themselves to lawyers and insurance professionals. We nurture a culture of equality, diversity and inclusion, and we are dedicated to developing a workforce that displays a variety of talents, experiences, and perspectives. What we are looking for Creative problem solvers with excellent analytical skills and a keen eye for detail. 3-6 years of experience in risk analysis, corporate intelligence, or consulting. Strong and effective communicators who can articulate findings clearly in both written and spoken forms. Experience in a client-facing role, and an enjoyment for solving problems with clients and presenting information. Interest in crisis management and passion for cybersecurity. While specific technical skills are beneficial, they're not mandatory. We're focused on your ability to transfer and adapt your analytical and consulting experience to this new domain. The successful candidate must have permission to work in the UK by the start of their employment. We offer thoughtful, balanced rewards and support to help our people do their best work and live their lives outside it, this includes but is not exhaustive of: 25 days holiday per year in addition to bank holidays (+1 day for every year of service up to a maximum of 30 days); Hybrid working and flexible working hours; Matching pension contribution up to 7% and financial education; Fertility treatment leave - 5 days of leave per cycle of treatment per year; Maternity leave - 26 weeks of full pay followed by 13 weeks of half pay; Paternity leave - 6 weeks of full pay. Private dental and medical insurance (taxable benefit) for you and your family; Virtual GP for you and your family members that live in the same household; Various gym discounts for you and your partner; The role will be based in our London office. However, we have flexible working arrangements available. Interested in building your career at S-RM? Get future opportunities sent straight to your email.
Salary: £35,000 - 42,000 per year Requirements We require a bachelors degree in Computer Science, Cybersecurity, Information Technology, or a related field, or equivalent work experience. We require at least 4 years of experience in cybersecurity, ideally in SOC, incident response, or threat analysis roles. We highly value relevant certifications such as CISSP, CEH, GCIH, GCIA, or CISM. We require strong technical knowledge of firewalls, IDS/IPS, endpoint protection, and threat-hunting tools. We require experience with scripting and automation using Python, PowerShell, or similar languages. We require a strong understanding of networking concepts, protocols, and security controls. We consider familiarity with cloud security, including Azure and M365, an advantage. We require experience configuring and supporting Windows Server environments. We require strong analytical and problem-solving skills. We require excellent verbal and written communication skills. We require the ability to remain calm under pressure and manage multiple tasks effectively. We value a high level of self motivation, a willingness to learn new skills, and a flexible, enthusiastic approach. Responsibilities We investigate and respond to security incidents, ensuring rapid containment, eradication, and recovery. We conduct root cause analysis of security breaches and produce detailed incident reports. We collaborate with stakeholders to refine and improve incident response plans and playbooks. We monitor and analyse security alerts and logs from SIEM, IDS/IPS, and endpoint detection tools. We identify and elevate potential security threats or vulnerabilities in real time. We continuously improve SOC workflows, tools, and processes to increase efficiency. We research emerging threats, vulnerabilities, and attack vectors and assess their impact. We develop strategies to reduce risk based on threat intelligence. We stay current on cybersecurity trends and regulatory requirements. We perform vulnerability assessments and penetration testing on systems and networks. We implement and maintain security tools such as firewalls, endpoint protection, and email security systems. We work with customer IT teams and other LoughTec teams to ensure secure configurations and best practices are applied. We support security awareness by training staff on incident prevention and response. We provide mentorship and guidance to junior team members and SOC analysts. We participate in security audits, risk assessments, and compliance activities. Technologies Azure Cloud Support PowerShell Python Security Windows Network We are LoughTec Ltd, based in Omagh, and we are seeking a proactive Cyber Security Engineer to join our dynamic security team. This is a fast paced role working with cutting edge technology and complex cybersecurity challenges, with a strong focus on defending our organisation against cyber threats and strengthening our overall security posture. We provide internal training on our products and services, a company rewards scheme, a paid birthday day off, mileage reimbursement for site visits, death in service cover at 2x annual salary, access to a health plan, work from home options when required, and a salary sacrifice electric car scheme. Our standard working hours are Monday to Friday, 9:00am to 5:00pm, and we are an equal opportunities employer.
23/06/2026
Full time
Salary: £35,000 - 42,000 per year Requirements We require a bachelors degree in Computer Science, Cybersecurity, Information Technology, or a related field, or equivalent work experience. We require at least 4 years of experience in cybersecurity, ideally in SOC, incident response, or threat analysis roles. We highly value relevant certifications such as CISSP, CEH, GCIH, GCIA, or CISM. We require strong technical knowledge of firewalls, IDS/IPS, endpoint protection, and threat-hunting tools. We require experience with scripting and automation using Python, PowerShell, or similar languages. We require a strong understanding of networking concepts, protocols, and security controls. We consider familiarity with cloud security, including Azure and M365, an advantage. We require experience configuring and supporting Windows Server environments. We require strong analytical and problem-solving skills. We require excellent verbal and written communication skills. We require the ability to remain calm under pressure and manage multiple tasks effectively. We value a high level of self motivation, a willingness to learn new skills, and a flexible, enthusiastic approach. Responsibilities We investigate and respond to security incidents, ensuring rapid containment, eradication, and recovery. We conduct root cause analysis of security breaches and produce detailed incident reports. We collaborate with stakeholders to refine and improve incident response plans and playbooks. We monitor and analyse security alerts and logs from SIEM, IDS/IPS, and endpoint detection tools. We identify and elevate potential security threats or vulnerabilities in real time. We continuously improve SOC workflows, tools, and processes to increase efficiency. We research emerging threats, vulnerabilities, and attack vectors and assess their impact. We develop strategies to reduce risk based on threat intelligence. We stay current on cybersecurity trends and regulatory requirements. We perform vulnerability assessments and penetration testing on systems and networks. We implement and maintain security tools such as firewalls, endpoint protection, and email security systems. We work with customer IT teams and other LoughTec teams to ensure secure configurations and best practices are applied. We support security awareness by training staff on incident prevention and response. We provide mentorship and guidance to junior team members and SOC analysts. We participate in security audits, risk assessments, and compliance activities. Technologies Azure Cloud Support PowerShell Python Security Windows Network We are LoughTec Ltd, based in Omagh, and we are seeking a proactive Cyber Security Engineer to join our dynamic security team. This is a fast paced role working with cutting edge technology and complex cybersecurity challenges, with a strong focus on defending our organisation against cyber threats and strengthening our overall security posture. We provide internal training on our products and services, a company rewards scheme, a paid birthday day off, mileage reimbursement for site visits, death in service cover at 2x annual salary, access to a health plan, work from home options when required, and a salary sacrifice electric car scheme. Our standard working hours are Monday to Friday, 9:00am to 5:00pm, and we are an equal opportunities employer.
We are seeking a skilled and proactive Tier 2 Security Operations Centre (SOC) Analyst to play a critical role in our 24x7 Security Operations Centre. As a Tier 2 Analyst, you will lead the investigation, containment, and coordination of security incidents, working closely with Tier 1 analysts, internal IT teams, and external stakeholders. You'll take ownership of more complex alerts, support threat hunting and intelligence efforts, and contribute to the refinement of detection rules, playbooks, and response procedures. This is an excellent opportunity for an experienced security analyst ready to take the next step - with a chance to mentor junior analysts, deepen your technical expertise, and help shape our evolving security posture in a collaborative, hands on environment. Key responsibilities for this role may include: Incident Detection & Response: Lead the triage, investigation, and classification of security events using SIEM and other tooling Take ownership of end to end handling of medium to high severity incidents, coordinating containment and remediation efforts Maintain detailed incident records, including timelines, impact assessments, root cause analysis, and mitigation steps Act as an escalation point for Tier 1 analysts, guiding initial response actions and validating escalations Threat Intelligence and Analysis: Perform in depth analysis of suspicious activity, identifying indicators of compromise and attribution patterns Lead threat intelligence sharing within the organisation and with external partners Mentor Tier 1 staff in interpreting threat data and logs during investigations Security Monitoring and Detection Engineering: Conduct continuous security monitoring of network traffic, endpoints, and critical systems Proactively tune and improve SIEM rules, alerts, and correlation logic to reduce false positives and increase detection fidelity Support onboarding of new data sources into SIEM and help define parsing, enrichment, and correlation logic Lead investigations into recurring false positives or noisy alerts and propose sustainable resolutions Support deployment and configuration of security tooling Compliance, Reporting and Documentation: Lead security audits and assessments, providing evidence of SOC activities and controls Maintain accurate records of all events handled, including triage notes and escalation details. Lead the delivery of incident and vulnerability summaries to the management team and customers as part of Service Reviews or Security Working Groups Lead post incident reviews and document lessons learned Ensure compliance with industry standards, regulations, and internal security policies Prepare and present regular reports and metrics on SOC operations and overall security posture Vulnerability Management: Coordinate and support risk based prioritisation of vulnerability remediation efforts Support vulnerability lifecycle management, including exception handling, patch validation, and reporting Provide vulnerability remediation guidance based on CVSS scores, threat context and business impacts Collaboration and knowledge sharing: Act as a technical mentor to Tier 1 analysts, supporting their development and escalation handling Work closely with other IT teams (e.g., Network, Architecture, and Development teams) to identify and resolve security issues Share insights, threat intelligence, and incident learnings to improve the overall security posture of the organization As a T2 SOC Analyst, you will have: 1 to 5 years of hands on experience in a SOC or similar security operations role, with demonstrable exposure to alert triage, incident response, security monitoring, and threat analysis Experience handling real world security incidents and working with SIEM, EDR, or vulnerability management tools Candidates with strong practical experience through labs, home projects, certifications, or internships may also be considered if they can demonstrate applied knowledge at a Tier 2 level Bachelor's degree in Computer Science, Information Security, Cyber Security or related field, or equivalent experience desirable. Any SIEM specific certification or vendor specific training. Relevant cybersecurity certifications such as Certified Cloud Security Professional (CCSP) or other relevant security certifications, Security+ (CompTIA), CEH (Certified Ethical Hacker), CISSP, BTL1, BTL2 or others are highly desirable but not essential.
23/06/2026
Full time
We are seeking a skilled and proactive Tier 2 Security Operations Centre (SOC) Analyst to play a critical role in our 24x7 Security Operations Centre. As a Tier 2 Analyst, you will lead the investigation, containment, and coordination of security incidents, working closely with Tier 1 analysts, internal IT teams, and external stakeholders. You'll take ownership of more complex alerts, support threat hunting and intelligence efforts, and contribute to the refinement of detection rules, playbooks, and response procedures. This is an excellent opportunity for an experienced security analyst ready to take the next step - with a chance to mentor junior analysts, deepen your technical expertise, and help shape our evolving security posture in a collaborative, hands on environment. Key responsibilities for this role may include: Incident Detection & Response: Lead the triage, investigation, and classification of security events using SIEM and other tooling Take ownership of end to end handling of medium to high severity incidents, coordinating containment and remediation efforts Maintain detailed incident records, including timelines, impact assessments, root cause analysis, and mitigation steps Act as an escalation point for Tier 1 analysts, guiding initial response actions and validating escalations Threat Intelligence and Analysis: Perform in depth analysis of suspicious activity, identifying indicators of compromise and attribution patterns Lead threat intelligence sharing within the organisation and with external partners Mentor Tier 1 staff in interpreting threat data and logs during investigations Security Monitoring and Detection Engineering: Conduct continuous security monitoring of network traffic, endpoints, and critical systems Proactively tune and improve SIEM rules, alerts, and correlation logic to reduce false positives and increase detection fidelity Support onboarding of new data sources into SIEM and help define parsing, enrichment, and correlation logic Lead investigations into recurring false positives or noisy alerts and propose sustainable resolutions Support deployment and configuration of security tooling Compliance, Reporting and Documentation: Lead security audits and assessments, providing evidence of SOC activities and controls Maintain accurate records of all events handled, including triage notes and escalation details. Lead the delivery of incident and vulnerability summaries to the management team and customers as part of Service Reviews or Security Working Groups Lead post incident reviews and document lessons learned Ensure compliance with industry standards, regulations, and internal security policies Prepare and present regular reports and metrics on SOC operations and overall security posture Vulnerability Management: Coordinate and support risk based prioritisation of vulnerability remediation efforts Support vulnerability lifecycle management, including exception handling, patch validation, and reporting Provide vulnerability remediation guidance based on CVSS scores, threat context and business impacts Collaboration and knowledge sharing: Act as a technical mentor to Tier 1 analysts, supporting their development and escalation handling Work closely with other IT teams (e.g., Network, Architecture, and Development teams) to identify and resolve security issues Share insights, threat intelligence, and incident learnings to improve the overall security posture of the organization As a T2 SOC Analyst, you will have: 1 to 5 years of hands on experience in a SOC or similar security operations role, with demonstrable exposure to alert triage, incident response, security monitoring, and threat analysis Experience handling real world security incidents and working with SIEM, EDR, or vulnerability management tools Candidates with strong practical experience through labs, home projects, certifications, or internships may also be considered if they can demonstrate applied knowledge at a Tier 2 level Bachelor's degree in Computer Science, Information Security, Cyber Security or related field, or equivalent experience desirable. Any SIEM specific certification or vendor specific training. Relevant cybersecurity certifications such as Certified Cloud Security Professional (CCSP) or other relevant security certifications, Security+ (CompTIA), CEH (Certified Ethical Hacker), CISSP, BTL1, BTL2 or others are highly desirable but not essential.
Career Choices Dewis Gyrfa Ltd
Manchester, Lancashire
Data Security Analyst (Incident Response Lead) Employer: Government Recruitment Service Location: Manchester Pay: £43,760 to £51,690 per year, National: £43,760 - £47,413 London: £47,670 - £51,690 Offers above the Band minimum are subject to our assessment of your skills and experience as demonstrated at interview. Salaries over the Band minimum will be paid as a non-pensionable allowance Contract Type: Permanent Hours: Full time Disability Confident: Yes Closing Date: 02/07/2026 About this job The Cabinet Office supports the Prime Minister and ensures the effective running of government. It is also the corporate headquarters for government, in partnership with HM Treasury, and takes the lead in certain critical policy areas. We are the Cabinet Office's cyber security team, and our mission is to secure the department against cyber threats. We protect our nationwide internal IT infrastructure, and high-profile citizen-facing digital services such as GOV.UK. This role is within Cyber Defence, which delivers cyber threat intelligence, threat detection, incident response and vulnerability management capabilities for the Cabinet Office, and is responsible for protecting and securing internal IT infrastructure and citizen-facing services. As a data security analyst, you'll focus on the investigation and response to data security incidents, and will: triage and investigate data security alerts (including from our email, productivity, network, and endpoint tools); use a variety of techniques to analyse systems, network traffic and cloud environments and understand the nature and extent of possible data security incidents; support the response to data security incidents by identifying and implementing (or supporting the implementation of) containment, eradication and recovery actions; engage and collaborate with Data Protection, Security, and wider Corporate Services functions; coordinate data security incidents; contribute to post-incident reviews to identify lessons and actions; identify opportunities for, and support the delivery of, continual improvements to the data security capability; work closely alongside other Cyber Defence functions, supporting the continual improvement of wider capabilities; contribute to internal plans, playbooks and knowledge base articles; act as an escalation point for, and provide coaching and mentoring to, associate security analysts. Incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join. Proud member of the Disability Confident employer scheme
23/06/2026
Full time
Data Security Analyst (Incident Response Lead) Employer: Government Recruitment Service Location: Manchester Pay: £43,760 to £51,690 per year, National: £43,760 - £47,413 London: £47,670 - £51,690 Offers above the Band minimum are subject to our assessment of your skills and experience as demonstrated at interview. Salaries over the Band minimum will be paid as a non-pensionable allowance Contract Type: Permanent Hours: Full time Disability Confident: Yes Closing Date: 02/07/2026 About this job The Cabinet Office supports the Prime Minister and ensures the effective running of government. It is also the corporate headquarters for government, in partnership with HM Treasury, and takes the lead in certain critical policy areas. We are the Cabinet Office's cyber security team, and our mission is to secure the department against cyber threats. We protect our nationwide internal IT infrastructure, and high-profile citizen-facing digital services such as GOV.UK. This role is within Cyber Defence, which delivers cyber threat intelligence, threat detection, incident response and vulnerability management capabilities for the Cabinet Office, and is responsible for protecting and securing internal IT infrastructure and citizen-facing services. As a data security analyst, you'll focus on the investigation and response to data security incidents, and will: triage and investigate data security alerts (including from our email, productivity, network, and endpoint tools); use a variety of techniques to analyse systems, network traffic and cloud environments and understand the nature and extent of possible data security incidents; support the response to data security incidents by identifying and implementing (or supporting the implementation of) containment, eradication and recovery actions; engage and collaborate with Data Protection, Security, and wider Corporate Services functions; coordinate data security incidents; contribute to post-incident reviews to identify lessons and actions; identify opportunities for, and support the delivery of, continual improvements to the data security capability; work closely alongside other Cyber Defence functions, supporting the continual improvement of wider capabilities; contribute to internal plans, playbooks and knowledge base articles; act as an escalation point for, and provide coaching and mentoring to, associate security analysts. Incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join. Proud member of the Disability Confident employer scheme
Job Description We are looking for a Cyber Security Analyst to join the ARCHANGEL Protective Monitoring (ProMon) Team. ARCHANGEL delivers specialist technical cyber security services to a range of clients across a variety of industries including construction, government, defence and aerospace. The ARCHANGEL ProMon Team sits within the Bristol Service Operations Centre (SOC) and is responsible for providing thorough initial investigation into anomalous network activity that may lead to potential security incidents. What You Will Do As a Cyber Security Analyst Provide monitoring, alerting and incident handling services within the SOC in line with SLAs. Act as the initial analytical reference point for identifying and then quantifying the nature and extent of security incidents and offer initial professional advice relating to possible business impact in order to reduce both the Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR). Advise on incident containment measures through recommended initial actions to customers in collaboration with the Incident Response (IR) Team. Provide advice relating to potential mitigation measures in order to prevent or limit future reoccurrence in collaboration with the Incident Response (IR) Team. Perform proactive analysis across client networks by staying abreast of current threats and trends. Develop and maintain a credible knowledge of current and emerging threats likely to affect the integrity of the managed service you are protecting. Review reoccurring false positive firings and assist in tuning of SIEM and IDS rules to reduce false positives and maintain good security alerting. Create reporting for management and clients on security incidents and threat intelligence trends. What You'll Bring Ability to excellently communicate at all levels - working with customers is a must, so you must be able to let them know what's going on. Experience in Cyber Security, e.g. Protective Monitoring, Incident Response, Security Engineering. SIEM (LogRhythm, Arcsight, Splunk, etc) & IDS (Snort) experience. Sound knowledge of IT security best practices, common attack types & detection/prevention methods. Understanding of Incident Response, Cyber Kill Chain, Threat Modelling and pertinent Attack Vectors. Collaborative working ethos to create pertinent Playbooks and Use Cases. Experience analysing & interpreting system, security & application logs to diagnose faults & spot abnormal behaviours. Great organisational skills & attention to detail. Ability to work independently & as part of a team. Highly motivated, with the aptitude to learn new skills. These Additional Skills Will Also Help SANS SEC 503 Intrusion Detection in Depth or equivalent. SANS SEC 504 Incident Handling, Hacker Tools and Techniques or equivalent. SANS SEC 508 Advanced Incident Response, Threat Hunting, and Digital Forensics or equivalent. SANS SEC 511 Continuous Monitoring and Security Operations or equivalent. Exposure to IT service management best practices such as ITIL. Knowledge of standards & guidelines such as ISO27001, GDPR principles and GPG-13. Threat Intelligence experience. Report writing. Security Clearance This role is subject to pre employment screening in line with the UK Government's Baseline Personnel Security Standard (BPSS). An additional range of Personnel Security Controls referred to as National Security Vetting (NSV) may apply, which could include meeting the eligibility requirements for The Security Check (SC) or Developed Vetting (DV). Why join us Enjoy generous leave with the opportunity to accrue up to 12 additional flexi days each year. Benefit from an award winning pension scheme with up to 15% employer contribution. Free access to mental health support, financial advice, and employee led networks championing inclusion and diversity. Eligible for the bonus scheme for employees at management level and below. Free access to 4,000+ online courses via Coursera and LinkedIn Learning. Financial reward through the referral programme. Spend up to £500 annually on flexible benefits including private healthcare, dental, family cover, tech & lifestyle discounts, gym memberships and more. Flexible working - flexible hours with hybrid working options; onsite is required for part time roles. We are committed to building an inclusive, accessible and welcoming workplace. Primary Location: GB - Bristol - Coldharbour Lane Contract Type: Permanent Hybrid Working: Onsite
23/06/2026
Full time
Job Description We are looking for a Cyber Security Analyst to join the ARCHANGEL Protective Monitoring (ProMon) Team. ARCHANGEL delivers specialist technical cyber security services to a range of clients across a variety of industries including construction, government, defence and aerospace. The ARCHANGEL ProMon Team sits within the Bristol Service Operations Centre (SOC) and is responsible for providing thorough initial investigation into anomalous network activity that may lead to potential security incidents. What You Will Do As a Cyber Security Analyst Provide monitoring, alerting and incident handling services within the SOC in line with SLAs. Act as the initial analytical reference point for identifying and then quantifying the nature and extent of security incidents and offer initial professional advice relating to possible business impact in order to reduce both the Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR). Advise on incident containment measures through recommended initial actions to customers in collaboration with the Incident Response (IR) Team. Provide advice relating to potential mitigation measures in order to prevent or limit future reoccurrence in collaboration with the Incident Response (IR) Team. Perform proactive analysis across client networks by staying abreast of current threats and trends. Develop and maintain a credible knowledge of current and emerging threats likely to affect the integrity of the managed service you are protecting. Review reoccurring false positive firings and assist in tuning of SIEM and IDS rules to reduce false positives and maintain good security alerting. Create reporting for management and clients on security incidents and threat intelligence trends. What You'll Bring Ability to excellently communicate at all levels - working with customers is a must, so you must be able to let them know what's going on. Experience in Cyber Security, e.g. Protective Monitoring, Incident Response, Security Engineering. SIEM (LogRhythm, Arcsight, Splunk, etc) & IDS (Snort) experience. Sound knowledge of IT security best practices, common attack types & detection/prevention methods. Understanding of Incident Response, Cyber Kill Chain, Threat Modelling and pertinent Attack Vectors. Collaborative working ethos to create pertinent Playbooks and Use Cases. Experience analysing & interpreting system, security & application logs to diagnose faults & spot abnormal behaviours. Great organisational skills & attention to detail. Ability to work independently & as part of a team. Highly motivated, with the aptitude to learn new skills. These Additional Skills Will Also Help SANS SEC 503 Intrusion Detection in Depth or equivalent. SANS SEC 504 Incident Handling, Hacker Tools and Techniques or equivalent. SANS SEC 508 Advanced Incident Response, Threat Hunting, and Digital Forensics or equivalent. SANS SEC 511 Continuous Monitoring and Security Operations or equivalent. Exposure to IT service management best practices such as ITIL. Knowledge of standards & guidelines such as ISO27001, GDPR principles and GPG-13. Threat Intelligence experience. Report writing. Security Clearance This role is subject to pre employment screening in line with the UK Government's Baseline Personnel Security Standard (BPSS). An additional range of Personnel Security Controls referred to as National Security Vetting (NSV) may apply, which could include meeting the eligibility requirements for The Security Check (SC) or Developed Vetting (DV). Why join us Enjoy generous leave with the opportunity to accrue up to 12 additional flexi days each year. Benefit from an award winning pension scheme with up to 15% employer contribution. Free access to mental health support, financial advice, and employee led networks championing inclusion and diversity. Eligible for the bonus scheme for employees at management level and below. Free access to 4,000+ online courses via Coursera and LinkedIn Learning. Financial reward through the referral programme. Spend up to £500 annually on flexible benefits including private healthcare, dental, family cover, tech & lifestyle discounts, gym memberships and more. Flexible working - flexible hours with hybrid working options; onsite is required for part time roles. We are committed to building an inclusive, accessible and welcoming workplace. Primary Location: GB - Bristol - Coldharbour Lane Contract Type: Permanent Hybrid Working: Onsite
Location: Leeds (Hybrid - office-based days, home-based nights). Salary: £58,620 package (£48,654.60 base salary + £9,965.40 shift allowance). Hours: 24/7 rotating shift pattern - 12-hour shifts, 4 on / 4 off. Type: Permanent. Cyber Security Analyst - Join a High-Performing Cyber Security Team An established international technology and cybersecurity services provider is investing heavily in its Security Operations capability and is looking to appoint multiple Security Analysts to join a growing 24/7 cyber defence team based in Leeds. This is an opportunity to work within a dedicated security operations environment supporting a highly regulated customer estate, taking ownership of security incidents from detection through to investigation, containment, remediation and post incident review. Unlike many traditional SOC roles focused purely on alert monitoring, this position offers genuine involvement across threat hunting, vulnerability management, exposure validation, security tooling optimisation and proactive security operations. If you're looking for a role where you can develop your incident response capability, deepen your Microsoft security expertise and work with modern security tooling in a mature operational environment, this could be an excellent next step. The Role As a Senior Security Analyst, you will play a key role in protecting critical business systems and responding to evolving cyber threats. Key responsibilities Monitoring and investigating security events across endpoint, cloud, identity and network environments Managing security incidents through the full incident lifecycle Performing detailed investigations and root cause analysis Conducting threat hunting activities and proactive security investigations Querying and analysing data within Microsoft Sentinel using KQL Working with Microsoft Defender XDR technologies Validating indicators of compromise and assessing business impact Coordinating containment and remediation activities with technical teams Supporting vulnerability management activities and security posture improvements Contributing to detection engineering and alert tuning initiatives Producing technical documentation, incident reports and recommendations Supporting compliance and security governance requirements within a regulated environment Technology Environment You will gain exposure to a modern enterprise security stack including: Microsoft Sentinel Microsoft Defender XDR Defender for Endpoint Defender for Cloud Defender for Identity Defender for Cloud Apps Microsoft Intune Qualys AttackIQ XM Cyber Threat Intelligence platforms Security Automation and Detection tooling What We're Looking For We're interested in speaking with professionals who have experience in: SOC Operations Security Monitoring Incident Response Threat Hunting Detection Engineering Security Operations Engineering Cyber Defence Vulnerability Management You may currently be working as a: Senior SOC Analyst SOC Analyst Cyber Security Analyst Security Analyst Incident Response Analyst Threat Detection Analyst Security Operations Analyst Blue Team Analyst Experience with Microsoft Sentinel, KQL and the wider Microsoft security ecosystem would be highly advantageous. Knowledge of frameworks such as NIST, ISO27001, CIS Controls and MITRE ATT&CK would also be beneficial. Candidates must be eligible to undergo UK security screening requirements. Why Apply? This organisation is a recognised international technology and cybersecurity provider supporting business customers globally. You'll join a business that combines enterprise scale technology with a people first culture, offering genuine career progression, structured learning pathways and access to some of the most recognised technology partnerships in the industry. The environment offers exposure to modern cloud and cyber security technologies, large scale enterprise estates and a collaborative team culture where continuous development is actively encouraged. Benefits Package 25 days annual leave from day one (27 days after 2 years) Birthday day off every year Holiday buy and sell scheme (up to 3 days) Hybrid working model Home-based night shifts Pension scheme (employer contributions up to 5%) Income Protection Scheme Life Assurance cover up to 4x salary, with options to increase cover Critical Illness Cover options available Season Ticket Loan scheme Private Medical Insurance Dental Cover Mental Health First Aider network Wellbeing initiatives and support programmes Employee wellbeing forums and resources Enhanced maternity leave Enhanced paternity leave Dependency leave support Cycle to Work scheme Discounted gym memberships with access to over 2,500 clubs Retail discounts programme Modern office environment with social spaces Dedicated Learning & Development support Protected training time Industry leading instructor led training Technical certification support Microsoft accreditations AWS accreditations Cisco accreditations Fortinet accreditations Leadership development programmes Access to recognised professional qualifications Charity and volunteering programmes Global career prospects This is an excellent opportunity for an ambitious cyber security professional to join a highly respected technology organisation operating at the forefront of modern security operations. Whether you're an experienced Senior Analyst or a strong SOC Analyst looking to step into a more advanced security operations environment, we'd welcome a confidential discussion.
23/06/2026
Full time
Location: Leeds (Hybrid - office-based days, home-based nights). Salary: £58,620 package (£48,654.60 base salary + £9,965.40 shift allowance). Hours: 24/7 rotating shift pattern - 12-hour shifts, 4 on / 4 off. Type: Permanent. Cyber Security Analyst - Join a High-Performing Cyber Security Team An established international technology and cybersecurity services provider is investing heavily in its Security Operations capability and is looking to appoint multiple Security Analysts to join a growing 24/7 cyber defence team based in Leeds. This is an opportunity to work within a dedicated security operations environment supporting a highly regulated customer estate, taking ownership of security incidents from detection through to investigation, containment, remediation and post incident review. Unlike many traditional SOC roles focused purely on alert monitoring, this position offers genuine involvement across threat hunting, vulnerability management, exposure validation, security tooling optimisation and proactive security operations. If you're looking for a role where you can develop your incident response capability, deepen your Microsoft security expertise and work with modern security tooling in a mature operational environment, this could be an excellent next step. The Role As a Senior Security Analyst, you will play a key role in protecting critical business systems and responding to evolving cyber threats. Key responsibilities Monitoring and investigating security events across endpoint, cloud, identity and network environments Managing security incidents through the full incident lifecycle Performing detailed investigations and root cause analysis Conducting threat hunting activities and proactive security investigations Querying and analysing data within Microsoft Sentinel using KQL Working with Microsoft Defender XDR technologies Validating indicators of compromise and assessing business impact Coordinating containment and remediation activities with technical teams Supporting vulnerability management activities and security posture improvements Contributing to detection engineering and alert tuning initiatives Producing technical documentation, incident reports and recommendations Supporting compliance and security governance requirements within a regulated environment Technology Environment You will gain exposure to a modern enterprise security stack including: Microsoft Sentinel Microsoft Defender XDR Defender for Endpoint Defender for Cloud Defender for Identity Defender for Cloud Apps Microsoft Intune Qualys AttackIQ XM Cyber Threat Intelligence platforms Security Automation and Detection tooling What We're Looking For We're interested in speaking with professionals who have experience in: SOC Operations Security Monitoring Incident Response Threat Hunting Detection Engineering Security Operations Engineering Cyber Defence Vulnerability Management You may currently be working as a: Senior SOC Analyst SOC Analyst Cyber Security Analyst Security Analyst Incident Response Analyst Threat Detection Analyst Security Operations Analyst Blue Team Analyst Experience with Microsoft Sentinel, KQL and the wider Microsoft security ecosystem would be highly advantageous. Knowledge of frameworks such as NIST, ISO27001, CIS Controls and MITRE ATT&CK would also be beneficial. Candidates must be eligible to undergo UK security screening requirements. Why Apply? This organisation is a recognised international technology and cybersecurity provider supporting business customers globally. You'll join a business that combines enterprise scale technology with a people first culture, offering genuine career progression, structured learning pathways and access to some of the most recognised technology partnerships in the industry. The environment offers exposure to modern cloud and cyber security technologies, large scale enterprise estates and a collaborative team culture where continuous development is actively encouraged. Benefits Package 25 days annual leave from day one (27 days after 2 years) Birthday day off every year Holiday buy and sell scheme (up to 3 days) Hybrid working model Home-based night shifts Pension scheme (employer contributions up to 5%) Income Protection Scheme Life Assurance cover up to 4x salary, with options to increase cover Critical Illness Cover options available Season Ticket Loan scheme Private Medical Insurance Dental Cover Mental Health First Aider network Wellbeing initiatives and support programmes Employee wellbeing forums and resources Enhanced maternity leave Enhanced paternity leave Dependency leave support Cycle to Work scheme Discounted gym memberships with access to over 2,500 clubs Retail discounts programme Modern office environment with social spaces Dedicated Learning & Development support Protected training time Industry leading instructor led training Technical certification support Microsoft accreditations AWS accreditations Cisco accreditations Fortinet accreditations Leadership development programmes Access to recognised professional qualifications Charity and volunteering programmes Global career prospects This is an excellent opportunity for an ambitious cyber security professional to join a highly respected technology organisation operating at the forefront of modern security operations. Whether you're an experienced Senior Analyst or a strong SOC Analyst looking to step into a more advanced security operations environment, we'd welcome a confidential discussion.
About the Role Information Security is responsible for the stability, maturity, and continuous improvement of the firm's operational security and privacy controls. This includes leading the monitoring, detection, response, and management of cyber and data related risks while ensuring compliance with UK GDPR, ISO27001, and client expectations. The role plays a key part in the operational management of security and privacy risk across the firm's technology environment, working with third party service providers to deliver threat detection, incident response, data protection controls, and operational workflows. It is a hands on technical role requiring strong analytical skills, attention to detail, and a proactive mindset. The ideal candidate will have practical experience with Microsoft security and compliance technologies, be interested in learning advanced detection and automation techniques, and wish to contribute to a growing, high performing security operations capability. Key Responsibilities Monitor security event identification via the third party security operations service. Triage, analyse, and investigate incidents to validate potential threats, anomalies, or policy violations. Coordinate incident response activities including containment, evidence collection, documentation, and recovery support. Contribute to threat hunting activities using KQL queries and intelligence led techniques. Maintain accurate incident records, ensuring actions and outcomes are logged to a high standard. Facilitate security testing and awareness through threat simulations. Support the triage and processing of data subject rights (DSR) requests, including subject access requests (SARs). Conduct data discovery and collection across systems, ensuring completeness and accuracy. Support DPIA processes through data mapping, evidence gathering, and risk assessment input. Help maintain and tune Microsoft Defender, Sentinel, and Purview policies, analytics rules, alerts, and workflows. Support the development, testing, and maintenance of automated playbooks and response actions (e.g., Logic Apps). Verify compliance with expected practice in the operation of technology services, including security baseline and access right reviews. Support vulnerability management by tracking remediation, validating fixes, and assisting with reporting. Gather and analyse data to help identify trends, gaps, and areas for control improvement. Assist with periodic control reviews, audits, and compliance checks as required. Prepare operational reports, dashboards, and metrics for the Team Lead and wider stakeholders. Develop and maintain playbooks, runbooks, and procedural documentation. Contribute to continuous improvement activities, including identifying opportunities to streamline operations. Ensure all actions adhere to internal policies, regulatory requirements, and industry best practice. Qualifications & Experience Essential 3+ years' experience working in a security operations, IT security, privacy operations, or related technical role. Familiarity with Microsoft Defender XDR, Microsoft Sentinel (SIEM/SOAR), and privacy management solutions such as Purview or OneTrust. Basic understanding of key cybersecurity and privacy concepts: threat detection and analysis, incident response lifecycle, vulnerability and exposure management, data privacy principles, and data subject rights. Experience analysing logs, alerts, or data from security tools. Strong documentation, investigation, and analytical skills. Desirable Hands on experience writing KQL queries, PowerShell, or CLI commands. Exposure to automation or playbooks (Logic Apps, Defender workflows). Knowledge of frameworks such as MITRE ATT&CK or NIST CSF. Relevant certifications: SC 900, SC 200, AZ 900, AZ 500, CISSP, CIPP/E, CompTIA Security+, Foundation level data privacy certifications (e.g., BCS Certificate in Data Protection). Key Skills and Attributes Strong problem solving ability and attention to detail. Curious and proactive mindset with willingness to learn. Effective communicator capable of documenting findings clearly and concisely. Highly organised and able to manage multiple tasks with competing priorities. Collaborative team player with a commitment to continuous improvement. Ability to work with sensitive data responsibly and confidentially. Benefits Competitive salary.
23/06/2026
Full time
About the Role Information Security is responsible for the stability, maturity, and continuous improvement of the firm's operational security and privacy controls. This includes leading the monitoring, detection, response, and management of cyber and data related risks while ensuring compliance with UK GDPR, ISO27001, and client expectations. The role plays a key part in the operational management of security and privacy risk across the firm's technology environment, working with third party service providers to deliver threat detection, incident response, data protection controls, and operational workflows. It is a hands on technical role requiring strong analytical skills, attention to detail, and a proactive mindset. The ideal candidate will have practical experience with Microsoft security and compliance technologies, be interested in learning advanced detection and automation techniques, and wish to contribute to a growing, high performing security operations capability. Key Responsibilities Monitor security event identification via the third party security operations service. Triage, analyse, and investigate incidents to validate potential threats, anomalies, or policy violations. Coordinate incident response activities including containment, evidence collection, documentation, and recovery support. Contribute to threat hunting activities using KQL queries and intelligence led techniques. Maintain accurate incident records, ensuring actions and outcomes are logged to a high standard. Facilitate security testing and awareness through threat simulations. Support the triage and processing of data subject rights (DSR) requests, including subject access requests (SARs). Conduct data discovery and collection across systems, ensuring completeness and accuracy. Support DPIA processes through data mapping, evidence gathering, and risk assessment input. Help maintain and tune Microsoft Defender, Sentinel, and Purview policies, analytics rules, alerts, and workflows. Support the development, testing, and maintenance of automated playbooks and response actions (e.g., Logic Apps). Verify compliance with expected practice in the operation of technology services, including security baseline and access right reviews. Support vulnerability management by tracking remediation, validating fixes, and assisting with reporting. Gather and analyse data to help identify trends, gaps, and areas for control improvement. Assist with periodic control reviews, audits, and compliance checks as required. Prepare operational reports, dashboards, and metrics for the Team Lead and wider stakeholders. Develop and maintain playbooks, runbooks, and procedural documentation. Contribute to continuous improvement activities, including identifying opportunities to streamline operations. Ensure all actions adhere to internal policies, regulatory requirements, and industry best practice. Qualifications & Experience Essential 3+ years' experience working in a security operations, IT security, privacy operations, or related technical role. Familiarity with Microsoft Defender XDR, Microsoft Sentinel (SIEM/SOAR), and privacy management solutions such as Purview or OneTrust. Basic understanding of key cybersecurity and privacy concepts: threat detection and analysis, incident response lifecycle, vulnerability and exposure management, data privacy principles, and data subject rights. Experience analysing logs, alerts, or data from security tools. Strong documentation, investigation, and analytical skills. Desirable Hands on experience writing KQL queries, PowerShell, or CLI commands. Exposure to automation or playbooks (Logic Apps, Defender workflows). Knowledge of frameworks such as MITRE ATT&CK or NIST CSF. Relevant certifications: SC 900, SC 200, AZ 900, AZ 500, CISSP, CIPP/E, CompTIA Security+, Foundation level data privacy certifications (e.g., BCS Certificate in Data Protection). Key Skills and Attributes Strong problem solving ability and attention to detail. Curious and proactive mindset with willingness to learn. Effective communicator capable of documenting findings clearly and concisely. Highly organised and able to manage multiple tasks with competing priorities. Collaborative team player with a commitment to continuous improvement. Ability to work with sensitive data responsibly and confidentially. Benefits Competitive salary.
Salary: £65,000 - 90,000 per year Requirements: We are looking for around five years of hands on experience in threat hunting, cyber threat detection, SOC, blue team, or cyber defence environments. We need strong hands on experience with SIEM platforms, including Microsoft Sentinel (KQL), Splunk (SPL), and Elastic Security/Kibana (KQL, ESQL). We require practical knowledge of MITRE ATT&CK, attacker techniques, and adversary tradecraft. We value experience working with indicators of compromise and threat intelligence feeds. We need solid experience across the security event lifecycle, including detection, investigation, and incident management. We require hands on experience with EDR/XDR technologies such as Microsoft Defender, CrowdStrike, SentinelOne, or Carbon Black. We need strong knowledge of networking fundamentals, including TCP/IP, DNS, HTTP/S, firewalls, VPNs, and proxy technologies. We require experience analysing telemetry from Windows, Linux, identity, endpoint, and network sources. We need strong analytical skills and the ability to communicate findings, impact, and risk clearly. We strongly prefer SANS/GIAC certifications such as GCIH, GCIA, GCED, GCTI, GMON, GDAT, or GCAT. We value OSCP or equivalent offensive security qualifications. We value Crest certifications such as CPIA, CRIA, CCTIA, or CCBTP. We value Microsoft SC-200 or related detection and response certifications. We welcome other recognised cyber security or threat intelligence credentials. We ideally prefer candidates who are SC Cleared or eligible for SC. Responsibilities: We conduct proactive threat hunting across log, endpoint, and network telemetry to identify suspicious, stealthy, or previously unknown threats. We develop and execute hunt hypotheses aligned to MITRE ATT&CK TTPs, adversary behaviours, and emerging threat intelligence. We write, refine, and optimise SIEM queries using KQL, SPL, Elastic/ESQL, and Kibana Query Language. We perform IOC analysis, enrichment, and validation using internal and external threat intelligence sources. We lead investigations from initial detection through scoping, root cause analysis, and impact assessment. We support incident management and incident response activities, including containment, remediation, escalation, and lessons learned. We collaborate closely with SOC teams, incident responders, red teams, and purple teams to validate detections and improve defensive coverage. We contribute to detection logic improvements, use case development, and continuous enhancement of hunting methodologies. We produce clear investigation write ups, timelines, and recommendations for both technical and non technical stakeholders. We take a hands on role within an advanced cyber defence function focused on proactive threat detection and adversary behaviour analysis. Technologies: HTTP Support Kibana Linux Network Security Splunk TCP/IP Windows More: We are hiring a Cyber Threat Detection Analyst / SIEM Analyst to join our advanced cyber defence function in Wokingham, Berkshire, with the role based on site. This is a hands on position focused on proactive threat hunting, adversary behaviour analysis, and high fidelity threat detection across enterprise environments. We offer a competitive salary dependent on experience, along with excellent benefits and training. The role is well suited to experienced SOC analysts who want to move into a more hunting led environment and deepen their expertise in detection engineering, incident response, and collaboration with red and purple team activities. Ideally, we are looking for candidates who are SC Cleared or eligible for SC.
21/06/2026
Full time
Salary: £65,000 - 90,000 per year Requirements: We are looking for around five years of hands on experience in threat hunting, cyber threat detection, SOC, blue team, or cyber defence environments. We need strong hands on experience with SIEM platforms, including Microsoft Sentinel (KQL), Splunk (SPL), and Elastic Security/Kibana (KQL, ESQL). We require practical knowledge of MITRE ATT&CK, attacker techniques, and adversary tradecraft. We value experience working with indicators of compromise and threat intelligence feeds. We need solid experience across the security event lifecycle, including detection, investigation, and incident management. We require hands on experience with EDR/XDR technologies such as Microsoft Defender, CrowdStrike, SentinelOne, or Carbon Black. We need strong knowledge of networking fundamentals, including TCP/IP, DNS, HTTP/S, firewalls, VPNs, and proxy technologies. We require experience analysing telemetry from Windows, Linux, identity, endpoint, and network sources. We need strong analytical skills and the ability to communicate findings, impact, and risk clearly. We strongly prefer SANS/GIAC certifications such as GCIH, GCIA, GCED, GCTI, GMON, GDAT, or GCAT. We value OSCP or equivalent offensive security qualifications. We value Crest certifications such as CPIA, CRIA, CCTIA, or CCBTP. We value Microsoft SC-200 or related detection and response certifications. We welcome other recognised cyber security or threat intelligence credentials. We ideally prefer candidates who are SC Cleared or eligible for SC. Responsibilities: We conduct proactive threat hunting across log, endpoint, and network telemetry to identify suspicious, stealthy, or previously unknown threats. We develop and execute hunt hypotheses aligned to MITRE ATT&CK TTPs, adversary behaviours, and emerging threat intelligence. We write, refine, and optimise SIEM queries using KQL, SPL, Elastic/ESQL, and Kibana Query Language. We perform IOC analysis, enrichment, and validation using internal and external threat intelligence sources. We lead investigations from initial detection through scoping, root cause analysis, and impact assessment. We support incident management and incident response activities, including containment, remediation, escalation, and lessons learned. We collaborate closely with SOC teams, incident responders, red teams, and purple teams to validate detections and improve defensive coverage. We contribute to detection logic improvements, use case development, and continuous enhancement of hunting methodologies. We produce clear investigation write ups, timelines, and recommendations for both technical and non technical stakeholders. We take a hands on role within an advanced cyber defence function focused on proactive threat detection and adversary behaviour analysis. Technologies: HTTP Support Kibana Linux Network Security Splunk TCP/IP Windows More: We are hiring a Cyber Threat Detection Analyst / SIEM Analyst to join our advanced cyber defence function in Wokingham, Berkshire, with the role based on site. This is a hands on position focused on proactive threat hunting, adversary behaviour analysis, and high fidelity threat detection across enterprise environments. We offer a competitive salary dependent on experience, along with excellent benefits and training. The role is well suited to experienced SOC analysts who want to move into a more hunting led environment and deepen their expertise in detection engineering, incident response, and collaboration with red and purple team activities. Ideally, we are looking for candidates who are SC Cleared or eligible for SC.
Salary: £75,000 - 75,000 per year Requirements Eligibility for un-caveated UK SC Clearance. At least 2 years of experience as a Cyber Security Operations Analyst or an equivalent role. Hands on experience with Splunk. Experience across the end to end incident response lifecycle. Detection engineering and alert development expertise. Strong scripting or programming skills in Python, Bash, C/C++, or Java. Solid grounding in cybersecurity fundamentals, including network security, cloud security, cryptography, and forensics. Understanding of common network protocols and attacker abuse patterns. Awareness of current APT groups and their TTPs. Knowledge of analysis techniques for Windows and/or Linux environments. Familiarity with threat intelligence frameworks and methodologies. Experience with cloud endpoints and networks. Technical background with strong engineering instincts and a proactive mindset. Responsibilities Develop, maintain, and optimise detection content, primarily within Splunk SIEM, to identify threats across cloud, endpoint, and network environments. Collaborate across security functions to identify gaps in logging, alerting, and detection coverage aligned to business risk. Improve SecOps processes by recommending enhanced logging, identifying trends, and driving operational optimisation. Conduct security monitoring, alert triage, and continuous improvement of detection rules on a rotating schedule. Lead and support incident response investigations, ensuring high quality documentation and escalation. Mentor and support junior analysts through guidance, coaching, and technical oversight. Serve as a technical SME on client engagements and present findings and recommendations to senior stakeholders. Participate in alert testing, readiness exercises, and incident response tabletop sessions. Stay current on emerging threat intelligence, attacker techniques, and relevant research. Provide approximately one week per month of on call availability for high priority incident response, with additional compensation provided. Technologies Bash Cloud Cryptography Support Java Linux Network Python Security Splunk Windows More We are a high-performing Blue Team operating at the forefront of modern security operations, seeking an accomplished Senior Cyber Operations Analyst to join us in Manchester on a hybrid basis. This is a technically demanding role for an experienced analyst with strong engineering instincts, hands on coding capability, and deep expertise in incident response, detection engineering, and adversary tradecraft. We offer a salary of up to £75,000 plus on call compensation, and the on call frequency may vary by client. This role is ideal for someone who has grown from an engineering background and is ready to make a significant impact in a senior, client facing security operations environment.
21/06/2026
Full time
Salary: £75,000 - 75,000 per year Requirements Eligibility for un-caveated UK SC Clearance. At least 2 years of experience as a Cyber Security Operations Analyst or an equivalent role. Hands on experience with Splunk. Experience across the end to end incident response lifecycle. Detection engineering and alert development expertise. Strong scripting or programming skills in Python, Bash, C/C++, or Java. Solid grounding in cybersecurity fundamentals, including network security, cloud security, cryptography, and forensics. Understanding of common network protocols and attacker abuse patterns. Awareness of current APT groups and their TTPs. Knowledge of analysis techniques for Windows and/or Linux environments. Familiarity with threat intelligence frameworks and methodologies. Experience with cloud endpoints and networks. Technical background with strong engineering instincts and a proactive mindset. Responsibilities Develop, maintain, and optimise detection content, primarily within Splunk SIEM, to identify threats across cloud, endpoint, and network environments. Collaborate across security functions to identify gaps in logging, alerting, and detection coverage aligned to business risk. Improve SecOps processes by recommending enhanced logging, identifying trends, and driving operational optimisation. Conduct security monitoring, alert triage, and continuous improvement of detection rules on a rotating schedule. Lead and support incident response investigations, ensuring high quality documentation and escalation. Mentor and support junior analysts through guidance, coaching, and technical oversight. Serve as a technical SME on client engagements and present findings and recommendations to senior stakeholders. Participate in alert testing, readiness exercises, and incident response tabletop sessions. Stay current on emerging threat intelligence, attacker techniques, and relevant research. Provide approximately one week per month of on call availability for high priority incident response, with additional compensation provided. Technologies Bash Cloud Cryptography Support Java Linux Network Python Security Splunk Windows More We are a high-performing Blue Team operating at the forefront of modern security operations, seeking an accomplished Senior Cyber Operations Analyst to join us in Manchester on a hybrid basis. This is a technically demanding role for an experienced analyst with strong engineering instincts, hands on coding capability, and deep expertise in incident response, detection engineering, and adversary tradecraft. We offer a salary of up to £75,000 plus on call compensation, and the on call frequency may vary by client. This role is ideal for someone who has grown from an engineering background and is ready to make a significant impact in a senior, client facing security operations environment.
Salary: £45,000 - 60,000 per year Requirements We require strong knowledge of SIEM platforms such as Microsoft Sentinel, Splunk, or Elastic. We require experience writing and tuning queries using Kusto Query Language (KQL), ES QL or Kibana Query Language, and Splunk SPL. We require an understanding of event correlation, alerting, and detection use case development. We require strong knowledge of Linux and Windows operating systems. We require strong knowledge of core networking concepts, including TCP/IP, DNS, HTTP/S, firewalls, and VPNs. We require experience analysing logs across endpoint, identity, network, and cloud environments. We require strong knowledge of EDR/XDR concepts and workflows. We require knowledge of IDS/IPS technologies and signature based detection. We require experience working with tools such as Microsoft Defender, CrowdStrike, SentinelOne, or similar. We require understanding of attacker Tactics, Techniques and Procedures (TTPs) and how they appear in logs and telemetry. We require familiarity with the MITRE ATT&CK framework. We require evidence of staying up to date with emerging threats, adversary tradecraft, and defensive techniques. We require experience handling security incidents through detection and triage, investigation and analysis, and handover to Incident Response teams. We require a strong understanding of incident management processes. We require knowledge of host based forensic concepts. We require the ability to apply post incident review learnings to improve detection and response. We prefer experience within a SOC or cyber defence environment. We prefer exposure to threat hunting or detection engineering. We prefer experience in high security or regulated environments. We prefer relevant cyber security certifications such as Microsoft SC 200, GIAC/SANS, CREST, or other recognised qualifications. We require UK nationality and either current SC clearance or eligibility for SC clearance. Responsibilities We monitor, analyse, and investigate security alerts across SIEM and security tooling. We conduct detailed investigations across log, endpoint, identity, and network telemetry. We develop and optimise detection logic and SIEM queries to improve alert fidelity. We analyse security events and correlate activity across multiple data sources. We support incident response activities, including containment, escalation, and remediation. We perform IOC analysis, enrichment, and validation using threat intelligence sources. We identify gaps in detection capabilities and contribute to continuous improvement. We work closely with infrastructure, SOC, and incident response teams to enhance response capability. We produce clear and structured investigation reports and escalation summaries. Technologies Cloud HTTP Support Kibana Linux Network Security Splunk TCP/IP Windows More We are a global technology organisation with a well established cyber security capability supporting mission critical environments. Cyber security is central to our strategy, and we continue to invest in tooling, threat intelligence, and specialist talent. Our security function operates at a mature level, combining Security Operations, threat detection, incident response, and continuous improvement practices to defend against evolving threats. This is an onsite role based in Berkshire, offering a salary of £45,000 to £60,000 plus excellent benefits and training. We provide strong investment in professional development, certifications, and progression, with opportunities to grow into Senior SIEM Analyst, Detection Engineer, or Threat Hunter roles.
21/06/2026
Full time
Salary: £45,000 - 60,000 per year Requirements We require strong knowledge of SIEM platforms such as Microsoft Sentinel, Splunk, or Elastic. We require experience writing and tuning queries using Kusto Query Language (KQL), ES QL or Kibana Query Language, and Splunk SPL. We require an understanding of event correlation, alerting, and detection use case development. We require strong knowledge of Linux and Windows operating systems. We require strong knowledge of core networking concepts, including TCP/IP, DNS, HTTP/S, firewalls, and VPNs. We require experience analysing logs across endpoint, identity, network, and cloud environments. We require strong knowledge of EDR/XDR concepts and workflows. We require knowledge of IDS/IPS technologies and signature based detection. We require experience working with tools such as Microsoft Defender, CrowdStrike, SentinelOne, or similar. We require understanding of attacker Tactics, Techniques and Procedures (TTPs) and how they appear in logs and telemetry. We require familiarity with the MITRE ATT&CK framework. We require evidence of staying up to date with emerging threats, adversary tradecraft, and defensive techniques. We require experience handling security incidents through detection and triage, investigation and analysis, and handover to Incident Response teams. We require a strong understanding of incident management processes. We require knowledge of host based forensic concepts. We require the ability to apply post incident review learnings to improve detection and response. We prefer experience within a SOC or cyber defence environment. We prefer exposure to threat hunting or detection engineering. We prefer experience in high security or regulated environments. We prefer relevant cyber security certifications such as Microsoft SC 200, GIAC/SANS, CREST, or other recognised qualifications. We require UK nationality and either current SC clearance or eligibility for SC clearance. Responsibilities We monitor, analyse, and investigate security alerts across SIEM and security tooling. We conduct detailed investigations across log, endpoint, identity, and network telemetry. We develop and optimise detection logic and SIEM queries to improve alert fidelity. We analyse security events and correlate activity across multiple data sources. We support incident response activities, including containment, escalation, and remediation. We perform IOC analysis, enrichment, and validation using threat intelligence sources. We identify gaps in detection capabilities and contribute to continuous improvement. We work closely with infrastructure, SOC, and incident response teams to enhance response capability. We produce clear and structured investigation reports and escalation summaries. Technologies Cloud HTTP Support Kibana Linux Network Security Splunk TCP/IP Windows More We are a global technology organisation with a well established cyber security capability supporting mission critical environments. Cyber security is central to our strategy, and we continue to invest in tooling, threat intelligence, and specialist talent. Our security function operates at a mature level, combining Security Operations, threat detection, incident response, and continuous improvement practices to defend against evolving threats. This is an onsite role based in Berkshire, offering a salary of £45,000 to £60,000 plus excellent benefits and training. We provide strong investment in professional development, certifications, and progression, with opportunities to grow into Senior SIEM Analyst, Detection Engineer, or Threat Hunter roles.
Salary: £50,000 - 58,000 per year Requirements: Proven experience working in a Security Operations Centre (SOC) Hands on SIEM experience (Microsoft Sentinel, Splunk, or similar) Strong understanding of MITRE ATT&CK and modern detection techniques Confident analysis across logs, endpoints and network traffic Solid knowledge of core networking protocols (TCP/IP, DNS, HTTP, SMTP) Awareness of enterprise security tooling (firewalls, AV, VPNs, IDS/IPS) Eligibility for DV Clearance (sole British National, UK resident for the past 10 years) Responsibilities: Monitoring, triaging and investigating security alerts in highly secure environments Analysing threats using SIEM, endpoint telemetry, network traffic and logs Supporting live incident response, escalation and containment activities Enhancing detections, rules and playbooks aligned to MITRE ATT&CK Producing clear, high-quality incident reports for both technical and senior stakeholders Contributing to threat intelligence and proactive defence initiatives Staying ahead of emerging TTPs, tooling and adversary behaviour Technologies: HTTP Network Security Splunk TCP/IP We are a high-performing Security Operations Centre located in Hemel Hempstead, UK, dedicated to supporting UK defence, aerospace, and national security programmes. We offer a competitive salary of up to £58K with a 20% shift allowance and operate on a 24/7 shift pattern. Our team plays a critical role in protecting country important systems against sophisticated threats, including nation state activities, while benefiting from a trusted consultancy environment.
21/06/2026
Full time
Salary: £50,000 - 58,000 per year Requirements: Proven experience working in a Security Operations Centre (SOC) Hands on SIEM experience (Microsoft Sentinel, Splunk, or similar) Strong understanding of MITRE ATT&CK and modern detection techniques Confident analysis across logs, endpoints and network traffic Solid knowledge of core networking protocols (TCP/IP, DNS, HTTP, SMTP) Awareness of enterprise security tooling (firewalls, AV, VPNs, IDS/IPS) Eligibility for DV Clearance (sole British National, UK resident for the past 10 years) Responsibilities: Monitoring, triaging and investigating security alerts in highly secure environments Analysing threats using SIEM, endpoint telemetry, network traffic and logs Supporting live incident response, escalation and containment activities Enhancing detections, rules and playbooks aligned to MITRE ATT&CK Producing clear, high-quality incident reports for both technical and senior stakeholders Contributing to threat intelligence and proactive defence initiatives Staying ahead of emerging TTPs, tooling and adversary behaviour Technologies: HTTP Network Security Splunk TCP/IP We are a high-performing Security Operations Centre located in Hemel Hempstead, UK, dedicated to supporting UK defence, aerospace, and national security programmes. We offer a competitive salary of up to £58K with a 20% shift allowance and operate on a 24/7 shift pattern. Our team plays a critical role in protecting country important systems against sophisticated threats, including nation state activities, while benefiting from a trusted consultancy environment.
Salary: £75,000 - 75,000 per year Requirements We require at least 2 years of experience as a Cyber Security Operations Analyst. We require experience working with Splunk and SIEM operations. We require proven experience across the end-to-end incident response lifecycle. We require experience in detection engineering and alert development. We require strong scripting or programming skills, ideally in Python and Bash; experience with C/C++ or Java is also valuable. We require solid cybersecurity fundamentals, including network security, cloud security, cryptography, and forensics. We require understanding of common network protocols and attacker abuse patterns. We require awareness of current APT groups and their tactics, techniques, and procedures. We require knowledge of analysis techniques for Windows and/or Linux environments. We require familiarity with threat intelligence frameworks and methodologies. We require candidates to be eligible for un-caveated UK SC Clearance. We require the ability to work in Glasgow on a hybrid basis and participate in on-call availability approximately one week per month. Responsibilities We develop, maintain, and optimise detection content, primarily within Splunk SIEM, to identify threats across cloud, endpoint, and network environments. We collaborate across security functions to identify gaps in logging, alerting, and detection coverage aligned to business risk. We improve SecOps processes by recommending enhanced logging, identifying trends, and driving operational optimisation. We conduct security monitoring, alert triage, and continuous improvement of detection rules on a rotating schedule. We lead and support incident response investigations, ensuring high-quality documentation and escalation. We mentor and support junior analysts through guidance, coaching, and technical oversight. We serve as a technical subject matter expert on client engagements and present findings and recommendations to senior stakeholders. We participate in alert testing, readiness exercises, and incident response tabletop sessions. We stay current on emerging threat intelligence, attacker techniques, and relevant research. We provide on-call support for high-priority incident response when required. Technologies Bash Cloud Cryptography Support Java Linux Network Python Security Splunk Windows More We are a high-performing Blue Team operating at the forefront of modern security operations, and we are seeking an accomplished Senior Cyber Operations Analyst to join us in Glasgow on a hybrid basis. This is a technical, hands on role for a senior analyst with strong engineering instincts, coding capability, and deep experience in incident response and detection engineering. We offer a salary of up to £75,000 plus on call compensation, and the role includes approximately one week per month of on call availability, with frequency varying by client. We are looking for a curious, proactive professional who is ready to advance their career and make a strong impact within a technically driven security team.
21/06/2026
Full time
Salary: £75,000 - 75,000 per year Requirements We require at least 2 years of experience as a Cyber Security Operations Analyst. We require experience working with Splunk and SIEM operations. We require proven experience across the end-to-end incident response lifecycle. We require experience in detection engineering and alert development. We require strong scripting or programming skills, ideally in Python and Bash; experience with C/C++ or Java is also valuable. We require solid cybersecurity fundamentals, including network security, cloud security, cryptography, and forensics. We require understanding of common network protocols and attacker abuse patterns. We require awareness of current APT groups and their tactics, techniques, and procedures. We require knowledge of analysis techniques for Windows and/or Linux environments. We require familiarity with threat intelligence frameworks and methodologies. We require candidates to be eligible for un-caveated UK SC Clearance. We require the ability to work in Glasgow on a hybrid basis and participate in on-call availability approximately one week per month. Responsibilities We develop, maintain, and optimise detection content, primarily within Splunk SIEM, to identify threats across cloud, endpoint, and network environments. We collaborate across security functions to identify gaps in logging, alerting, and detection coverage aligned to business risk. We improve SecOps processes by recommending enhanced logging, identifying trends, and driving operational optimisation. We conduct security monitoring, alert triage, and continuous improvement of detection rules on a rotating schedule. We lead and support incident response investigations, ensuring high-quality documentation and escalation. We mentor and support junior analysts through guidance, coaching, and technical oversight. We serve as a technical subject matter expert on client engagements and present findings and recommendations to senior stakeholders. We participate in alert testing, readiness exercises, and incident response tabletop sessions. We stay current on emerging threat intelligence, attacker techniques, and relevant research. We provide on-call support for high-priority incident response when required. Technologies Bash Cloud Cryptography Support Java Linux Network Python Security Splunk Windows More We are a high-performing Blue Team operating at the forefront of modern security operations, and we are seeking an accomplished Senior Cyber Operations Analyst to join us in Glasgow on a hybrid basis. This is a technical, hands on role for a senior analyst with strong engineering instincts, coding capability, and deep experience in incident response and detection engineering. We offer a salary of up to £75,000 plus on call compensation, and the role includes approximately one week per month of on call availability, with frequency varying by client. We are looking for a curious, proactive professional who is ready to advance their career and make a strong impact within a technically driven security team.
Department Technology Roles Location(s) Central London £53,267 - £67,369 (depending on skills and experience) Flexible working: We support a range of flexible working patterns, including part-time, compressed hours, and some flexibility around start and finish times. This is an office-based role, so homeworking isn't available. Please visit our work-life balance page to find out more about flexible working. About us MI5 keeps the country safe from serious threats like terrorism and attempts by states to harm the UK, its people, and way of life. We carry out investigations by obtaining, analysing, and assessing intelligence, and then work with a range of partners including MI6 and GCHQ, to disrupt these threats. Through our protective security arm, we provide advice and guidance to government, businesses, and other organisations on how to keep themselves safe. A role in MI5 means you'll do unique and challenging work in a supportive and encouraging environment, making a real difference to UK national security. The role The UK faces growing threats to its cyber security. Staying ahead of rapidly evolving technological challenges and increasing demand from our partners is critical. That's why our cyber team works at pace to analyse data and detect malicious activity that could harm national security. As a Cyber Threat Intelligence Analyst, you'll support MI5's cyber threat work and partner strategy. Drawing on your significant experience, you'll identify, investigate, and analyse cyber threats, carrying out meaningful work that keeps the UK safe. Work spans a range of technical areas, offering real scope. Day to day activities may include carrying out network analysis, applying an understanding of internet protocols to review network indicators, events, and topologies. Alternatively, disk and memory forensics knowledge may be applied to operating system artefacts, files and malware. Responsibilities may involve producing accurate reports or developing analytical or workflow capabilities, creating a diverse mix of investigative cyber work. This role goes beyond supporting MI5's operations, involving close collaboration with partners across government, finance, and the wider public sector to help meet growing demand. Activities range from performing intricate cyber analysis tasks and briefing internal and external stakeholders to using a variety of cyber tools. The role offers a good level of autonomy, while also encouraging you to support others by listening, guiding, and advising. About you You don't need a specific degree to apply, but you'll need significant experience working in cyber security, networking protocols, and data analysis, as well as either network or host based forensics. You'll come from an applied cyber background, where you've gained experience in threat analysis, SOC analysis, threat intelligence, or similar. This may include experience in other government departments, law enforcement, or financial, regulatory, or legal institutions. Our cyber team uses a wide range of tools and technologies, so expertise in any one is not essential. You might have had exposure to forensic tools such as X Ways, FTK, and EnCase, or network and security analysis programmes including Elasticsearch, Splunk, and Wireshark. This will be supported by an awareness of coding and programming, allowing you to read and understand inputs. Working as part of a busy yet collaborative team, you'll be confident engaging with colleagues as well as external partners. With a well developed analytical mindset, an organised approach, and a natural technical curiosity, you'll think creatively to solve problems and seek to understand how and why incidents occur. There is an opportunity to turn findings into clear, well structured reports, so good written communication skills and the ability to confidently explain complex technical subjects to non technical audiences are essential. You'll be keen to continue developing your technical capability, making the most of learning opportunities to stay ahead in a rapidly evolving cyber landscape. Training and development When you join, you'll complete an organisation wide Induction Roadmap and meet with key partners, customers, and stakeholders to build an understanding of how the team operates within MI5. Alongside this, you'll take part in a departmental induction and team rotations, giving you the chance to learn by shadowing more experienced colleagues. There are plenty of opportunities to support your training and development throughout your career with us. You'll receive a yearly learning budget and personal learning days, as well as access to internal and external training courses, mentoring, and tailored support to help strengthen any gaps in your knowledge. You'll be encouraged to join the Cyber Technical Framework (CTF). This is how we assess the knowledge, skills, and attributes of our cyber technical specialists, while also providing support to help you to progress your career in ways that suit your ambitions. Membership of the CTF is based on an application process, supported by skills based assessments. Rewards and benefits You'll receive a starting salary of £53,267 plus other benefits, including: 25 days' annual leave, rising automatically to 30 days after 5 years' service, plus an additional 10.5 days of public and privilege holidays opportunities to be recognised through our employee performance scheme an interest free season ticket loan a cycle to work scheme facilities such as a gym, restaurant, and on site coffee bars (at some locations) paid parental and adoption leave Equal opportunities At MI5, diversity and inclusion are critical to our mission. To protect the UK, we need a truly diverse workforce that reflects the society we serve. This includes diversity in every sense of the word: people with different backgrounds, ages, ethnicities, gender identities, sexual orientations, ways of thinking, and those with disabilities or neuro divergent conditions. We therefore welcome and encourage applications from everyone, including those from groups that are underrepresented in our workforce, such as women, people from ethnic minority backgrounds, people with disabilities, and those from low socio economic backgrounds. Find out more about our culture, working environment and diversity on our website. We're Disability Confident MI5 is proud to have achieved Leader status within the DWP's Disability Confident scheme. This is aimed at encouraging employers to think differently about disability and take action to improve how they recruit, retain, and develop disabled people. Being Disability Confident, we aim to offer a fair and proportionate number of person to person interviews to any candidate who self identifies as disabled and meets the essential criteria for the role. This is our 'Offer of Interview' (OOI). To secure an interview for this vacancy, the essential criteria (in order of application process) are: You'll be required to reach the minimum pass mark for the online Situational Judgement Test (SJT), which assesses criteria important for all roles in our organisation. You will be able to demonstrate good technical understanding of cyber security and networking protocols - to be assessed at sift. You will have experience of data analysis - to be assessed at sift. There is a wide range of extra support available throughout the recruitment process to enable you to perform at your best. Please visit our application page for information on the reasonable adjustments we can offer. What to expect Our recruitment process is fair, transparent, and based on merit. Here is a brief overview of each stage, in order: Online Situational Judgement Test (SJT) in which you rate the appropriateness of responses to a series of short scenarios. Application sift looking at your skills and motivation for the role and organisation. An online HR and Competency Interview. An in person interview looking at your technical skills. If successful, you'll receive a conditional offer of employment. Please note that you must successfully pass each stage of the process to progress to the next. Your application may take around 6 to 9 months to process, including vetting, so we advise you to continue any current employment until you receive your final job offer. Before you apply To work at MI5, you need to be a British citizen or hold dual British nationality. You can read our full eligibility criteria here. This role requires the highest security clearance, known as Developed Vetting (DV). It's something everyone in the UK Intelligence Community undertakes. You can find out more about the vetting process here. Please note we have a strict drugs policy. Once you start your application, you must not take any recreational drugs, and you'll need to declare your previous drug usage at the relevant stage. Before you apply, we advise you to consider setting up a separate email address for your contact with us, to ensure your personal and application correspondence remains separate. Try to avoid including identifying features in your email address, such as your first and/or surname and date of birth. This is good practice and will help you manage your application with us more securely. The role is based in Central London, so you'll need to live within a commutable distance. Please consider any financial implications and practicalities before submitting an application. A loan is available to support people relocating to London. . click apply for full job details
21/06/2026
Full time
Department Technology Roles Location(s) Central London £53,267 - £67,369 (depending on skills and experience) Flexible working: We support a range of flexible working patterns, including part-time, compressed hours, and some flexibility around start and finish times. This is an office-based role, so homeworking isn't available. Please visit our work-life balance page to find out more about flexible working. About us MI5 keeps the country safe from serious threats like terrorism and attempts by states to harm the UK, its people, and way of life. We carry out investigations by obtaining, analysing, and assessing intelligence, and then work with a range of partners including MI6 and GCHQ, to disrupt these threats. Through our protective security arm, we provide advice and guidance to government, businesses, and other organisations on how to keep themselves safe. A role in MI5 means you'll do unique and challenging work in a supportive and encouraging environment, making a real difference to UK national security. The role The UK faces growing threats to its cyber security. Staying ahead of rapidly evolving technological challenges and increasing demand from our partners is critical. That's why our cyber team works at pace to analyse data and detect malicious activity that could harm national security. As a Cyber Threat Intelligence Analyst, you'll support MI5's cyber threat work and partner strategy. Drawing on your significant experience, you'll identify, investigate, and analyse cyber threats, carrying out meaningful work that keeps the UK safe. Work spans a range of technical areas, offering real scope. Day to day activities may include carrying out network analysis, applying an understanding of internet protocols to review network indicators, events, and topologies. Alternatively, disk and memory forensics knowledge may be applied to operating system artefacts, files and malware. Responsibilities may involve producing accurate reports or developing analytical or workflow capabilities, creating a diverse mix of investigative cyber work. This role goes beyond supporting MI5's operations, involving close collaboration with partners across government, finance, and the wider public sector to help meet growing demand. Activities range from performing intricate cyber analysis tasks and briefing internal and external stakeholders to using a variety of cyber tools. The role offers a good level of autonomy, while also encouraging you to support others by listening, guiding, and advising. About you You don't need a specific degree to apply, but you'll need significant experience working in cyber security, networking protocols, and data analysis, as well as either network or host based forensics. You'll come from an applied cyber background, where you've gained experience in threat analysis, SOC analysis, threat intelligence, or similar. This may include experience in other government departments, law enforcement, or financial, regulatory, or legal institutions. Our cyber team uses a wide range of tools and technologies, so expertise in any one is not essential. You might have had exposure to forensic tools such as X Ways, FTK, and EnCase, or network and security analysis programmes including Elasticsearch, Splunk, and Wireshark. This will be supported by an awareness of coding and programming, allowing you to read and understand inputs. Working as part of a busy yet collaborative team, you'll be confident engaging with colleagues as well as external partners. With a well developed analytical mindset, an organised approach, and a natural technical curiosity, you'll think creatively to solve problems and seek to understand how and why incidents occur. There is an opportunity to turn findings into clear, well structured reports, so good written communication skills and the ability to confidently explain complex technical subjects to non technical audiences are essential. You'll be keen to continue developing your technical capability, making the most of learning opportunities to stay ahead in a rapidly evolving cyber landscape. Training and development When you join, you'll complete an organisation wide Induction Roadmap and meet with key partners, customers, and stakeholders to build an understanding of how the team operates within MI5. Alongside this, you'll take part in a departmental induction and team rotations, giving you the chance to learn by shadowing more experienced colleagues. There are plenty of opportunities to support your training and development throughout your career with us. You'll receive a yearly learning budget and personal learning days, as well as access to internal and external training courses, mentoring, and tailored support to help strengthen any gaps in your knowledge. You'll be encouraged to join the Cyber Technical Framework (CTF). This is how we assess the knowledge, skills, and attributes of our cyber technical specialists, while also providing support to help you to progress your career in ways that suit your ambitions. Membership of the CTF is based on an application process, supported by skills based assessments. Rewards and benefits You'll receive a starting salary of £53,267 plus other benefits, including: 25 days' annual leave, rising automatically to 30 days after 5 years' service, plus an additional 10.5 days of public and privilege holidays opportunities to be recognised through our employee performance scheme an interest free season ticket loan a cycle to work scheme facilities such as a gym, restaurant, and on site coffee bars (at some locations) paid parental and adoption leave Equal opportunities At MI5, diversity and inclusion are critical to our mission. To protect the UK, we need a truly diverse workforce that reflects the society we serve. This includes diversity in every sense of the word: people with different backgrounds, ages, ethnicities, gender identities, sexual orientations, ways of thinking, and those with disabilities or neuro divergent conditions. We therefore welcome and encourage applications from everyone, including those from groups that are underrepresented in our workforce, such as women, people from ethnic minority backgrounds, people with disabilities, and those from low socio economic backgrounds. Find out more about our culture, working environment and diversity on our website. We're Disability Confident MI5 is proud to have achieved Leader status within the DWP's Disability Confident scheme. This is aimed at encouraging employers to think differently about disability and take action to improve how they recruit, retain, and develop disabled people. Being Disability Confident, we aim to offer a fair and proportionate number of person to person interviews to any candidate who self identifies as disabled and meets the essential criteria for the role. This is our 'Offer of Interview' (OOI). To secure an interview for this vacancy, the essential criteria (in order of application process) are: You'll be required to reach the minimum pass mark for the online Situational Judgement Test (SJT), which assesses criteria important for all roles in our organisation. You will be able to demonstrate good technical understanding of cyber security and networking protocols - to be assessed at sift. You will have experience of data analysis - to be assessed at sift. There is a wide range of extra support available throughout the recruitment process to enable you to perform at your best. Please visit our application page for information on the reasonable adjustments we can offer. What to expect Our recruitment process is fair, transparent, and based on merit. Here is a brief overview of each stage, in order: Online Situational Judgement Test (SJT) in which you rate the appropriateness of responses to a series of short scenarios. Application sift looking at your skills and motivation for the role and organisation. An online HR and Competency Interview. An in person interview looking at your technical skills. If successful, you'll receive a conditional offer of employment. Please note that you must successfully pass each stage of the process to progress to the next. Your application may take around 6 to 9 months to process, including vetting, so we advise you to continue any current employment until you receive your final job offer. Before you apply To work at MI5, you need to be a British citizen or hold dual British nationality. You can read our full eligibility criteria here. This role requires the highest security clearance, known as Developed Vetting (DV). It's something everyone in the UK Intelligence Community undertakes. You can find out more about the vetting process here. Please note we have a strict drugs policy. Once you start your application, you must not take any recreational drugs, and you'll need to declare your previous drug usage at the relevant stage. Before you apply, we advise you to consider setting up a separate email address for your contact with us, to ensure your personal and application correspondence remains separate. Try to avoid including identifying features in your email address, such as your first and/or surname and date of birth. This is good practice and will help you manage your application with us more securely. The role is based in Central London, so you'll need to live within a commutable distance. Please consider any financial implications and practicalities before submitting an application. A loan is available to support people relocating to London. . click apply for full job details
Salary: £60,000 - 90,000 per year Requirements We are seeking around five years of hands on experience in threat hunting, cyber threat detection, SOC, blue team, or cyber defence environments. We require strong hands on experience with SIEM platforms, including Microsoft Sentinel (KQL), Splunk (SPL), and Elastic Security/Kibana (KQL, ESQL). We need practical understanding of MITRE ATT&CK, attacker techniques, and adversary tradecraft. We value experience working with indicators of compromise and threat intelligence feeds. We require solid experience across the security event lifecycle, including detection, investigation, and incident management. We need hands on experience with EDR/XDR technologies such as Microsoft Defender, CrowdStrike, SentinelOne, or Carbon Black. We require strong knowledge of networking fundamentals, including TCP/IP, DNS, HTTP/S, firewalls, VPNs, and proxy technologies. We need experience analysing telemetry from Windows, Linux, identity, endpoint, and network sources. We are looking for a strong analytical mindset with the ability to clearly communicate findings, impact, and risk. SANS/GIAC certifications are highly beneficial, including GCIH, GCIA, GCED, GCTI, GMON, GDAT, and GCAT. Offensive security or threat intelligence credentials such as OSCP or CREST certifications are highly desirable. Microsoft SC-200 or related detection and response certifications are also beneficial. Responsibilities We conduct proactive threat hunting across log, endpoint, and network telemetry to identify suspicious, stealthy, or previously unknown threats. We develop and execute hunt hypotheses aligned to MITRE ATT&CK tactics, techniques, procedures, adversary behaviours, and emerging threat intelligence. We write, refine, and optimise SIEM queries using KQL, SPL, Elastic/ESQL, and Kibana Query Language. We perform IOC analysis, enrichment, and validation using internal and external threat intelligence sources. We lead investigations from initial detection through scoping, root cause analysis, and impact assessment. We support incident management and incident response activities, including containment, remediation, escalation, and lessons learned. We collaborate closely with SOC teams, incident responders, red teams, and purple teams to validate detections and improve defensive coverage. We contribute to detection logic improvements, use case development, and continuous enhancement of hunting methodologies. We produce clear investigation write ups, timelines, and recommendations for technical and non technical stakeholders. Technologies HTTP Support Kibana Linux Network Security Splunk TCP/IP Windows More We are an advanced cyber defence team based on site in Wokingham, Berkshire, offering a competitive salary dependent on experience, excellent benefits, and training. This is a hands on cyber threat detection role focused on proactive hunting, adversary behaviour analysis, and high fidelity detection across enterprise environments. We are open to experienced SOC Analysts who have spent a significant part of their role on investigations, threat hunting, and proactive detection and who are looking to grow in a more hunting led environment. The role is well suited to analysts who enjoy thinking like an attacker and want to deepen their expertise in threat detection and detection engineering. Security clearance is ideally SC cleared or eligible for SC. last updated 25 week of 2026
21/06/2026
Full time
Salary: £60,000 - 90,000 per year Requirements We are seeking around five years of hands on experience in threat hunting, cyber threat detection, SOC, blue team, or cyber defence environments. We require strong hands on experience with SIEM platforms, including Microsoft Sentinel (KQL), Splunk (SPL), and Elastic Security/Kibana (KQL, ESQL). We need practical understanding of MITRE ATT&CK, attacker techniques, and adversary tradecraft. We value experience working with indicators of compromise and threat intelligence feeds. We require solid experience across the security event lifecycle, including detection, investigation, and incident management. We need hands on experience with EDR/XDR technologies such as Microsoft Defender, CrowdStrike, SentinelOne, or Carbon Black. We require strong knowledge of networking fundamentals, including TCP/IP, DNS, HTTP/S, firewalls, VPNs, and proxy technologies. We need experience analysing telemetry from Windows, Linux, identity, endpoint, and network sources. We are looking for a strong analytical mindset with the ability to clearly communicate findings, impact, and risk. SANS/GIAC certifications are highly beneficial, including GCIH, GCIA, GCED, GCTI, GMON, GDAT, and GCAT. Offensive security or threat intelligence credentials such as OSCP or CREST certifications are highly desirable. Microsoft SC-200 or related detection and response certifications are also beneficial. Responsibilities We conduct proactive threat hunting across log, endpoint, and network telemetry to identify suspicious, stealthy, or previously unknown threats. We develop and execute hunt hypotheses aligned to MITRE ATT&CK tactics, techniques, procedures, adversary behaviours, and emerging threat intelligence. We write, refine, and optimise SIEM queries using KQL, SPL, Elastic/ESQL, and Kibana Query Language. We perform IOC analysis, enrichment, and validation using internal and external threat intelligence sources. We lead investigations from initial detection through scoping, root cause analysis, and impact assessment. We support incident management and incident response activities, including containment, remediation, escalation, and lessons learned. We collaborate closely with SOC teams, incident responders, red teams, and purple teams to validate detections and improve defensive coverage. We contribute to detection logic improvements, use case development, and continuous enhancement of hunting methodologies. We produce clear investigation write ups, timelines, and recommendations for technical and non technical stakeholders. Technologies HTTP Support Kibana Linux Network Security Splunk TCP/IP Windows More We are an advanced cyber defence team based on site in Wokingham, Berkshire, offering a competitive salary dependent on experience, excellent benefits, and training. This is a hands on cyber threat detection role focused on proactive hunting, adversary behaviour analysis, and high fidelity detection across enterprise environments. We are open to experienced SOC Analysts who have spent a significant part of their role on investigations, threat hunting, and proactive detection and who are looking to grow in a more hunting led environment. The role is well suited to analysts who enjoy thinking like an attacker and want to deepen their expertise in threat detection and detection engineering. Security clearance is ideally SC cleared or eligible for SC. last updated 25 week of 2026
Salary: £? - ? per year Requirements: Current Developed Vetting (DV) clearance is essential. Strong experience administering and tuning SIEM and SOAR platforms. Hands on experience with technologies such as Elastic, Trend Micro, Tripwire, Tanium, Clearswift, and SolarWinds. Experience in threat hunting, incident response, digital forensics, and malware analysis. Strong understanding of Windows and Linux environments. Experience writing and tuning detection signatures, correlation rules, and monitoring use cases. Knowledge of log collection, aggregation, and analysis technologies including ELK Stack, Syslog, and Windows Event Forwarding. Experience with scripting and automation using Python, PowerShell, Bash, Perl, or similar. Understanding of network forensics, threat intelligence, and cyber threat detection methodologies. Knowledge of ISO 27001:2022, MITRE ATT&CK, and IT Service Management principles. Responsibilities: Maintain and optimise SOC Protect, Detect, and Respond tooling. Configure, implement, and support new security monitoring technologies. Develop detection rules, correlation logic, automation scripts, and response playbooks. Manage vulnerability scanning platforms and contribute to wider SOC strategy. Integrate and onboard standard and non standard log sources into SIEM platforms. Monitor, investigate, and respond to security incidents and emerging threats. Conduct forensic investigations and malware analysis, producing actionable intelligence and Indicators of Compromise (IoCs). Tune and enhance SIEM, SOAR, EDR, DLP, email security, and intrusion detection technologies. Analyse attacker tactics, techniques, and procedures (TTPs) using frameworks such as MITRE ATT&CK. Produce dashboards, reports, and recommendations to improve security posture. Ensure adherence to operational processes, SLAs, KPIs, and security policies. Drive continuous improvement across SOC processes, tooling, and service delivery. Technologies: Bash ELK Support Linux Network Perl PowerShell Python Security Windows We are seeking an experienced Senior SOC Analyst to join a high performing Cyber Security Operations Centre supporting critical national security environments. This is a long term contract opportunity of 9 months plus, offered inside IR35, with a day rate of £575 to £630. The role is based in Corsham or Portsmouth. We work at the forefront of cyber defence, supporting complex enterprise environments and strengthening cyber resilience through threat detection, incident response, vulnerability management, and continuous improvement of our security monitoring capabilities.
21/06/2026
Full time
Salary: £? - ? per year Requirements: Current Developed Vetting (DV) clearance is essential. Strong experience administering and tuning SIEM and SOAR platforms. Hands on experience with technologies such as Elastic, Trend Micro, Tripwire, Tanium, Clearswift, and SolarWinds. Experience in threat hunting, incident response, digital forensics, and malware analysis. Strong understanding of Windows and Linux environments. Experience writing and tuning detection signatures, correlation rules, and monitoring use cases. Knowledge of log collection, aggregation, and analysis technologies including ELK Stack, Syslog, and Windows Event Forwarding. Experience with scripting and automation using Python, PowerShell, Bash, Perl, or similar. Understanding of network forensics, threat intelligence, and cyber threat detection methodologies. Knowledge of ISO 27001:2022, MITRE ATT&CK, and IT Service Management principles. Responsibilities: Maintain and optimise SOC Protect, Detect, and Respond tooling. Configure, implement, and support new security monitoring technologies. Develop detection rules, correlation logic, automation scripts, and response playbooks. Manage vulnerability scanning platforms and contribute to wider SOC strategy. Integrate and onboard standard and non standard log sources into SIEM platforms. Monitor, investigate, and respond to security incidents and emerging threats. Conduct forensic investigations and malware analysis, producing actionable intelligence and Indicators of Compromise (IoCs). Tune and enhance SIEM, SOAR, EDR, DLP, email security, and intrusion detection technologies. Analyse attacker tactics, techniques, and procedures (TTPs) using frameworks such as MITRE ATT&CK. Produce dashboards, reports, and recommendations to improve security posture. Ensure adherence to operational processes, SLAs, KPIs, and security policies. Drive continuous improvement across SOC processes, tooling, and service delivery. Technologies: Bash ELK Support Linux Network Perl PowerShell Python Security Windows We are seeking an experienced Senior SOC Analyst to join a high performing Cyber Security Operations Centre supporting critical national security environments. This is a long term contract opportunity of 9 months plus, offered inside IR35, with a day rate of £575 to £630. The role is based in Corsham or Portsmouth. We work at the forefront of cyber defence, supporting complex enterprise environments and strengthening cyber resilience through threat detection, incident response, vulnerability management, and continuous improvement of our security monitoring capabilities.
