Detection & Response Analyst (SOC / Security Engineering Pathway) Portsmouth (Hybrid) Why this role is different Most SOC roles are alert-heavy and repetitive. This isn't one of them. You'll be joining a team that's actively moving beyond traditional SOC work-focusing on threat detection, automation, and security engineering , not just ticket handling. If you're looking to step up from SOC OR move closer to engineering / threat hunting , this is a genuine pathway role. What you'll be doing Investigating and responding to security incidents across enterprise environments Building and improving SIEM detection rules / use cases Working with security tooling (EDR, SIEM, cloud security platforms) Supporting threat hunting and proactive detection activities Collaborating with engineering teams to improve automation and response Contributing to continuous improvement of security operations What we're looking for We're open to people from a range of backgrounds, including SOC, SecOps, or infrastructure with security exposure. You might have: Experience in a SOC, SecOps, or similar security-focused role Exposure to tools like SIEM (Splunk, Sentinel, QRadar, etc.) or EDR Understanding of common attack techniques (MITRE ATT&CK, incident response basics) An interest in detection engineering, automation, or threat hunting Not ticking every box? That's fine-we're hiring for potential as well as experience . Progression & development This role is designed as a stepping stone into more advanced security work , including: Threat Hunting Detection Engineering Security Engineering / Automation Incident Response You'll be supported with training, certifications, and hands-on exposure to modern tooling. Working setup Hybrid Flexible working environment Portsmouth office for collaboration when needed Why join? Clear progression beyond traditional SOC work Opportunity to work on modern security tooling and detection engineering Supportive team environment with real development focus Chance to build skills that are highly in demand across cyber security
Mar 28, 2026
Full time
Detection & Response Analyst (SOC / Security Engineering Pathway) Portsmouth (Hybrid) Why this role is different Most SOC roles are alert-heavy and repetitive. This isn't one of them. You'll be joining a team that's actively moving beyond traditional SOC work-focusing on threat detection, automation, and security engineering , not just ticket handling. If you're looking to step up from SOC OR move closer to engineering / threat hunting , this is a genuine pathway role. What you'll be doing Investigating and responding to security incidents across enterprise environments Building and improving SIEM detection rules / use cases Working with security tooling (EDR, SIEM, cloud security platforms) Supporting threat hunting and proactive detection activities Collaborating with engineering teams to improve automation and response Contributing to continuous improvement of security operations What we're looking for We're open to people from a range of backgrounds, including SOC, SecOps, or infrastructure with security exposure. You might have: Experience in a SOC, SecOps, or similar security-focused role Exposure to tools like SIEM (Splunk, Sentinel, QRadar, etc.) or EDR Understanding of common attack techniques (MITRE ATT&CK, incident response basics) An interest in detection engineering, automation, or threat hunting Not ticking every box? That's fine-we're hiring for potential as well as experience . Progression & development This role is designed as a stepping stone into more advanced security work , including: Threat Hunting Detection Engineering Security Engineering / Automation Incident Response You'll be supported with training, certifications, and hands-on exposure to modern tooling. Working setup Hybrid Flexible working environment Portsmouth office for collaboration when needed Why join? Clear progression beyond traditional SOC work Opportunity to work on modern security tooling and detection engineering Supportive team environment with real development focus Chance to build skills that are highly in demand across cyber security
An exciting opportunity has arisen for a Threat Detection Engineer to join a well-established biotech company using large-scale genetic data and AI to predict disease risk and advance precision healthcare. As a Threat Detection Engineer, you will be responsible for developing and enhancing threat detection capabilities within a modern cloud-first setting. This role offers hybrid / remote working options, a salary range of £60,000 - £80,000 and benefits. You will be responsible for: Designing and implementing threat-led detection logic informed by threat intelligence and hunting activities. Developing innovative analytical techniques to identify incidents effectively. Collaborating with an outsourced SOC to maintain, tune, and optimise detection catalogues. Creating and refining DLP, Insider Risk Management, and other security rules using cloud-native tools. Monitoring and ensuring high-quality service delivery from external SOC providers. Automating reporting on security performance and operational metrics. Partnering with technology teams to ensure adequate monitoring across cloud platforms, SaaS, and internal systems. Documenting security processes, tool configurations, and contributing to service delivery documentation. Supporting colleagues with ISO 27001 compliance and KQL-related tasks. What we are looking for: Previously worked as an SOC Analyst, Threat Detection Engineer or in a similar role. Must have strong expertise in KQL. Hands-on experience with Microsoft Sentinel and Defender (Endpoint, Office 365). Familiarity with Microsoft Entra ID, including Identity Governance. Experience with Microsoft Purview, particularly DLP and data protection tools. Exposure to cloud-native logging in Azure and Kubernetes environments. Understanding of "detection as code" or "everything as code" approaches, including CI/CD pipelines. Experience working with or alongside MSP SOC teams. Awareness of Agile methodologies and ways of working. Knowledge of attacker TTPs, threat modelling, and cyber security frameworks. Understanding of statistics, data science, or AI/ML as applied to security. Awareness of ISO 27001 standards. Relevant cyber security certifications (e.g., MS-500, AZ-500, SC-200, SC-300, SC-400, Security+, GSOC, CCSK). This is a rare chance to contribute to meaningful cyber security work in a role where your expertise will directly influence how threats are detected and mitigated at scale. Relevant job titles: Threat Detection Engineer, Cyber Threat Engineer, Detection & Response Engineer, Security Detection Engineer Important Information: We endeavour to process your personal data in a fair and transparent manner. In applying for this role, Additional Resources will be acting in your best interest and may contact you in relation to the role, either by email, phone, or text message. For more information see our Privacy Policy on our website. It is important you are aware of your individual rights and the provisions the company has put in place to protect your data. If you would like further information on the policy or GDPR please contact us. Additional Resources Ltd is an Employment Business and an Employment Agency as defined within The Conduct of Employment Agencies & Employment Businesses Regulations 2003.
Mar 27, 2026
Full time
An exciting opportunity has arisen for a Threat Detection Engineer to join a well-established biotech company using large-scale genetic data and AI to predict disease risk and advance precision healthcare. As a Threat Detection Engineer, you will be responsible for developing and enhancing threat detection capabilities within a modern cloud-first setting. This role offers hybrid / remote working options, a salary range of £60,000 - £80,000 and benefits. You will be responsible for: Designing and implementing threat-led detection logic informed by threat intelligence and hunting activities. Developing innovative analytical techniques to identify incidents effectively. Collaborating with an outsourced SOC to maintain, tune, and optimise detection catalogues. Creating and refining DLP, Insider Risk Management, and other security rules using cloud-native tools. Monitoring and ensuring high-quality service delivery from external SOC providers. Automating reporting on security performance and operational metrics. Partnering with technology teams to ensure adequate monitoring across cloud platforms, SaaS, and internal systems. Documenting security processes, tool configurations, and contributing to service delivery documentation. Supporting colleagues with ISO 27001 compliance and KQL-related tasks. What we are looking for: Previously worked as an SOC Analyst, Threat Detection Engineer or in a similar role. Must have strong expertise in KQL. Hands-on experience with Microsoft Sentinel and Defender (Endpoint, Office 365). Familiarity with Microsoft Entra ID, including Identity Governance. Experience with Microsoft Purview, particularly DLP and data protection tools. Exposure to cloud-native logging in Azure and Kubernetes environments. Understanding of "detection as code" or "everything as code" approaches, including CI/CD pipelines. Experience working with or alongside MSP SOC teams. Awareness of Agile methodologies and ways of working. Knowledge of attacker TTPs, threat modelling, and cyber security frameworks. Understanding of statistics, data science, or AI/ML as applied to security. Awareness of ISO 27001 standards. Relevant cyber security certifications (e.g., MS-500, AZ-500, SC-200, SC-300, SC-400, Security+, GSOC, CCSK). This is a rare chance to contribute to meaningful cyber security work in a role where your expertise will directly influence how threats are detected and mitigated at scale. Relevant job titles: Threat Detection Engineer, Cyber Threat Engineer, Detection & Response Engineer, Security Detection Engineer Important Information: We endeavour to process your personal data in a fair and transparent manner. In applying for this role, Additional Resources will be acting in your best interest and may contact you in relation to the role, either by email, phone, or text message. For more information see our Privacy Policy on our website. It is important you are aware of your individual rights and the provisions the company has put in place to protect your data. If you would like further information on the policy or GDPR please contact us. Additional Resources Ltd is an Employment Business and an Employment Agency as defined within The Conduct of Employment Agencies & Employment Businesses Regulations 2003.
The Role We're looking for a Senior Content Engineer to help us research, plan, and create advanced content and virtual labs for our online courses. The ideal candidate has extensive experience in blue team cyber security roles and a strong background in training content development. Technical Skills & Experience To be considered for this opportunity, you must have at least 5 years of relevant cyber security industry experience in roles such as L3/L4 SOC Analyst, Security Engineer, Incident Responder, Threat Hunter or Digital Forensics Investigator. You should also demonstrate: Strong expertise in core blue team areas: incident detection and response, threat intelligence, log analysis, security monitoring, and digital forensics. A deep understanding of networking, computing, and operating systems as they relate to security practices. Familiarity with blue team tooling (e.g., SIEM, EDR, IDS/IPS, forensic tools) and methodologies (e.g., MITRE ATT&CK framework, log analysis, malware analysis). Proven ability to research and adapt to emerging threats and technologies and translate that knowledge into engaging training content. Strong verbal and written English communication skills, essential for conveying complex technical concepts. Job Responsibilities Research, design, and develop defensive cyber security training material with supporting hands-on lab exercises (such as virtual machines and datasets for analysis). Collaborate with the Content Engineering Team to support security training coverage and identify content development opportunities. Experience developing and configuring virtual machines and sample datasets for realistic cybersecurity labs. Provide guidance and support to other Content Engineering Team members in areas of expertise. Take charge of planning and designing portions of the content development roadmap. Collaborate with the Head of Content Engineering to continuously improve the content development process. Analyze industry trends in tooling and techniques and recreate them as teachable content. Strategically plan, review, and schedule content with our blue team content engineering team. Preferred Skills (nice-to-have): Creating challenges for capture the flags (CTFs) Programming experience in any of the following: Python, PHP, Bash, Powershell Experience leading/ coaching/ mentoring others Certifications such as GIAC Certified Incident Handler (GCIH), GIAC Certified Enterprise Defender (GCED), Certified SOC Analyst (CSA), Certified Forensic Analyst (GCFA), CompTIA CySA+, BTL2 Benefits & Perks 100% Remote - In a fully digital world, work from anywhere you want! Flexi Time - Choose your own hours as long as you have at least 4 hours of overlap with the UK timezone (from 8am - 6pm) Tools - a dedicated work laptop + any accessories you need to do your best work. Swag Pack - start your TryHackMe journey with a branded swag bundle! Personal Development - £2,500 training budget to acquire certifications, and more. Company Retreat - an annual company retreat, fully paid for by us! Lunch on us - whether you're a pizza-lover, salad obsessed or a big sushi fan, TryHackMe will cover the cost of your lunch order during our recurring company virtual lunches. Health Insurance - if you're in a country that doesn't have public health care. Enhanced Maternity & Paternity - an enhanced package on top of statutory requirements. 401k / Pension - TryHackMe makes it easy to save money for your retirement. Our Hiring Process Stage 1: Short introduction call (30 mins) Stage 2: Technical Take Home Exercise (part 1 & 2) Stage 3: Interview with our Head of Content Engineering (one hour) Stage 4: Final call with a Co-Founder (30 mins) At this time, we are unable to provide sponsorship.
Mar 07, 2026
Full time
The Role We're looking for a Senior Content Engineer to help us research, plan, and create advanced content and virtual labs for our online courses. The ideal candidate has extensive experience in blue team cyber security roles and a strong background in training content development. Technical Skills & Experience To be considered for this opportunity, you must have at least 5 years of relevant cyber security industry experience in roles such as L3/L4 SOC Analyst, Security Engineer, Incident Responder, Threat Hunter or Digital Forensics Investigator. You should also demonstrate: Strong expertise in core blue team areas: incident detection and response, threat intelligence, log analysis, security monitoring, and digital forensics. A deep understanding of networking, computing, and operating systems as they relate to security practices. Familiarity with blue team tooling (e.g., SIEM, EDR, IDS/IPS, forensic tools) and methodologies (e.g., MITRE ATT&CK framework, log analysis, malware analysis). Proven ability to research and adapt to emerging threats and technologies and translate that knowledge into engaging training content. Strong verbal and written English communication skills, essential for conveying complex technical concepts. Job Responsibilities Research, design, and develop defensive cyber security training material with supporting hands-on lab exercises (such as virtual machines and datasets for analysis). Collaborate with the Content Engineering Team to support security training coverage and identify content development opportunities. Experience developing and configuring virtual machines and sample datasets for realistic cybersecurity labs. Provide guidance and support to other Content Engineering Team members in areas of expertise. Take charge of planning and designing portions of the content development roadmap. Collaborate with the Head of Content Engineering to continuously improve the content development process. Analyze industry trends in tooling and techniques and recreate them as teachable content. Strategically plan, review, and schedule content with our blue team content engineering team. Preferred Skills (nice-to-have): Creating challenges for capture the flags (CTFs) Programming experience in any of the following: Python, PHP, Bash, Powershell Experience leading/ coaching/ mentoring others Certifications such as GIAC Certified Incident Handler (GCIH), GIAC Certified Enterprise Defender (GCED), Certified SOC Analyst (CSA), Certified Forensic Analyst (GCFA), CompTIA CySA+, BTL2 Benefits & Perks 100% Remote - In a fully digital world, work from anywhere you want! Flexi Time - Choose your own hours as long as you have at least 4 hours of overlap with the UK timezone (from 8am - 6pm) Tools - a dedicated work laptop + any accessories you need to do your best work. Swag Pack - start your TryHackMe journey with a branded swag bundle! Personal Development - £2,500 training budget to acquire certifications, and more. Company Retreat - an annual company retreat, fully paid for by us! Lunch on us - whether you're a pizza-lover, salad obsessed or a big sushi fan, TryHackMe will cover the cost of your lunch order during our recurring company virtual lunches. Health Insurance - if you're in a country that doesn't have public health care. Enhanced Maternity & Paternity - an enhanced package on top of statutory requirements. 401k / Pension - TryHackMe makes it easy to save money for your retirement. Our Hiring Process Stage 1: Short introduction call (30 mins) Stage 2: Technical Take Home Exercise (part 1 & 2) Stage 3: Interview with our Head of Content Engineering (one hour) Stage 4: Final call with a Co-Founder (30 mins) At this time, we are unable to provide sponsorship.
About the Role The Cyber Security and Resilience Engineer will support our Cyber Security Operations strategy with the management and optimisation of the clients Threat protection and detection tooling. This role's focus will be on ensuring there are robust security controls across web, email, endpoints and cloud environments. You will work closely with the Cyber Security Operations team, outsourced managed security service provider, and internal stakeholders to maintain and enhance our security posture. You will play a key role in our organisation. Security transformation programme to help improve our security posture by securing our cloud and enterprise environments by implementing best practices. In this role, you'll take ownership of managing and maintaining threat protection and detection tools, including web and email security solutions, EDR platforms, and cloud security technologies. You'll configure and monitor Microsoft Defender for Endpoint, Office 365, and Cloud, while supporting the Security Operations Lead to keep our environment secure. Your day-to-day will involve analysing security alerts, collaborating with SOC and MSSP partners to strengthen detection and response, conducting regular assessments, and shaping security policies and best practices. We operate a hybrid working policy that requires a minimum of 2 days per week in the office. About You We're seeking a cybersecurity professional with experience in Microsoft-centric environments, ideally within large or multi-region organizations. You should be a clear communicator and strong leader who sets direction, aligns teams, and focuses on priorities. Adaptability is key - you can manage change, make decisions with incomplete information, and handle uncertainty confidently. The ability to identify critical tasks, remove obstacles, and keep teams focused on results is essential. To be successful in this role, you will ideally have/be: Essential: Demonstrated hands on experience in Azure, Entra and Microsoft 365 Cloud Security Engineering Demonstrated hands on experience of writing complex PowerShell scripts Experience of managing security of IAAS, PAAS and SAAS platforms Strong understanding of threat detection, prevention, and response methodologies. Hands-on experience with EDR, email security, and web security solutions. Microsoft certifications such as SC-200 MS Security Operations Analyst or AZ-500 Azure Security Engineer Associate Knowledge of cloud security principles and technologies Desirable: Strong understanding of security frameworks (NIST, ISO 27001, Mitre ATT&CK) Knowledge of web security tooling such as web proxy, DNS filtering and similar (e.g. Cisco Umbrella) Previous experience as a Security Analyst or in a SOC environment. Benefits We care about work/life balance here. With this in mind we offer 25 days' holiday that rises with service, plus bank holidays and Christmas closure (3-days) and a 35-hour working week. We are open to discussing flexibility in respect to working patterns, dependent on role. We also have a great variety of active employee networks and societies. We help make your money go further by contributing to your pension up to 12%, offering loans and savings schemes through our partnership with Salary Finance, in addition to travel to work schemes and access to a wide range of local discounts. This role comes with the added benefit of a discretionary annual payment.
Mar 05, 2026
Full time
About the Role The Cyber Security and Resilience Engineer will support our Cyber Security Operations strategy with the management and optimisation of the clients Threat protection and detection tooling. This role's focus will be on ensuring there are robust security controls across web, email, endpoints and cloud environments. You will work closely with the Cyber Security Operations team, outsourced managed security service provider, and internal stakeholders to maintain and enhance our security posture. You will play a key role in our organisation. Security transformation programme to help improve our security posture by securing our cloud and enterprise environments by implementing best practices. In this role, you'll take ownership of managing and maintaining threat protection and detection tools, including web and email security solutions, EDR platforms, and cloud security technologies. You'll configure and monitor Microsoft Defender for Endpoint, Office 365, and Cloud, while supporting the Security Operations Lead to keep our environment secure. Your day-to-day will involve analysing security alerts, collaborating with SOC and MSSP partners to strengthen detection and response, conducting regular assessments, and shaping security policies and best practices. We operate a hybrid working policy that requires a minimum of 2 days per week in the office. About You We're seeking a cybersecurity professional with experience in Microsoft-centric environments, ideally within large or multi-region organizations. You should be a clear communicator and strong leader who sets direction, aligns teams, and focuses on priorities. Adaptability is key - you can manage change, make decisions with incomplete information, and handle uncertainty confidently. The ability to identify critical tasks, remove obstacles, and keep teams focused on results is essential. To be successful in this role, you will ideally have/be: Essential: Demonstrated hands on experience in Azure, Entra and Microsoft 365 Cloud Security Engineering Demonstrated hands on experience of writing complex PowerShell scripts Experience of managing security of IAAS, PAAS and SAAS platforms Strong understanding of threat detection, prevention, and response methodologies. Hands-on experience with EDR, email security, and web security solutions. Microsoft certifications such as SC-200 MS Security Operations Analyst or AZ-500 Azure Security Engineer Associate Knowledge of cloud security principles and technologies Desirable: Strong understanding of security frameworks (NIST, ISO 27001, Mitre ATT&CK) Knowledge of web security tooling such as web proxy, DNS filtering and similar (e.g. Cisco Umbrella) Previous experience as a Security Analyst or in a SOC environment. Benefits We care about work/life balance here. With this in mind we offer 25 days' holiday that rises with service, plus bank holidays and Christmas closure (3-days) and a 35-hour working week. We are open to discussing flexibility in respect to working patterns, dependent on role. We also have a great variety of active employee networks and societies. We help make your money go further by contributing to your pension up to 12%, offering loans and savings schemes through our partnership with Salary Finance, in addition to travel to work schemes and access to a wide range of local discounts. This role comes with the added benefit of a discretionary annual payment.
