Select how often (in days) to receive an alert: Colt provides network, voice and data centre services to thousands of businesses around the world, allowing them to focus on delivering their business goals instead of the underlying infrastructure. Why we need this role We're looking for a visionary cybersecurity leader to drive the transformation of our global Security Operations Center. Reporting to the Chief Security Officer, you will architect and scale a next generation SOC - advancing incident response, integrating cutting edge threat intelligence, and strengthening the systems that protect and sustain our digital operations. This is an opportunity to build something exceptional and lead a team that redefines how we approach cyber defence and resilience. What you will do Lead, develop, and inspire a high performing team of SOC analysts and engineers. Define and implement cyber defence strategies aligned with business priorities and risk posture. Act as the senior escalation point for complex security incidents and coordinate cross functional responses. Threat and Vulnerability Management Integrate advanced threat intelligence into detection and response workflows to identify emerging threats proactively. Develop an automated, risk based vulnerability management programme to reduce attack surface. Collaborate with intelligence sharing communities to enhance situational awareness. Translate threat intelligence into actionable security measures for stakeholders. Oversee monitoring and analysis of network traffic, IDS alerts, and security logs. Ensure accurate prioritisation and build high fidelity alerting. Lead escalation and resolution efforts across internal and external partners. Build a proactive threat hunting capability and partner with industry experts. Enhance security monitoring tools, processes, and detection logic. Stay ahead of current vulnerabilities, attack techniques, and countermeasures. Ensure thorough documentation of cases, procedures, and investigations. What we're looking for Technical Expertise Deep understanding of security operations, threat intelligence and incident response frameworks. Knowledge of intrusion detection, operating systems (Windows/UNIX), web technologies and telco networks.Hands on experience developing custom detections and leading threat hunting. Familiarity with cloud security operations and automation/orchestration. Telecoms experience is a strong advantage. Leadership Skills Excellent communication skills with the ability to simplify complex concepts. Proven experience leading global teams and making decisions in high ambiguity environments. Strong analytical and problem solving skills for complex security challenges. Ability to build strong, collaborative relationships across a global organisation. A growth mindset - resilient, curious, and solutions oriented. Preferred Experience 8+ years in cybersecurity operations, with at least 3 in a leadership role. Experience integrating threat intelligence into SOC workflows. Certifications such as CISSP, GIAC or equivalent are a plus. What we offer you: Looking to make a mark? At Colt, you'll make a difference. Because around here, we empower people. We don't tell you what to do. Instead, we employ people we trust, who come together across the globe to create intelligent solutions. Our global teams are full of ambitious, driven people, all working together towards one shared purpose: to put the power of the digital universe in the hands of our customers wherever, whenever and however they want. We give our people the opportunity to inspire and lead teams, and work on projects that connect people, cities, businesses, and ideas. We want you to help us change the world, for the better. Diversity and inclusion Inclusion and valuing diversity of thought and experience are at the heart of our culture here at Colt. From day one, you'll be encouraged to be yourself because we believe that's what helps our people to thrive. We welcome people with diverse backgrounds and experiences, regardless of their gender identity or expression, sexual orientation, race, religion, disability, neurodiversity, age, marital status, pregnancy status, or place of birth. Most recently we have: Signed the UN Women Empowerment Principles which guide our Gender Action Plan Trained 60 (and growing) Colties to be Mental Health First Aiders Please speak with a member of our recruitment team if you require adjustments to our recruitment process to support you. For more information about our Inclusion and Diversity agenda, visit our DEI pages. Our benefits support you through all parts of life, for both physical and mental health. Flexible working hours and the option to work from home. Extensive induction program with experienced mentors and buddies. Opportunities for further development and educational opportunities. Global Family Leave Policy. Employee Assistance Program. Internal inclusion & diversity employee networks. A global network When you join Colt you become part of our global network. We are proud of our colleagues and the stories and experience they bring - take a look at 'Our People' site including our Empowered Women in Tech. Job Segment: Operations Manager, Data Center, Cyber Security, Work from Home, Unix, Operations, Technology, Security, Contract
Feb 12, 2026
Full time
Select how often (in days) to receive an alert: Colt provides network, voice and data centre services to thousands of businesses around the world, allowing them to focus on delivering their business goals instead of the underlying infrastructure. Why we need this role We're looking for a visionary cybersecurity leader to drive the transformation of our global Security Operations Center. Reporting to the Chief Security Officer, you will architect and scale a next generation SOC - advancing incident response, integrating cutting edge threat intelligence, and strengthening the systems that protect and sustain our digital operations. This is an opportunity to build something exceptional and lead a team that redefines how we approach cyber defence and resilience. What you will do Lead, develop, and inspire a high performing team of SOC analysts and engineers. Define and implement cyber defence strategies aligned with business priorities and risk posture. Act as the senior escalation point for complex security incidents and coordinate cross functional responses. Threat and Vulnerability Management Integrate advanced threat intelligence into detection and response workflows to identify emerging threats proactively. Develop an automated, risk based vulnerability management programme to reduce attack surface. Collaborate with intelligence sharing communities to enhance situational awareness. Translate threat intelligence into actionable security measures for stakeholders. Oversee monitoring and analysis of network traffic, IDS alerts, and security logs. Ensure accurate prioritisation and build high fidelity alerting. Lead escalation and resolution efforts across internal and external partners. Build a proactive threat hunting capability and partner with industry experts. Enhance security monitoring tools, processes, and detection logic. Stay ahead of current vulnerabilities, attack techniques, and countermeasures. Ensure thorough documentation of cases, procedures, and investigations. What we're looking for Technical Expertise Deep understanding of security operations, threat intelligence and incident response frameworks. Knowledge of intrusion detection, operating systems (Windows/UNIX), web technologies and telco networks.Hands on experience developing custom detections and leading threat hunting. Familiarity with cloud security operations and automation/orchestration. Telecoms experience is a strong advantage. Leadership Skills Excellent communication skills with the ability to simplify complex concepts. Proven experience leading global teams and making decisions in high ambiguity environments. Strong analytical and problem solving skills for complex security challenges. Ability to build strong, collaborative relationships across a global organisation. A growth mindset - resilient, curious, and solutions oriented. Preferred Experience 8+ years in cybersecurity operations, with at least 3 in a leadership role. Experience integrating threat intelligence into SOC workflows. Certifications such as CISSP, GIAC or equivalent are a plus. What we offer you: Looking to make a mark? At Colt, you'll make a difference. Because around here, we empower people. We don't tell you what to do. Instead, we employ people we trust, who come together across the globe to create intelligent solutions. Our global teams are full of ambitious, driven people, all working together towards one shared purpose: to put the power of the digital universe in the hands of our customers wherever, whenever and however they want. We give our people the opportunity to inspire and lead teams, and work on projects that connect people, cities, businesses, and ideas. We want you to help us change the world, for the better. Diversity and inclusion Inclusion and valuing diversity of thought and experience are at the heart of our culture here at Colt. From day one, you'll be encouraged to be yourself because we believe that's what helps our people to thrive. We welcome people with diverse backgrounds and experiences, regardless of their gender identity or expression, sexual orientation, race, religion, disability, neurodiversity, age, marital status, pregnancy status, or place of birth. Most recently we have: Signed the UN Women Empowerment Principles which guide our Gender Action Plan Trained 60 (and growing) Colties to be Mental Health First Aiders Please speak with a member of our recruitment team if you require adjustments to our recruitment process to support you. For more information about our Inclusion and Diversity agenda, visit our DEI pages. Our benefits support you through all parts of life, for both physical and mental health. Flexible working hours and the option to work from home. Extensive induction program with experienced mentors and buddies. Opportunities for further development and educational opportunities. Global Family Leave Policy. Employee Assistance Program. Internal inclusion & diversity employee networks. A global network When you join Colt you become part of our global network. We are proud of our colleagues and the stories and experience they bring - take a look at 'Our People' site including our Empowered Women in Tech. Job Segment: Operations Manager, Data Center, Cyber Security, Work from Home, Unix, Operations, Technology, Security, Contract
Cyber Security Analyst Reference: JAN Location: Flexible in England - With Travel Contract: Permanent Hours: Full-time, 37.5 hours per week Salary: £51,549.00 - £55,035.00 Per Annum Benefits: Pension Scheme, Life Assurance Scheme, 34 days' Annual Leave This organisation is seeking a pragmatic, hands-on Cyber Security Analyst to help mature their security function. This role will work closely with an outsourced SOC provider and internal teams to triage and investigate security events, support supplier security assurance, provide risk-based advice across the organisation, and drive automation of security processes and tooling. This is a hands-on role suited to someone who enjoys problem-solving, working across teams, and improving how security is delivered in a complex, mission-driven organisation. Key Areas of Responsibility: Security Monitoring & Incident Support Act as the internal focal point with the outsourced SOC provider - ensuring effective communication, follow-up, and escalation of alerts. Triage, investigate, and support resolution of security events and incidents. Contribute to lessons learned and improvements following incidents. Lead the instantiation of the Cyber Security Incident Response Team (CSIRT) and associated processes and playbooks Supplier & Third-Party Security Assess cyber security risk for key suppliers and partners. Review supplier security documentation, raise concerns, and help negotiate security requirements. Risk & Advice Provide pragmatic, risk-based security guidance to internal teams and respond to ad-hoc queries. Help develop and maintain security standards and processes that reflect organisational risk tolerances. Advise system owners and project managers on pen testing approach and scope Run simulated phishing campaigns and produce security awareness communications Automation & Process Improvement Identify and implement opportunities to automate security detection, response, reporting, and remediation workflows. Work with the SOC and internal technical teams to refine alert logic, improve data quality, and reduce manual effort. Help optimise security tools (e.g., SIEM, EDR, ticketing, dashboards). General Develop and produce regular Security reports for senior management. Monitor and respond to queries in group mailbox Essential skills, knowledge, & experience: 5 years' experience in a cyber security, IT security, or technology risk role Practical, demonstrable experience of working with a SOC (internal or outsourced) and investigating cyber security incidents using best practice methodologies and tools Good understanding of cyber risk concepts, controls, and technical security tools. Strong communication skills with both technical and non-technical stakeholders and experience producing communications materials and reports Relevant security certifications/qualifications (e.g. CISSP, SSCP, GCIA, CEH, CompTIA) Knowledge of UK best practice frameworks (e.g., NCSC guidance, PCI DSS, ISO 27001, Cyber Essentials). Scripting or practical automation experience. Experience assessing third-party/supplier security risk. Demonstrated passion for and experience in improving security processes and utilising automation to achieve this Experience with threat hunting and horizon scanning Strong technical security knowledge of networking technologies, IDAM, EDR/XDR Experience supporting security and compliance audit activities Personal Attributes Pragmatic and solutions-focused, with an ability to balance risk and usability Curious and motivated to improve and automate how security operates Comfortable working in a developing security function where processes are evolving Collaborative and supportive, with a strong sense of ownership Aligned with the values and mission of the organisation What Success Looks Like Efficient, risk-focused handling of alerts & incidents alongside the SOC partner. Clear, up-to-date internal security standards and processes. Reduced manual effort through practical automation improvements. Strong supplier security assurance controls supporting risk-based decision-making. Additional Information This role will be home-based with occasional travel to the employers head office or other UK locations (generally one/two days per month). This is a permanent, full-time role for 37.5 hours per week. Closing date: 23:59, Sunday 22nd February 2026 The employer is looking to conduct first interviews for this position on Thursday, February the 26th and Monday, March the 2nd. N.B. If you are interested in applying for this role we recommend doing so asap as the employer reserves the right to close this advert early should the demand be especially high. Interested? Please click the job board apply button to be taken to the next stage where you can find out more information and complete your application by following the instructions (you may need to scroll down). The employer is committed to developing an inclusive and diverse organisation, in which everyone feels supported, valued, and able to be their full selves. To achieve their vision of creating a world richer in nature, they need more people, and more diverse people, on nature's side. People of colour and disabled people are currently underrepresented across the environment, climate, sustainability, and conservation sector. If you identify as a person of colour and/or disabled, they are particularly interested in receiving your application. The organisation is an equal opportunities employer. This role is covered by the Rehabilitation of Offenders Act 1974. This role is not eligible for UK Visa Sponsorship - the successful applicant will need to have a pre-existing Right to Work in the UK in order to be offered an employment contract. No agencies please.
Feb 09, 2026
Full time
Cyber Security Analyst Reference: JAN Location: Flexible in England - With Travel Contract: Permanent Hours: Full-time, 37.5 hours per week Salary: £51,549.00 - £55,035.00 Per Annum Benefits: Pension Scheme, Life Assurance Scheme, 34 days' Annual Leave This organisation is seeking a pragmatic, hands-on Cyber Security Analyst to help mature their security function. This role will work closely with an outsourced SOC provider and internal teams to triage and investigate security events, support supplier security assurance, provide risk-based advice across the organisation, and drive automation of security processes and tooling. This is a hands-on role suited to someone who enjoys problem-solving, working across teams, and improving how security is delivered in a complex, mission-driven organisation. Key Areas of Responsibility: Security Monitoring & Incident Support Act as the internal focal point with the outsourced SOC provider - ensuring effective communication, follow-up, and escalation of alerts. Triage, investigate, and support resolution of security events and incidents. Contribute to lessons learned and improvements following incidents. Lead the instantiation of the Cyber Security Incident Response Team (CSIRT) and associated processes and playbooks Supplier & Third-Party Security Assess cyber security risk for key suppliers and partners. Review supplier security documentation, raise concerns, and help negotiate security requirements. Risk & Advice Provide pragmatic, risk-based security guidance to internal teams and respond to ad-hoc queries. Help develop and maintain security standards and processes that reflect organisational risk tolerances. Advise system owners and project managers on pen testing approach and scope Run simulated phishing campaigns and produce security awareness communications Automation & Process Improvement Identify and implement opportunities to automate security detection, response, reporting, and remediation workflows. Work with the SOC and internal technical teams to refine alert logic, improve data quality, and reduce manual effort. Help optimise security tools (e.g., SIEM, EDR, ticketing, dashboards). General Develop and produce regular Security reports for senior management. Monitor and respond to queries in group mailbox Essential skills, knowledge, & experience: 5 years' experience in a cyber security, IT security, or technology risk role Practical, demonstrable experience of working with a SOC (internal or outsourced) and investigating cyber security incidents using best practice methodologies and tools Good understanding of cyber risk concepts, controls, and technical security tools. Strong communication skills with both technical and non-technical stakeholders and experience producing communications materials and reports Relevant security certifications/qualifications (e.g. CISSP, SSCP, GCIA, CEH, CompTIA) Knowledge of UK best practice frameworks (e.g., NCSC guidance, PCI DSS, ISO 27001, Cyber Essentials). Scripting or practical automation experience. Experience assessing third-party/supplier security risk. Demonstrated passion for and experience in improving security processes and utilising automation to achieve this Experience with threat hunting and horizon scanning Strong technical security knowledge of networking technologies, IDAM, EDR/XDR Experience supporting security and compliance audit activities Personal Attributes Pragmatic and solutions-focused, with an ability to balance risk and usability Curious and motivated to improve and automate how security operates Comfortable working in a developing security function where processes are evolving Collaborative and supportive, with a strong sense of ownership Aligned with the values and mission of the organisation What Success Looks Like Efficient, risk-focused handling of alerts & incidents alongside the SOC partner. Clear, up-to-date internal security standards and processes. Reduced manual effort through practical automation improvements. Strong supplier security assurance controls supporting risk-based decision-making. Additional Information This role will be home-based with occasional travel to the employers head office or other UK locations (generally one/two days per month). This is a permanent, full-time role for 37.5 hours per week. Closing date: 23:59, Sunday 22nd February 2026 The employer is looking to conduct first interviews for this position on Thursday, February the 26th and Monday, March the 2nd. N.B. If you are interested in applying for this role we recommend doing so asap as the employer reserves the right to close this advert early should the demand be especially high. Interested? Please click the job board apply button to be taken to the next stage where you can find out more information and complete your application by following the instructions (you may need to scroll down). The employer is committed to developing an inclusive and diverse organisation, in which everyone feels supported, valued, and able to be their full selves. To achieve their vision of creating a world richer in nature, they need more people, and more diverse people, on nature's side. People of colour and disabled people are currently underrepresented across the environment, climate, sustainability, and conservation sector. If you identify as a person of colour and/or disabled, they are particularly interested in receiving your application. The organisation is an equal opportunities employer. This role is covered by the Rehabilitation of Offenders Act 1974. This role is not eligible for UK Visa Sponsorship - the successful applicant will need to have a pre-existing Right to Work in the UK in order to be offered an employment contract. No agencies please.
The Role We're looking for a Senior Content Engineer to help us research, plan, and create advanced content and virtual labs for our online courses. The ideal candidate has extensive experience in blue team cyber security roles and a strong background in training content development. Technical Skills & Experience To be considered for this opportunity, you must have at least 5 years of relevant cyber security industry experience in roles such as L3/L4 SOC Analyst, Security Engineer, Incident Responder, Threat Hunter or Digital Forensics Investigator. You should also demonstrate: Strong expertise in core blue team areas: incident detection and response, threat intelligence, log analysis, security monitoring, and digital forensics. A deep understanding of networking, computing, and operating systems as they relate to security practices. Familiarity with blue team tooling (e.g., SIEM, EDR, IDS/IPS, forensic tools) and methodologies (e.g., MITRE ATT&CK framework, log analysis, malware analysis). Proven ability to research and adapt to emerging threats and technologies and translate that knowledge into engaging training content. Strong verbal and written English communication skills, essential for conveying complex technical concepts. Job Responsibilities Research, design, and develop defensive cyber security training material with supporting hands-on lab exercises (such as virtual machines and datasets for analysis). Collaborate with the Content Engineering Team to support security training coverage and identify content development opportunities. Experience developing and configuring virtual machines and sample datasets for realistic cybersecurity labs. Provide guidance and support to other Content Engineering Team members in areas of expertise. Take charge of planning and designing portions of the content development roadmap. Collaborate with the Head of Content Engineering to continuously improve the content development process. Analyze industry trends in tooling and techniques and recreate them as teachable content. Strategically plan, review, and schedule content with our blue team content engineering team. Preferred Skills (nice-to-have): Creating challenges for capture the flags (CTFs) Programming experience in any of the following: Python, PHP, Bash, Powershell Experience leading/ coaching/ mentoring others Certifications such as GIAC Certified Incident Handler (GCIH), GIAC Certified Enterprise Defender (GCED), Certified SOC Analyst (CSA), Certified Forensic Analyst (GCFA), CompTIA CySA+, BTL2 Benefits & Perks 100% Remote - In a fully digital world, work from anywhere you want! Flexi Time - Choose your own hours as long as you have at least 4 hours of overlap with the UK timezone (from 8am - 6pm) Tools - a dedicated work laptop + any accessories you need to do your best work. Swag Pack - start your TryHackMe journey with a branded swag bundle! Personal Development - £2,500 training budget to acquire certifications, and more. Company Retreat - an annual company retreat, fully paid for by us! Lunch on us - whether you're a pizza-lover, salad obsessed or a big sushi fan, TryHackMe will cover the cost of your lunch order during our recurring company virtual lunches. Health Insurance - if you're in a country that doesn't have public health care. Enhanced Maternity & Paternity - an enhanced package on top of statutory requirements. 401k / Pension - TryHackMe makes it easy to save money for your retirement. Our Hiring Process Stage 1: Short introduction call (30 mins) Stage 2: Technical Take Home Exercise (part 1 & 2) Stage 3: Interview with our Head of Content Engineering (one hour) Stage 4: Final call with a Co-Founder (30 mins) At this time, we are unable to provide sponsorship.
Feb 07, 2026
Full time
The Role We're looking for a Senior Content Engineer to help us research, plan, and create advanced content and virtual labs for our online courses. The ideal candidate has extensive experience in blue team cyber security roles and a strong background in training content development. Technical Skills & Experience To be considered for this opportunity, you must have at least 5 years of relevant cyber security industry experience in roles such as L3/L4 SOC Analyst, Security Engineer, Incident Responder, Threat Hunter or Digital Forensics Investigator. You should also demonstrate: Strong expertise in core blue team areas: incident detection and response, threat intelligence, log analysis, security monitoring, and digital forensics. A deep understanding of networking, computing, and operating systems as they relate to security practices. Familiarity with blue team tooling (e.g., SIEM, EDR, IDS/IPS, forensic tools) and methodologies (e.g., MITRE ATT&CK framework, log analysis, malware analysis). Proven ability to research and adapt to emerging threats and technologies and translate that knowledge into engaging training content. Strong verbal and written English communication skills, essential for conveying complex technical concepts. Job Responsibilities Research, design, and develop defensive cyber security training material with supporting hands-on lab exercises (such as virtual machines and datasets for analysis). Collaborate with the Content Engineering Team to support security training coverage and identify content development opportunities. Experience developing and configuring virtual machines and sample datasets for realistic cybersecurity labs. Provide guidance and support to other Content Engineering Team members in areas of expertise. Take charge of planning and designing portions of the content development roadmap. Collaborate with the Head of Content Engineering to continuously improve the content development process. Analyze industry trends in tooling and techniques and recreate them as teachable content. Strategically plan, review, and schedule content with our blue team content engineering team. Preferred Skills (nice-to-have): Creating challenges for capture the flags (CTFs) Programming experience in any of the following: Python, PHP, Bash, Powershell Experience leading/ coaching/ mentoring others Certifications such as GIAC Certified Incident Handler (GCIH), GIAC Certified Enterprise Defender (GCED), Certified SOC Analyst (CSA), Certified Forensic Analyst (GCFA), CompTIA CySA+, BTL2 Benefits & Perks 100% Remote - In a fully digital world, work from anywhere you want! Flexi Time - Choose your own hours as long as you have at least 4 hours of overlap with the UK timezone (from 8am - 6pm) Tools - a dedicated work laptop + any accessories you need to do your best work. Swag Pack - start your TryHackMe journey with a branded swag bundle! Personal Development - £2,500 training budget to acquire certifications, and more. Company Retreat - an annual company retreat, fully paid for by us! Lunch on us - whether you're a pizza-lover, salad obsessed or a big sushi fan, TryHackMe will cover the cost of your lunch order during our recurring company virtual lunches. Health Insurance - if you're in a country that doesn't have public health care. Enhanced Maternity & Paternity - an enhanced package on top of statutory requirements. 401k / Pension - TryHackMe makes it easy to save money for your retirement. Our Hiring Process Stage 1: Short introduction call (30 mins) Stage 2: Technical Take Home Exercise (part 1 & 2) Stage 3: Interview with our Head of Content Engineering (one hour) Stage 4: Final call with a Co-Founder (30 mins) At this time, we are unable to provide sponsorship.
SOC Analyst Manchester, Cheltenham or London Today, it is an unavoidable fact that your business critical infrastructure and systems are at risk of attack. The key to good security is a clear understanding of what is most critical to the business. Where you do not have enough internal resources, time or skills to monitor and manage your IT environment 24/7, NCC Group can help, freeing up your skilled employees to focus on value-add activity.NCC Group provide a range of managed and hosted services delivered from our UK based Security Operations Centre SOC which operates 24/7, 365 days a year. Our team of over 30 accredited security experts are available 24/7, dealing daily with over 200 million log events and providing support for over 5,000 network devices.NCC Group's Cloud XDR Team provide a world class Extended Detection and Response (XDR) services; detecting, responding and mitigating cyber-attacks on our customers networks in our Security Operations Centres using the Microsoft Sentinel ecosystem.The Cloud XDR Team are looking for XDR Security Analysts with a passion for security to join the team to help the customers get the most out of our services and to protect their networks.This is an opportunity to join a technically advanced and talented team and help NCC Group build and deliver world class services to our customers.This role is ideal for a seasoned SOC Analyst with experience in cyber security looking to broaden their scope of cyber skills with a strong focus on detection and response to cyber incidents Summary Monitor global systems looking for potential threats, vulnerabilities and indicators of compromise. Perform in-depth analysis of security alerts utilizing Microsoft XDR suite (Sentinel/Defender etc) Provide Incident remediation and prevention documentation and recommendations to customers based on defined procedures and analyst experience. Document and conform to processes related to security monitoring procedures. Provide customer service that exceeds our customers' expectations at all times. Initiate escalation procedure to counteract potential threats, vulnerabilities and threat actors. Compilation and review of service focused reporting. Act as an escalation point for more junior members of the team, providing assistance and mentoring where necessary. Providing assistance to Senior Cyber Security Analysts on Threat Hunting engagements. Contributing to the continuous improvement of SOC procedures and documentation. Perform other duties as assigned. What we are looking for in you Practical knowledge of security and networking toolsets such including Microsofts XDR suite (Sentinel/Defender) Pre-existing, in-depth knowledge of common network protocols and endpoint detection/forensics Pre-existing, in-depth knowledge of Windows and Linux based operating systems. Experience in the extensive analysis of common security incidents. Experience in endpoint Ability to stay calm in highly sensitive and high pressure incidents. Certification s The following certifications are desirable, but not a requirement. Successful candidates that do not possess these certifications may be tasked with working towards them at the beginning of their employment: Azure based certifications (SC-200,AZ-500,MS-500) CREST CPSA / CRIA / CMRE / CNIA / CHIA CompTIA Security+ CompTIA Network+ Other relevant certifications. Ways of working Focusing on Clients and Customers. Working as One NCC.Always Learning.Being Inclusive and Respectful.Delivering Brilliantly. Our company At NCC Group, our mission is to create a more secure digital future. That mission underpins everything we do, from our work with our incredible clients to groundbreaking research shaping our industry. Our teams' partner with clients across a multitude of industries, delving into, securing new products, and emerging technologies, as well as solving complex security problems. As global leaders in cyber and escrow, NCC Group is a people-powered business seeking the next group of brilliant minds to join our ranks. Our colleagues are our greatest asset, and NCC Group is committed to providing an inclusive and supportive work environment that fosters creativity, collaboration, authenticity, and accountability. We want colleagues to put down roots at NCC Group, and we offer a comprehensive benefits package, as well as opportunities for learning and development and career growth. We believe our people are at their brilliant best when they feel bolstered in all aspects of their well-being, and we offer wellness programs and flexible working arrangements to provide that vital support.We have a high-performance culture which is balanced evenly with world-class well-being initiatives and benefits:Flexible working Financial & InvestmentPensionLife AssuranceShare Save SchemeMaternity & Paternity leaveCommunity & Volunteering Programmes Green Car Scheme Cycle Scheme Employee Referral Program Lifestyle & Wellness Learning & Development Diversity & Inclusion If this sounds like the right opportunity for you, then we would love to hear from you! Click on apply to this job to send us your CV and cover letter and the relevant member of our global talent team will be in touch with you. Alternatively send your details to . About your application We review every application received and will get in touch if your skills and experience match what we're looking for. If you don't hear back from us within 10 days, please don't be too disappointed - we may keep your CV on our database for any future vacancies and we would encourage you to keep an eye on our career opportunities as there may be other suitable roles.If you do not want us to retain your details, please email . All personal data is held in accordance with the NCC Group Privacy Policy (). We are committed to diversity and flexibility in the workplace. If you require any reasonable adjustments to support you during the application process, please tell us at any stage. Please note that this role involves mandatory pre-employment background checks due to the nature of the work NCC Group does. To apply, you must be willing and able to undergo the vetting process. This role being advertised will be subject to BS7858 screening as a mandatory requirement.
Feb 03, 2026
Full time
SOC Analyst Manchester, Cheltenham or London Today, it is an unavoidable fact that your business critical infrastructure and systems are at risk of attack. The key to good security is a clear understanding of what is most critical to the business. Where you do not have enough internal resources, time or skills to monitor and manage your IT environment 24/7, NCC Group can help, freeing up your skilled employees to focus on value-add activity.NCC Group provide a range of managed and hosted services delivered from our UK based Security Operations Centre SOC which operates 24/7, 365 days a year. Our team of over 30 accredited security experts are available 24/7, dealing daily with over 200 million log events and providing support for over 5,000 network devices.NCC Group's Cloud XDR Team provide a world class Extended Detection and Response (XDR) services; detecting, responding and mitigating cyber-attacks on our customers networks in our Security Operations Centres using the Microsoft Sentinel ecosystem.The Cloud XDR Team are looking for XDR Security Analysts with a passion for security to join the team to help the customers get the most out of our services and to protect their networks.This is an opportunity to join a technically advanced and talented team and help NCC Group build and deliver world class services to our customers.This role is ideal for a seasoned SOC Analyst with experience in cyber security looking to broaden their scope of cyber skills with a strong focus on detection and response to cyber incidents Summary Monitor global systems looking for potential threats, vulnerabilities and indicators of compromise. Perform in-depth analysis of security alerts utilizing Microsoft XDR suite (Sentinel/Defender etc) Provide Incident remediation and prevention documentation and recommendations to customers based on defined procedures and analyst experience. Document and conform to processes related to security monitoring procedures. Provide customer service that exceeds our customers' expectations at all times. Initiate escalation procedure to counteract potential threats, vulnerabilities and threat actors. Compilation and review of service focused reporting. Act as an escalation point for more junior members of the team, providing assistance and mentoring where necessary. Providing assistance to Senior Cyber Security Analysts on Threat Hunting engagements. Contributing to the continuous improvement of SOC procedures and documentation. Perform other duties as assigned. What we are looking for in you Practical knowledge of security and networking toolsets such including Microsofts XDR suite (Sentinel/Defender) Pre-existing, in-depth knowledge of common network protocols and endpoint detection/forensics Pre-existing, in-depth knowledge of Windows and Linux based operating systems. Experience in the extensive analysis of common security incidents. Experience in endpoint Ability to stay calm in highly sensitive and high pressure incidents. Certification s The following certifications are desirable, but not a requirement. Successful candidates that do not possess these certifications may be tasked with working towards them at the beginning of their employment: Azure based certifications (SC-200,AZ-500,MS-500) CREST CPSA / CRIA / CMRE / CNIA / CHIA CompTIA Security+ CompTIA Network+ Other relevant certifications. Ways of working Focusing on Clients and Customers. Working as One NCC.Always Learning.Being Inclusive and Respectful.Delivering Brilliantly. Our company At NCC Group, our mission is to create a more secure digital future. That mission underpins everything we do, from our work with our incredible clients to groundbreaking research shaping our industry. Our teams' partner with clients across a multitude of industries, delving into, securing new products, and emerging technologies, as well as solving complex security problems. As global leaders in cyber and escrow, NCC Group is a people-powered business seeking the next group of brilliant minds to join our ranks. Our colleagues are our greatest asset, and NCC Group is committed to providing an inclusive and supportive work environment that fosters creativity, collaboration, authenticity, and accountability. We want colleagues to put down roots at NCC Group, and we offer a comprehensive benefits package, as well as opportunities for learning and development and career growth. We believe our people are at their brilliant best when they feel bolstered in all aspects of their well-being, and we offer wellness programs and flexible working arrangements to provide that vital support.We have a high-performance culture which is balanced evenly with world-class well-being initiatives and benefits:Flexible working Financial & InvestmentPensionLife AssuranceShare Save SchemeMaternity & Paternity leaveCommunity & Volunteering Programmes Green Car Scheme Cycle Scheme Employee Referral Program Lifestyle & Wellness Learning & Development Diversity & Inclusion If this sounds like the right opportunity for you, then we would love to hear from you! Click on apply to this job to send us your CV and cover letter and the relevant member of our global talent team will be in touch with you. Alternatively send your details to . About your application We review every application received and will get in touch if your skills and experience match what we're looking for. If you don't hear back from us within 10 days, please don't be too disappointed - we may keep your CV on our database for any future vacancies and we would encourage you to keep an eye on our career opportunities as there may be other suitable roles.If you do not want us to retain your details, please email . All personal data is held in accordance with the NCC Group Privacy Policy (). We are committed to diversity and flexibility in the workplace. If you require any reasonable adjustments to support you during the application process, please tell us at any stage. Please note that this role involves mandatory pre-employment background checks due to the nature of the work NCC Group does. To apply, you must be willing and able to undergo the vetting process. This role being advertised will be subject to BS7858 screening as a mandatory requirement.
Threat Intelligence Analyst Edinburgh (Hybrid) Competitive Salary + Excellent Benefits Hunt threats. Shape intelligence. Make a real impact. Quorum is one of Scotland s largest Microsoft Partners and a Microsoft Direct Cloud Solutions Provider (CSP). As we continue to grow our security services, we re looking for a Threat Intelligence Analyst to join our expert team on a permanent basis. In this role, you ll be at the frontline of cyber defence proactively identifying, analysing, and mitigating threats through intelligence-led investigations and advanced threat hunting. You ll combine deep technical skills with the ability to clearly communicate risk and impact to both technical teams and clients. Just as importantly, you ll be supported at every stage of your career. At Quorum, training and development aren t buzzwords they re a promise. We invest heavily in our people and even reward you financially for the Microsoft accreditations you achieve. Key Responsibilities of the Threat Intelligence Analyst: Threat Hunting & Analysis Conduct proactive threat hunts based on hypotheses and real-world attack scenarios Investigate Indicators of Compromise (IOCs) and adversary TTPs Leverage threat intelligence feeds, OSINT, and commercial platforms to enrich detection Develop and maintain detection rules across SIEM and EDR platforms Threat Intelligence Management Collect, validate, and analyse threat data from multiple sources Monitor emerging threats, vulnerabilities, and attack trends Produce high-quality, actionable intelligence for internal teams and clients Client Engagement & Reporting Deliver clear, concise threat intelligence briefings Create tailored reports for strategic, operational, and technical audiences Translate complex technical findings into meaningful business impact Collaboration & Continuous Improvement Work closely with SOC analysts, incident responders, and engineering teams Contribute to playbooks, automation, and threat-hunting maturity Participate in service reviews and governance meetings What we re looking for: 2 3 years experience in threat intelligence and/or threat hunting Strong understanding of MITRE ATT&CK, malware analysis, and adversary behaviour Hands-on experience with Microsoft Sentinel, Defender XDR, and threat intelligence platforms Proficiency in KQL, Python, or similar scripting/query languages Excellent communication skills comfortable presenting to clients Analytical, detail-driven mindset with the ability to manage multiple investigations Passion for cybersecurity and a desire to keep learning Why join Quorum? Quorum is an Employee-Owned Scottish company delivering custom technology solutions, infrastructure consultancy, and managed services to organisations ranging from major financial institutions to small businesses. We re proud of our low staff turnover, collaborative culture, and genuine focus on work-life balance. Our benefits include: Highly competitive salary Contributory pension Private healthcare Buy & sell holidays Paid home broadband Annual personal technical training budget Paid Microsoft certifications plus annual bonus for accreditations Award-winning Family Friendly Working policies And yes we really are a nice bunch of people to work with. Ready to apply? If you eat, sleep, and breathe technology and want to build your threat intelligence career in a supportive, forward-thinking environment we d love to hear from you. Apply today and help us stay one step ahead of the threat.
Jan 30, 2026
Full time
Threat Intelligence Analyst Edinburgh (Hybrid) Competitive Salary + Excellent Benefits Hunt threats. Shape intelligence. Make a real impact. Quorum is one of Scotland s largest Microsoft Partners and a Microsoft Direct Cloud Solutions Provider (CSP). As we continue to grow our security services, we re looking for a Threat Intelligence Analyst to join our expert team on a permanent basis. In this role, you ll be at the frontline of cyber defence proactively identifying, analysing, and mitigating threats through intelligence-led investigations and advanced threat hunting. You ll combine deep technical skills with the ability to clearly communicate risk and impact to both technical teams and clients. Just as importantly, you ll be supported at every stage of your career. At Quorum, training and development aren t buzzwords they re a promise. We invest heavily in our people and even reward you financially for the Microsoft accreditations you achieve. Key Responsibilities of the Threat Intelligence Analyst: Threat Hunting & Analysis Conduct proactive threat hunts based on hypotheses and real-world attack scenarios Investigate Indicators of Compromise (IOCs) and adversary TTPs Leverage threat intelligence feeds, OSINT, and commercial platforms to enrich detection Develop and maintain detection rules across SIEM and EDR platforms Threat Intelligence Management Collect, validate, and analyse threat data from multiple sources Monitor emerging threats, vulnerabilities, and attack trends Produce high-quality, actionable intelligence for internal teams and clients Client Engagement & Reporting Deliver clear, concise threat intelligence briefings Create tailored reports for strategic, operational, and technical audiences Translate complex technical findings into meaningful business impact Collaboration & Continuous Improvement Work closely with SOC analysts, incident responders, and engineering teams Contribute to playbooks, automation, and threat-hunting maturity Participate in service reviews and governance meetings What we re looking for: 2 3 years experience in threat intelligence and/or threat hunting Strong understanding of MITRE ATT&CK, malware analysis, and adversary behaviour Hands-on experience with Microsoft Sentinel, Defender XDR, and threat intelligence platforms Proficiency in KQL, Python, or similar scripting/query languages Excellent communication skills comfortable presenting to clients Analytical, detail-driven mindset with the ability to manage multiple investigations Passion for cybersecurity and a desire to keep learning Why join Quorum? Quorum is an Employee-Owned Scottish company delivering custom technology solutions, infrastructure consultancy, and managed services to organisations ranging from major financial institutions to small businesses. We re proud of our low staff turnover, collaborative culture, and genuine focus on work-life balance. Our benefits include: Highly competitive salary Contributory pension Private healthcare Buy & sell holidays Paid home broadband Annual personal technical training budget Paid Microsoft certifications plus annual bonus for accreditations Award-winning Family Friendly Working policies And yes we really are a nice bunch of people to work with. Ready to apply? If you eat, sleep, and breathe technology and want to build your threat intelligence career in a supportive, forward-thinking environment we d love to hear from you. Apply today and help us stay one step ahead of the threat.
World Class Defence Organisation based in Stevenage, Hertfordshire is currently looking to recruit 8x SOC Threat Detection Analyst subcontractors on an initial 6 month contract. This role can start on an SC Security Clearance basis, however DV Clearance will be required down the line. This role would suit someone from a Cyber Security Analyst, SOC Analyst or Threat Detection Analyst background. Hourly Rate: 45ph - 85 per hour. There are 8 positions being recruited across the mid-senior level. Overtime rate of time and a quarter. Contract Duration: 6 Months initially and long-term thereafter. Shift pattern: 28 day Cycle Sat to Tue - Earlies (Apply online only) Wed to Sun - Off Mon to Fri - Lates (Apply online only) Sat to Tue Off Wed to Sun - Nights (Apply online only) (The type of shift rotates along the pattern through, so the start of the next 28 day cycle they start with lates -> Nights -> earlies then next cycle: Nights -> earlies -> lates) 28 days = 4 weeks, 14 days worked per 28 days, 3.5 days worked per week, 3.5 x 8 = 28 hours per week Initially may not be expected to do nights until team grows. SOC Threat Detection Analyst Job Description: An opportunity has arisen in the cyber security operations centre (SOC) within Information Management (IM) for a SOC Threat Detection Analyst. Supporting the Senior SOC analysts in assisting IM meet the challenges and demands of countering the Cyber Threat. The successful applicant will drive a proactive ethos in an ever-changing cyber security environment and provide robust threat detection and analysis within the 24x7 SOC. Responsibilities: To support the SOC Manager in assisting Information Management UK meet the challenges and demands of countering the Cyber Threat. Support for the operational functions of the UK SOC. To work with other UK SOC members, including the UK InfoSec Team and the IM Domains (Customer Support and Infrastructure / Information Systems). It will cover analysis, monitoring, reporting, alerting and investigation activity utilising a wide variety of security platforms including AI/ML and behavioural analytics, SIEM (Security Information Event Management), Network Packet Capture platform, Anti Malicious Code, Threat Detection technologies and platforms across the UK Network Perimeter working with the best standard technologies. The SOC Analyst reports to the SOC Manager. The SOC Analyst conducts a range of analysis and assists the incident response team with investigations that need to be escalated to an embedded member of staff. The SOC Analyst key responsibilities are: Effective Tier 1 to 2 alert triage of security events Monitoring of Cyber Security tools Monitoring the SOC email notification mailboxes Assists with the maintenance of Security technologies Assisting the SOC Solutions Lead with project activity Assist proactive threat hunting in collaboration with the CTI function Assist IR in HR and InfoSec related investigations Ensure the timely triage and remediation of any incident or request tickets raised to the SOC Participate in the activity of adding/removing URLs from the AcceptList and BlockList Attend routine security meetings Conduct activities in line with SOC Maturity and continuous improvement Skillset/experience required (Baseline): A career background in Cyber Security. Security awareness and experience in all areas of IT, primarily Network Security, Infrastructure and the secondary area being Operating Systems & Applications. Knowledge of IT Security standard methodologies. Demonstrable understanding of the OSI Reference Model and the network communication protocols, including but not limited to DNS, HTTP/S, SSL, SMTP, FTP/S, LDAP/S. Demonstrable experience with Security Information Event Monitoring Tools and/or Network Packet Capture tools. Hands on experience with IDS/IPS technologies and threat hunting activities. Strong analytical experience and mind-set. Experience within Defensive Cyber-attack methodologies and frameworks. Understanding of Malware capabilities, attack vectors, propagation and impact. Good communication skills liaising with the business and suppliers. Desirable Skillset/experience (Senior grade): Root cause analysis and leading T2 incident investigations Process / Playbook / Runbook development Working knowledge of detection engineering, false positive improvements Capability to tune SIEM rules or create custom detections Scripted automation experience e.g. Python, SOAR, PowerShell Threat modelling and Hunting methodologies
Jan 27, 2026
Contractor
World Class Defence Organisation based in Stevenage, Hertfordshire is currently looking to recruit 8x SOC Threat Detection Analyst subcontractors on an initial 6 month contract. This role can start on an SC Security Clearance basis, however DV Clearance will be required down the line. This role would suit someone from a Cyber Security Analyst, SOC Analyst or Threat Detection Analyst background. Hourly Rate: 45ph - 85 per hour. There are 8 positions being recruited across the mid-senior level. Overtime rate of time and a quarter. Contract Duration: 6 Months initially and long-term thereafter. Shift pattern: 28 day Cycle Sat to Tue - Earlies (Apply online only) Wed to Sun - Off Mon to Fri - Lates (Apply online only) Sat to Tue Off Wed to Sun - Nights (Apply online only) (The type of shift rotates along the pattern through, so the start of the next 28 day cycle they start with lates -> Nights -> earlies then next cycle: Nights -> earlies -> lates) 28 days = 4 weeks, 14 days worked per 28 days, 3.5 days worked per week, 3.5 x 8 = 28 hours per week Initially may not be expected to do nights until team grows. SOC Threat Detection Analyst Job Description: An opportunity has arisen in the cyber security operations centre (SOC) within Information Management (IM) for a SOC Threat Detection Analyst. Supporting the Senior SOC analysts in assisting IM meet the challenges and demands of countering the Cyber Threat. The successful applicant will drive a proactive ethos in an ever-changing cyber security environment and provide robust threat detection and analysis within the 24x7 SOC. Responsibilities: To support the SOC Manager in assisting Information Management UK meet the challenges and demands of countering the Cyber Threat. Support for the operational functions of the UK SOC. To work with other UK SOC members, including the UK InfoSec Team and the IM Domains (Customer Support and Infrastructure / Information Systems). It will cover analysis, monitoring, reporting, alerting and investigation activity utilising a wide variety of security platforms including AI/ML and behavioural analytics, SIEM (Security Information Event Management), Network Packet Capture platform, Anti Malicious Code, Threat Detection technologies and platforms across the UK Network Perimeter working with the best standard technologies. The SOC Analyst reports to the SOC Manager. The SOC Analyst conducts a range of analysis and assists the incident response team with investigations that need to be escalated to an embedded member of staff. The SOC Analyst key responsibilities are: Effective Tier 1 to 2 alert triage of security events Monitoring of Cyber Security tools Monitoring the SOC email notification mailboxes Assists with the maintenance of Security technologies Assisting the SOC Solutions Lead with project activity Assist proactive threat hunting in collaboration with the CTI function Assist IR in HR and InfoSec related investigations Ensure the timely triage and remediation of any incident or request tickets raised to the SOC Participate in the activity of adding/removing URLs from the AcceptList and BlockList Attend routine security meetings Conduct activities in line with SOC Maturity and continuous improvement Skillset/experience required (Baseline): A career background in Cyber Security. Security awareness and experience in all areas of IT, primarily Network Security, Infrastructure and the secondary area being Operating Systems & Applications. Knowledge of IT Security standard methodologies. Demonstrable understanding of the OSI Reference Model and the network communication protocols, including but not limited to DNS, HTTP/S, SSL, SMTP, FTP/S, LDAP/S. Demonstrable experience with Security Information Event Monitoring Tools and/or Network Packet Capture tools. Hands on experience with IDS/IPS technologies and threat hunting activities. Strong analytical experience and mind-set. Experience within Defensive Cyber-attack methodologies and frameworks. Understanding of Malware capabilities, attack vectors, propagation and impact. Good communication skills liaising with the business and suppliers. Desirable Skillset/experience (Senior grade): Root cause analysis and leading T2 incident investigations Process / Playbook / Runbook development Working knowledge of detection engineering, false positive improvements Capability to tune SIEM rules or create custom detections Scripted automation experience e.g. Python, SOAR, PowerShell Threat modelling and Hunting methodologies
