Ready for your next move in cyber security? Join our fast-growing Security Operations Centre, where you'll help defend multiple organisations across a wide range of industries - from critical infrastructure to complex enterprise environments. As part of our SOC team, you'll play a key role in strengthening and maturing our services, helping deliver smart, efficient and high-impact security outcomes for our clients. You won't just monitor alerts. You'll investigate, enhance detection capability, influence processes and help shape how we defend modern environments. You'll gain exposure to real-world threats, diverse technology stacks and large-scale operations - giving you the kind of hands-on experience that accelerates careers. If you're curious, analytical and enjoy solving problems that genuinely matter, this could be your next challenge. Our team operates a 24/7 SOC. This role involves working day and night shifts. Office based in Hemel Hempstead. You must be eligible for SC Clearance. What you'll be doing: Monitoring and analysing security alerts and events, conducting initial investigations responding. Escalating complex incidents to Senior Analysts for deeper analysis and resolution. Managing SOC incident queues. Maintaining and improving asset baselines across customer environments. Producing clear, insightful reports for both technical and non-technical audiences. Enhancing detection rules and use cases aligned to MITRE ATT&CK and threat-informed defence. What you'll bring: Hands-on experience with Microsoft Sentinel and Splunk. Knowledge of the MITRE ATT&CK framework. Understanding of client-server and multi-tier applications, databases, firewalls, VPNs and endpoint security. Solid networking fundamentals (TCP/IP, LAN/WAN, HTTP, SMTP, FTP, LDAP, etc.). Strong analytical thinking and structured problem-solving. An entry-level cyber security certification (e.g. Security+, CEH, CPSA) or similar. It would be great if you had: ? Scripting or programming skills (Python, PowerShell, Bash, Perl, C++). Broader SIEM experience (e.g. QRadar). Additional SOC or CREST certifications. If you're interested in this role but not sure if your skills and experience are exactly what we're looking for, please do apply, we'd love to hear from you! Employment Type: Full-time, Permanent. Location: Hemel Hempstead. Security Clearance Level: SC. Internal Recruiter: Jane. Salary: £42,000 to £58,000. Benefits: 25 days annual leave with the choice to buy additional days, health cash plan, life assurance and pension. Shift allowance. Sopra Steria: Our Aerospace, Defence and Security business designs, develops and deploys digital solutions to Central Government clients. The work we do makes a real difference to the client's goal of National Security, and we operate in a unique and privileged environment. We are given time for professional development activities, and we coach and mentor our colleagues, sharing knowledge and learning from each other. We foster a culture in which employees feel valued and supported and have pride in their work for the customer, delivering outstanding rates of customer satisfaction in the UK's most complex safety- and security-critical markets.
Apr 07, 2026
Full time
Ready for your next move in cyber security? Join our fast-growing Security Operations Centre, where you'll help defend multiple organisations across a wide range of industries - from critical infrastructure to complex enterprise environments. As part of our SOC team, you'll play a key role in strengthening and maturing our services, helping deliver smart, efficient and high-impact security outcomes for our clients. You won't just monitor alerts. You'll investigate, enhance detection capability, influence processes and help shape how we defend modern environments. You'll gain exposure to real-world threats, diverse technology stacks and large-scale operations - giving you the kind of hands-on experience that accelerates careers. If you're curious, analytical and enjoy solving problems that genuinely matter, this could be your next challenge. Our team operates a 24/7 SOC. This role involves working day and night shifts. Office based in Hemel Hempstead. You must be eligible for SC Clearance. What you'll be doing: Monitoring and analysing security alerts and events, conducting initial investigations responding. Escalating complex incidents to Senior Analysts for deeper analysis and resolution. Managing SOC incident queues. Maintaining and improving asset baselines across customer environments. Producing clear, insightful reports for both technical and non-technical audiences. Enhancing detection rules and use cases aligned to MITRE ATT&CK and threat-informed defence. What you'll bring: Hands-on experience with Microsoft Sentinel and Splunk. Knowledge of the MITRE ATT&CK framework. Understanding of client-server and multi-tier applications, databases, firewalls, VPNs and endpoint security. Solid networking fundamentals (TCP/IP, LAN/WAN, HTTP, SMTP, FTP, LDAP, etc.). Strong analytical thinking and structured problem-solving. An entry-level cyber security certification (e.g. Security+, CEH, CPSA) or similar. It would be great if you had: ? Scripting or programming skills (Python, PowerShell, Bash, Perl, C++). Broader SIEM experience (e.g. QRadar). Additional SOC or CREST certifications. If you're interested in this role but not sure if your skills and experience are exactly what we're looking for, please do apply, we'd love to hear from you! Employment Type: Full-time, Permanent. Location: Hemel Hempstead. Security Clearance Level: SC. Internal Recruiter: Jane. Salary: £42,000 to £58,000. Benefits: 25 days annual leave with the choice to buy additional days, health cash plan, life assurance and pension. Shift allowance. Sopra Steria: Our Aerospace, Defence and Security business designs, develops and deploys digital solutions to Central Government clients. The work we do makes a real difference to the client's goal of National Security, and we operate in a unique and privileged environment. We are given time for professional development activities, and we coach and mentor our colleagues, sharing knowledge and learning from each other. We foster a culture in which employees feel valued and supported and have pride in their work for the customer, delivering outstanding rates of customer satisfaction in the UK's most complex safety- and security-critical markets.
Cookie Notice Chief Information Security Officer Title: Chief Information Security Officer Company: Ipsen Pharma (SAS) About Ipsen: Ipsen is a mid-sized global biopharmaceutical company with a focus on transformative medicines in three therapeutic areas: Oncology, Rare Disease and Neuroscience. Supported by nearly 100 years of development experience, with global hubs in the U.S., France and the U.K, we tackle areas of high unmet medical need through research and innovation. Our passionate teams in more than 40 countries are focused on what matters and endeavor every day to bring medicines to patients in 88 countries. We build a workplace that champions human-centric leadership and fosters a culture of collaboration, excellence and impact. At Ipsen, every individual is empowered to be their true selves, grow and thrive alongside the company's success. Join us on our journey towards sustainable growth, creating real impact on patients and society!For more information, visit us at and follow our latest news on and . Job Description: The Chief Information Security Officer (CISO) is a strategic executive responsible for protecting the company's physical, digital, and intellectual assets. In a pharmaceutical context, this includes safeguarding sensitive R&D data, clinical trial information, patient privacy, and proprietary technologies. The CISO leads the development and execution of a comprehensive security strategy encompassing cybersecurity, regulatory compliance, physical security, and internal investigations. This role includes building and managing a multidisciplinary security and investigations team, ensuring alignment with business goals and regulatory requirements. WHAT - Main Responsibilities & Technical Competencies Strategic Leadership Develop and execute a forward-looking security strategy aligned with corporate objectives and industry trends. Advise executive leadership and the board on risk posture, threat landscape, and investment priorities. Lead cross-functional initiatives to embed security into digital transformation, innovation, and operational excellence. Establish KPIs and performance metrics to measure and improve security effectiveness. Cybersecurity & IT Security Oversee the design and implementation of cybersecurity architecture and controls. Ensure protection of IT infrastructure, cloud environments, and sensitive data. Lead incident response, threat intelligence, and vulnerability management programs. Maintain compliance with global standards (e.g., ISO 27001, NIST, GDPR, HIPAA). Governance, Risk & Compliance Develop and enforce enterprise-wide security policies and procedures. In alignment with the business ethics team, ensure compliance with pharmaceutical regulations (e.g., FDA, EMA, GxP). Conduct risk assessments, internal audits, and third-party security evaluations. Report regularly to senior leadership on risk mitigation and compliance status. Investigations & Incident Management Establish and lead an internal investigations function to address security breaches, misconduct, and regulatory violations. Build and manage a team of investigators and analysts with expertise in digital forensics, compliance, and legal coordination. Collaborate with HR, Legal, and external agencies on sensitive investigations and disciplinary actions. Ensure thorough documentation, reporting, and resolution of incidents in line with legal and regulatory standards. Fraud Management Develop and implement a fraud prevention and detection framework across the organization. Lead investigations into suspected fraud, misconduct, and financial irregularities. Collaborate with Finance, Legal, and Compliance to ensure timely resolution and reporting of fraud cases. Maintain a whistleblower program and ensure confidentiality and integrity in handling reports. Monitor fraud trends and proactively adjust controls and training programs. Team Management & Development Build and lead a multidisciplinary security team (cybersecurity, physical security, investigations, risk management). Define roles, responsibilities, and career development paths for team members. Foster a culture of accountability, agility, and continuous learning. Manage vendor relationships and external consultants as needed. Physical & Operational Security Oversee facility security, access control, and surveillance systems. Coordinate with facilities and operations on emergency preparedness and response. Develop and test business continuity and disaster recovery plans. Stakeholder Engagement Partner with various functions & business leaders including Legal, Regulatory Affairs, R&D, and Medical Affairs to align security with business needs. Lead security awareness and training programs across the organization. Represent the company in external forums, industry groups, and regulatory engagements. HOW - Knowledge & Experience Skills: Technical depth in cybersecurity and investigations Leadership and team development Fraud detection and prevention expertise Regulatory and compliance acumen Communication and stakeholder management Crisis and incident responseKnowledge & Experience: 15+ years of experience in security leadership, preferably in pharma or life sciences. Proven track record in strategic planning, investigations, fraud management, and team leadership. Certifications such as CISSP, CISM, CISA, CRISC, or CFE (Certified Fraud Examiner) are highly desirable. Strong understanding of regulatory environments and risk management frameworks.Education / Certifications : Bachelor's or Master's degree in Information Security, Computer Science, or related field.Language(s) : Fluency in English. Knowledge of European language is a plus for global roles.Nous nous engageons à créer un lieu de travail où chacun se sent écouté, valorisé et soutenu, où nous incarnons " The Real Us ". La valeur que nous accordons aux différentes perspectives et expériences motive notre engagement en faveur de l'inclusion et de l'égalité des chances. Lorsque nous intégrons des modes de pensée diversifiés, nous prenons des décisions plus réfléchies et découvrons des solutions plus innovantes. Ensemble, nous nous efforçons de mieux comprendre les communautés que nous servons. Cela signifie que nous voulons également vous aider à donner le meilleur de vous-même lorsque vous postulez à un poste chez nous. Si vous avez besoin d'aménagements ou d'aide pendant le processus de candidature, veuillez en informer l'équipe de recrutement. Ces informations seront traitées avec soin et n'auront aucune incidence sur le résultat de votre candidature. Soyons nous-même Get In TouchIntroduce yourself to our recruiters and we'll get in touch if there's a role that seems like a good match.
Apr 04, 2026
Full time
Cookie Notice Chief Information Security Officer Title: Chief Information Security Officer Company: Ipsen Pharma (SAS) About Ipsen: Ipsen is a mid-sized global biopharmaceutical company with a focus on transformative medicines in three therapeutic areas: Oncology, Rare Disease and Neuroscience. Supported by nearly 100 years of development experience, with global hubs in the U.S., France and the U.K, we tackle areas of high unmet medical need through research and innovation. Our passionate teams in more than 40 countries are focused on what matters and endeavor every day to bring medicines to patients in 88 countries. We build a workplace that champions human-centric leadership and fosters a culture of collaboration, excellence and impact. At Ipsen, every individual is empowered to be their true selves, grow and thrive alongside the company's success. Join us on our journey towards sustainable growth, creating real impact on patients and society!For more information, visit us at and follow our latest news on and . Job Description: The Chief Information Security Officer (CISO) is a strategic executive responsible for protecting the company's physical, digital, and intellectual assets. In a pharmaceutical context, this includes safeguarding sensitive R&D data, clinical trial information, patient privacy, and proprietary technologies. The CISO leads the development and execution of a comprehensive security strategy encompassing cybersecurity, regulatory compliance, physical security, and internal investigations. This role includes building and managing a multidisciplinary security and investigations team, ensuring alignment with business goals and regulatory requirements. WHAT - Main Responsibilities & Technical Competencies Strategic Leadership Develop and execute a forward-looking security strategy aligned with corporate objectives and industry trends. Advise executive leadership and the board on risk posture, threat landscape, and investment priorities. Lead cross-functional initiatives to embed security into digital transformation, innovation, and operational excellence. Establish KPIs and performance metrics to measure and improve security effectiveness. Cybersecurity & IT Security Oversee the design and implementation of cybersecurity architecture and controls. Ensure protection of IT infrastructure, cloud environments, and sensitive data. Lead incident response, threat intelligence, and vulnerability management programs. Maintain compliance with global standards (e.g., ISO 27001, NIST, GDPR, HIPAA). Governance, Risk & Compliance Develop and enforce enterprise-wide security policies and procedures. In alignment with the business ethics team, ensure compliance with pharmaceutical regulations (e.g., FDA, EMA, GxP). Conduct risk assessments, internal audits, and third-party security evaluations. Report regularly to senior leadership on risk mitigation and compliance status. Investigations & Incident Management Establish and lead an internal investigations function to address security breaches, misconduct, and regulatory violations. Build and manage a team of investigators and analysts with expertise in digital forensics, compliance, and legal coordination. Collaborate with HR, Legal, and external agencies on sensitive investigations and disciplinary actions. Ensure thorough documentation, reporting, and resolution of incidents in line with legal and regulatory standards. Fraud Management Develop and implement a fraud prevention and detection framework across the organization. Lead investigations into suspected fraud, misconduct, and financial irregularities. Collaborate with Finance, Legal, and Compliance to ensure timely resolution and reporting of fraud cases. Maintain a whistleblower program and ensure confidentiality and integrity in handling reports. Monitor fraud trends and proactively adjust controls and training programs. Team Management & Development Build and lead a multidisciplinary security team (cybersecurity, physical security, investigations, risk management). Define roles, responsibilities, and career development paths for team members. Foster a culture of accountability, agility, and continuous learning. Manage vendor relationships and external consultants as needed. Physical & Operational Security Oversee facility security, access control, and surveillance systems. Coordinate with facilities and operations on emergency preparedness and response. Develop and test business continuity and disaster recovery plans. Stakeholder Engagement Partner with various functions & business leaders including Legal, Regulatory Affairs, R&D, and Medical Affairs to align security with business needs. Lead security awareness and training programs across the organization. Represent the company in external forums, industry groups, and regulatory engagements. HOW - Knowledge & Experience Skills: Technical depth in cybersecurity and investigations Leadership and team development Fraud detection and prevention expertise Regulatory and compliance acumen Communication and stakeholder management Crisis and incident responseKnowledge & Experience: 15+ years of experience in security leadership, preferably in pharma or life sciences. Proven track record in strategic planning, investigations, fraud management, and team leadership. Certifications such as CISSP, CISM, CISA, CRISC, or CFE (Certified Fraud Examiner) are highly desirable. Strong understanding of regulatory environments and risk management frameworks.Education / Certifications : Bachelor's or Master's degree in Information Security, Computer Science, or related field.Language(s) : Fluency in English. Knowledge of European language is a plus for global roles.Nous nous engageons à créer un lieu de travail où chacun se sent écouté, valorisé et soutenu, où nous incarnons " The Real Us ". La valeur que nous accordons aux différentes perspectives et expériences motive notre engagement en faveur de l'inclusion et de l'égalité des chances. Lorsque nous intégrons des modes de pensée diversifiés, nous prenons des décisions plus réfléchies et découvrons des solutions plus innovantes. Ensemble, nous nous efforçons de mieux comprendre les communautés que nous servons. Cela signifie que nous voulons également vous aider à donner le meilleur de vous-même lorsque vous postulez à un poste chez nous. Si vous avez besoin d'aménagements ou d'aide pendant le processus de candidature, veuillez en informer l'équipe de recrutement. Ces informations seront traitées avec soin et n'auront aucune incidence sur le résultat de votre candidature. Soyons nous-même Get In TouchIntroduce yourself to our recruiters and we'll get in touch if there's a role that seems like a good match.
Detection & Response Analyst (SOC / Security Engineering Pathway) Portsmouth (Hybrid) Why this role is different Most SOC roles are alert-heavy and repetitive. This isn't one of them. You'll be joining a team that's actively moving beyond traditional SOC work-focusing on threat detection, automation, and security engineering , not just ticket handling. If you're looking to step up from SOC OR move closer to engineering / threat hunting , this is a genuine pathway role. What you'll be doing Investigating and responding to security incidents across enterprise environments Building and improving SIEM detection rules / use cases Working with security tooling (EDR, SIEM, cloud security platforms) Supporting threat hunting and proactive detection activities Collaborating with engineering teams to improve automation and response Contributing to continuous improvement of security operations What we're looking for We're open to people from a range of backgrounds, including SOC, SecOps, or infrastructure with security exposure. You might have: Experience in a SOC, SecOps, or similar security-focused role Exposure to tools like SIEM (Splunk, Sentinel, QRadar, etc.) or EDR Understanding of common attack techniques (MITRE ATT&CK, incident response basics) An interest in detection engineering, automation, or threat hunting Not ticking every box? That's fine-we're hiring for potential as well as experience . Progression & development This role is designed as a stepping stone into more advanced security work , including: Threat Hunting Detection Engineering Security Engineering / Automation Incident Response You'll be supported with training, certifications, and hands-on exposure to modern tooling. Working setup Hybrid Flexible working environment Portsmouth office for collaboration when needed Why join? Clear progression beyond traditional SOC work Opportunity to work on modern security tooling and detection engineering Supportive team environment with real development focus Chance to build skills that are highly in demand across cyber security
Apr 01, 2026
Full time
Detection & Response Analyst (SOC / Security Engineering Pathway) Portsmouth (Hybrid) Why this role is different Most SOC roles are alert-heavy and repetitive. This isn't one of them. You'll be joining a team that's actively moving beyond traditional SOC work-focusing on threat detection, automation, and security engineering , not just ticket handling. If you're looking to step up from SOC OR move closer to engineering / threat hunting , this is a genuine pathway role. What you'll be doing Investigating and responding to security incidents across enterprise environments Building and improving SIEM detection rules / use cases Working with security tooling (EDR, SIEM, cloud security platforms) Supporting threat hunting and proactive detection activities Collaborating with engineering teams to improve automation and response Contributing to continuous improvement of security operations What we're looking for We're open to people from a range of backgrounds, including SOC, SecOps, or infrastructure with security exposure. You might have: Experience in a SOC, SecOps, or similar security-focused role Exposure to tools like SIEM (Splunk, Sentinel, QRadar, etc.) or EDR Understanding of common attack techniques (MITRE ATT&CK, incident response basics) An interest in detection engineering, automation, or threat hunting Not ticking every box? That's fine-we're hiring for potential as well as experience . Progression & development This role is designed as a stepping stone into more advanced security work , including: Threat Hunting Detection Engineering Security Engineering / Automation Incident Response You'll be supported with training, certifications, and hands-on exposure to modern tooling. Working setup Hybrid Flexible working environment Portsmouth office for collaboration when needed Why join? Clear progression beyond traditional SOC work Opportunity to work on modern security tooling and detection engineering Supportive team environment with real development focus Chance to build skills that are highly in demand across cyber security
SOC Engineer - Farnborough or Hemel Hempstead, UK Up to £65,000 Depending on Experience + Night Shift allowance Onsite in Farnborough or Hemel Hempstead Active SC required, with willingness to go through DV ABOUT THE CLIENT Our client is a highly respected technology consultancy working across complex and security critical environments. They deliver cutting edge digital and cybersecurity solutions to major public sector organisations. Due to continued growth, they are looking to appoint a SOC Engineer to strengthen their security capability. THE BENEFITS 25 days annual leave Health cash plan Life assurance Pension scheme Structured training and development Career progression opportunities Collaborative and supportive environment THE SOC ENGINEER ROLE: As a SOC Engineer, you will play a key role in ensuring security monitoring and protective tooling is deployed and operating effectively. You will support SOC operations by enabling analysts to detect and respond to threats quickly and efficiently. Install, configure and maintain security monitoring tools Ensure SOC tooling is optimised and operating effectively Support SIEM platforms and threat intelligence tooling Work with teams to assess risk and design security controls Apply updates, patches and follow change processes Stay current with emerging threats and recommend improvements SOC ENGINEER ESSENTIAL SKILLS Strong understanding of information security fundamentals Experience with SIEM tools such as Sentinel or Splunk Familiarity with security monitoring technologies Analytical mindset with strong problem solving skills Ability to manage multiple priorities and meet deadlines Strong communication and collaboration skills TO BE CONSIDERED: Please either apply through this advert or email me directly to discuss. By applying for this role, you give consent for your application to be submitted to our client in connection with this vacancy. KEY SKILLS SOC Engineer, SIEM, Sentinel, Splunk, Cyber Security, Security Monitoring, Threat Detection, Azure, AWS, Network Security, NSD
Apr 01, 2026
Full time
SOC Engineer - Farnborough or Hemel Hempstead, UK Up to £65,000 Depending on Experience + Night Shift allowance Onsite in Farnborough or Hemel Hempstead Active SC required, with willingness to go through DV ABOUT THE CLIENT Our client is a highly respected technology consultancy working across complex and security critical environments. They deliver cutting edge digital and cybersecurity solutions to major public sector organisations. Due to continued growth, they are looking to appoint a SOC Engineer to strengthen their security capability. THE BENEFITS 25 days annual leave Health cash plan Life assurance Pension scheme Structured training and development Career progression opportunities Collaborative and supportive environment THE SOC ENGINEER ROLE: As a SOC Engineer, you will play a key role in ensuring security monitoring and protective tooling is deployed and operating effectively. You will support SOC operations by enabling analysts to detect and respond to threats quickly and efficiently. Install, configure and maintain security monitoring tools Ensure SOC tooling is optimised and operating effectively Support SIEM platforms and threat intelligence tooling Work with teams to assess risk and design security controls Apply updates, patches and follow change processes Stay current with emerging threats and recommend improvements SOC ENGINEER ESSENTIAL SKILLS Strong understanding of information security fundamentals Experience with SIEM tools such as Sentinel or Splunk Familiarity with security monitoring technologies Analytical mindset with strong problem solving skills Ability to manage multiple priorities and meet deadlines Strong communication and collaboration skills TO BE CONSIDERED: Please either apply through this advert or email me directly to discuss. By applying for this role, you give consent for your application to be submitted to our client in connection with this vacancy. KEY SKILLS SOC Engineer, SIEM, Sentinel, Splunk, Cyber Security, Security Monitoring, Threat Detection, Azure, AWS, Network Security, NSD
SOC Analyst (Level 2) Location: Aylesbury (Hybrid) Salary: Up to £45,000 (depending on experience) CTA are working with a Cyber Security company who are for a SOC Analyst (L2) to join their growing Security Operations Centre. This role is ideal for a junior analyst looking to build hands-on experience in monitoring, triaging, and responding to security incidents in a fast-paced, shift-based environment. Key Responsibilities Advanced Security Monitoring: Analyse SIEM alerts, logs, and security events to identify and respond to complex threats. Incident Response: Lead investigations, perform deep analysis, determine impact, and coordinate response activities. Threat Detection & Analysis: Develop and refine detection rules and use cases to improve threat visibility. Threat Hunting: Proactively hunt for advanced threats and indicators of compromise across the environment. Vulnerability Management: Identify, assess, and prioritise vulnerabilities and recommend remediation actions. Security Reporting: Produce detailed reports on incidents, trends, and overall security posture. Process Improvement & Automation: Enhance SOC processes, playbooks, and automation capabilities. Skills & Experience Strong experience with SIEM platforms (e.g., Microsoft Sentinel, Sumo Logic) Hands-on experience with EDR/XDR tools (e.g., CrowdStrike, Microsoft Defender) Solid understanding of: Incident response lifecycle Threat detection methodologies Networking protocols (TCP/IP, DNS, HTTP/S) Experience analysing logs from multiple sources (endpoints, network, cloud) Ability to independently investigate and resolve security incidents Scripting or automation experience (e.g., Python, PowerShell) is a plus Strong communication and stakeholder management skills What You'll Be Doing Acting as an escalation point for Level 1 analysts Working closely with customers and internal teams on incident investigations Tuning detection rules and improving alert quality Staying up to date with emerging threats, vulnerabilities, and attack techniques Supporting and mentoring junior analysts Requirements UK Citizenship (required due to the nature of the role) If you are looking for a progressive move with an established Cyber company, please do send your application through for consideration.
Apr 01, 2026
Full time
SOC Analyst (Level 2) Location: Aylesbury (Hybrid) Salary: Up to £45,000 (depending on experience) CTA are working with a Cyber Security company who are for a SOC Analyst (L2) to join their growing Security Operations Centre. This role is ideal for a junior analyst looking to build hands-on experience in monitoring, triaging, and responding to security incidents in a fast-paced, shift-based environment. Key Responsibilities Advanced Security Monitoring: Analyse SIEM alerts, logs, and security events to identify and respond to complex threats. Incident Response: Lead investigations, perform deep analysis, determine impact, and coordinate response activities. Threat Detection & Analysis: Develop and refine detection rules and use cases to improve threat visibility. Threat Hunting: Proactively hunt for advanced threats and indicators of compromise across the environment. Vulnerability Management: Identify, assess, and prioritise vulnerabilities and recommend remediation actions. Security Reporting: Produce detailed reports on incidents, trends, and overall security posture. Process Improvement & Automation: Enhance SOC processes, playbooks, and automation capabilities. Skills & Experience Strong experience with SIEM platforms (e.g., Microsoft Sentinel, Sumo Logic) Hands-on experience with EDR/XDR tools (e.g., CrowdStrike, Microsoft Defender) Solid understanding of: Incident response lifecycle Threat detection methodologies Networking protocols (TCP/IP, DNS, HTTP/S) Experience analysing logs from multiple sources (endpoints, network, cloud) Ability to independently investigate and resolve security incidents Scripting or automation experience (e.g., Python, PowerShell) is a plus Strong communication and stakeholder management skills What You'll Be Doing Acting as an escalation point for Level 1 analysts Working closely with customers and internal teams on incident investigations Tuning detection rules and improving alert quality Staying up to date with emerging threats, vulnerabilities, and attack techniques Supporting and mentoring junior analysts Requirements UK Citizenship (required due to the nature of the role) If you are looking for a progressive move with an established Cyber company, please do send your application through for consideration.
