Senior Cyber Security Analyst Location: London hybrid working IR35: Inside via Triumph Consultants you will be paid PAYE for the length of the 3 month contract It is essential for candidates to have advanced proficiency in using Splunk for security monitoring, log analysis, threat detection, and reporting The role: The Cyber Defence team at the delivers threat intelligence, threat detection, incident response, and vulnerability management to defend both internal IT infrastructure and citizen-facing services. They are looking for a Senior Cyber Security Analyst with proven experience in incident response and Splunk to take a leading role in strengthening the organisation's cyber defence capability. Key Accountabilities: Lead investigations into security alerts and cyber incidents. Perform forensic analysis of systems, files, network traffic, and cloud environments. Drive technical response actions including containment, eradication, and recovery. Coordinate cyber incident responses across teams and stakeholders. Identify lessons learned and embed continual improvement. Develop and update incident response playbooks and knowledge base articles. Act as an escalation point and mentor for security analysts. Provide leadership and line management within the team. Join the out-of-hours on-call rota to support 24/7 incident response. Key Criteria: 5+ years' experience investigating and responding to cyber incidents in large organisations. Strong track record with incident response coordination. Significant hands-on experience with Splunk and security tools (eg, EDR, SIEM). Analytical, problem-solving, and forensic investigation skills. Proven experience coaching or mentoring junior staff. Strong understanding of threat actor tools, techniques, and procedures. Experience of cloud environments such as AWS Excellent written and verbal communication skills. How to Apply Quote the Job Title and Reference Number in your application. Submit your CV in Word format. Applications are reviewed on a rolling basis-early submission is recommended. We will also add your details to our mail out lists. Please note you may receive details of roles outside of your immediate vicinity, as many candidates are able to relocate temporarily for work. Please disregard any such emails that are not of interest and let us know if you would rather not receive such mailouts and/or if you wish us to delete your details and prefer to apply direct to our advertised roles. If you do not hear from us within three working days, unfortunately your application has not been shortlisted on this occasion. Thank you for your interest in working with us.
Oct 07, 2025
Contractor
Senior Cyber Security Analyst Location: London hybrid working IR35: Inside via Triumph Consultants you will be paid PAYE for the length of the 3 month contract It is essential for candidates to have advanced proficiency in using Splunk for security monitoring, log analysis, threat detection, and reporting The role: The Cyber Defence team at the delivers threat intelligence, threat detection, incident response, and vulnerability management to defend both internal IT infrastructure and citizen-facing services. They are looking for a Senior Cyber Security Analyst with proven experience in incident response and Splunk to take a leading role in strengthening the organisation's cyber defence capability. Key Accountabilities: Lead investigations into security alerts and cyber incidents. Perform forensic analysis of systems, files, network traffic, and cloud environments. Drive technical response actions including containment, eradication, and recovery. Coordinate cyber incident responses across teams and stakeholders. Identify lessons learned and embed continual improvement. Develop and update incident response playbooks and knowledge base articles. Act as an escalation point and mentor for security analysts. Provide leadership and line management within the team. Join the out-of-hours on-call rota to support 24/7 incident response. Key Criteria: 5+ years' experience investigating and responding to cyber incidents in large organisations. Strong track record with incident response coordination. Significant hands-on experience with Splunk and security tools (eg, EDR, SIEM). Analytical, problem-solving, and forensic investigation skills. Proven experience coaching or mentoring junior staff. Strong understanding of threat actor tools, techniques, and procedures. Experience of cloud environments such as AWS Excellent written and verbal communication skills. How to Apply Quote the Job Title and Reference Number in your application. Submit your CV in Word format. Applications are reviewed on a rolling basis-early submission is recommended. We will also add your details to our mail out lists. Please note you may receive details of roles outside of your immediate vicinity, as many candidates are able to relocate temporarily for work. Please disregard any such emails that are not of interest and let us know if you would rather not receive such mailouts and/or if you wish us to delete your details and prefer to apply direct to our advertised roles. If you do not hear from us within three working days, unfortunately your application has not been shortlisted on this occasion. Thank you for your interest in working with us.
SOC Analyst - Corsham - Circa 46,000 per annum - On-site (5 days per week) Permanent SC Clearance Required. Deerfoot Recruitment is working on behalf of a leading organisation seeking to hire an experienced SOC Analyst to join their Security Operations Centre based in Corsham . This is a full-time, on-site role requiring 5 days per week presence. The successful candidate will play a vital role in monitoring, analysing, and responding to security threats using tools such as Splunk, Flexera, and other industry-standard SIEM platforms. You'll investigate security incidents, coordinate with other IT and security teams, and support continuous improvement of threat detection and response processes. Key Requirements: Previous experience in a SOC Analyst or similar cybersecurity role Strong expertise in Splunk or similar SIEM tools Familiarity with Flexera for vulnerability management Understanding of firewalls, network protocols, intrusion detection/prevention systems Relevant certifications (e.g., CISSP, CEH, Splunk) advantageous Must be eligible for Developed Vetting (DV) clearance , requiring 10 years continuous UK residency Please Note: All offers will be subject to standard pre-employment checks including ID, employment history (last 3 years), immigration status, and an unspent criminal record check. This is an excellent opportunity to join a forward-thinking, inclusive environment with strong investment in training, development, and employee wellbeing. To apply or learn more, please contact us today at Deerfoot Recruitment . Deerfoot Recruitment Solutions Ltd is a leading independent tech recruitment consultancy in the UK. For every CV sent to clients, we donate 1 to The Born Free Foundation. We are a Climate Action Workforce in partnership with Ecologi. If this role isn't right for you, explore our referral reward program with payouts at interview and placement milestones. Visit our website for details. Deerfoot Recruitment Solutions Ltd is acting as an Employment Agency in relation to this vacancy.
Oct 07, 2025
Full time
SOC Analyst - Corsham - Circa 46,000 per annum - On-site (5 days per week) Permanent SC Clearance Required. Deerfoot Recruitment is working on behalf of a leading organisation seeking to hire an experienced SOC Analyst to join their Security Operations Centre based in Corsham . This is a full-time, on-site role requiring 5 days per week presence. The successful candidate will play a vital role in monitoring, analysing, and responding to security threats using tools such as Splunk, Flexera, and other industry-standard SIEM platforms. You'll investigate security incidents, coordinate with other IT and security teams, and support continuous improvement of threat detection and response processes. Key Requirements: Previous experience in a SOC Analyst or similar cybersecurity role Strong expertise in Splunk or similar SIEM tools Familiarity with Flexera for vulnerability management Understanding of firewalls, network protocols, intrusion detection/prevention systems Relevant certifications (e.g., CISSP, CEH, Splunk) advantageous Must be eligible for Developed Vetting (DV) clearance , requiring 10 years continuous UK residency Please Note: All offers will be subject to standard pre-employment checks including ID, employment history (last 3 years), immigration status, and an unspent criminal record check. This is an excellent opportunity to join a forward-thinking, inclusive environment with strong investment in training, development, and employee wellbeing. To apply or learn more, please contact us today at Deerfoot Recruitment . Deerfoot Recruitment Solutions Ltd is a leading independent tech recruitment consultancy in the UK. For every CV sent to clients, we donate 1 to The Born Free Foundation. We are a Climate Action Workforce in partnership with Ecologi. If this role isn't right for you, explore our referral reward program with payouts at interview and placement milestones. Visit our website for details. Deerfoot Recruitment Solutions Ltd is acting as an Employment Agency in relation to this vacancy.
GCP Security Engineer A Global Financial Services client requires a Contract GCP SecOps Engineer with strong hands-on expertise in Google Cloud Platform (GCP), incident response, and log source integration to join their Security Operations team. Day Rate: £700-£750pd IR35 Status: Outside Duration: Initial 6 months Travel: 2 days a week in Central London This GCP Security Engineer will have the previous following exp: Ingest, normalise and correlate log data from a wide range of sources, including GCP-native services (eg VPC Flow Logs, Cloud Audit Logs, Cloud DNS) and third-party systems, to support Real Time threat detection and analysis. Build and maintain detection logic by transforming raw log data into actionable insights such as indicators of compromise (IOCs), behavioural patterns, or risk-based alerts using tools such as Google Chronicle, BigQuery, or Splunk. Lead or support incident response investigations, working closely with SOC analysts, engineering teams, and stakeholders to contain and remediate threats effectively across complex cloud infrastructures. Design and implement automated response workflows, leveraging GCP-native services like Cloud Functions, Pub/Sub, and Event Threat Detection to streamline alert triage and reduce mean time to response (MTTR). Enhance visibility and detection coverage by improving log source onboarding, parsing, and enrichment pipelines ensuring critical cloud activities are captured, monitored, and aligned with compliance requirements.
Oct 06, 2025
Contractor
GCP Security Engineer A Global Financial Services client requires a Contract GCP SecOps Engineer with strong hands-on expertise in Google Cloud Platform (GCP), incident response, and log source integration to join their Security Operations team. Day Rate: £700-£750pd IR35 Status: Outside Duration: Initial 6 months Travel: 2 days a week in Central London This GCP Security Engineer will have the previous following exp: Ingest, normalise and correlate log data from a wide range of sources, including GCP-native services (eg VPC Flow Logs, Cloud Audit Logs, Cloud DNS) and third-party systems, to support Real Time threat detection and analysis. Build and maintain detection logic by transforming raw log data into actionable insights such as indicators of compromise (IOCs), behavioural patterns, or risk-based alerts using tools such as Google Chronicle, BigQuery, or Splunk. Lead or support incident response investigations, working closely with SOC analysts, engineering teams, and stakeholders to contain and remediate threats effectively across complex cloud infrastructures. Design and implement automated response workflows, leveraging GCP-native services like Cloud Functions, Pub/Sub, and Event Threat Detection to streamline alert triage and reduce mean time to response (MTTR). Enhance visibility and detection coverage by improving log source onboarding, parsing, and enrichment pipelines ensuring critical cloud activities are captured, monitored, and aligned with compliance requirements.
GCP Security Operations Engineer A Global Financial Services client requires a Contract GCP SecOps Engineer with strong hands-on expertise in Google Cloud Platform (GCP), incident response, and log source integration to join their Security Operations team. Day Rate: £700-£750pd IR35 Status: Outside Duration: Initial 6 months Travel: 2 days a week in Central London This GCP Security Engineer will have the previous following exp: Ingest, normalise and correlate log data from a wide range of sources, including GCP-native services (eg VPC Flow Logs, Cloud Audit Logs, Cloud DNS) and third-party systems, to support Real Time threat detection and analysis. Build and maintain detection logic by transforming raw log data into actionable insights such as indicators of compromise (IOCs), behavioural patterns, or risk-based alerts using tools such as Google Chronicle, BigQuery, or Splunk. Lead or support incident response investigations, working closely with SOC analysts, engineering teams, and stakeholders to contain and remediate threats effectively across complex cloud infrastructures. Design and implement automated response workflows, leveraging GCP-native services like Cloud Functions, Pub/Sub, and Event Threat Detection to streamline alert triage and reduce mean time to response (MTTR). Enhance visibility and detection coverage by improving log source onboarding, parsing, and enrichment pipelines ensuring critical cloud activities are captured, monitored, and aligned with compliance requirements.
Oct 06, 2025
Contractor
GCP Security Operations Engineer A Global Financial Services client requires a Contract GCP SecOps Engineer with strong hands-on expertise in Google Cloud Platform (GCP), incident response, and log source integration to join their Security Operations team. Day Rate: £700-£750pd IR35 Status: Outside Duration: Initial 6 months Travel: 2 days a week in Central London This GCP Security Engineer will have the previous following exp: Ingest, normalise and correlate log data from a wide range of sources, including GCP-native services (eg VPC Flow Logs, Cloud Audit Logs, Cloud DNS) and third-party systems, to support Real Time threat detection and analysis. Build and maintain detection logic by transforming raw log data into actionable insights such as indicators of compromise (IOCs), behavioural patterns, or risk-based alerts using tools such as Google Chronicle, BigQuery, or Splunk. Lead or support incident response investigations, working closely with SOC analysts, engineering teams, and stakeholders to contain and remediate threats effectively across complex cloud infrastructures. Design and implement automated response workflows, leveraging GCP-native services like Cloud Functions, Pub/Sub, and Event Threat Detection to streamline alert triage and reduce mean time to response (MTTR). Enhance visibility and detection coverage by improving log source onboarding, parsing, and enrichment pipelines ensuring critical cloud activities are captured, monitored, and aligned with compliance requirements.
Security Operations Engineer (GCP) A Global Financial Services client requires a Contract GCP SecOps Engineer with strong hands-on expertise in Google Cloud Platform (GCP), incident response, and log source integration to join their Security Operations team. Day Rate: £700-£750pd IR35 Status: Outside Duration: Initial 6 months Travel: 2 days a week in Central London This GCP Security Engineer will have the previous following exp: Ingest, normalise and correlate log data from a wide range of sources, including GCP-native services (eg VPC Flow Logs, Cloud Audit Logs, Cloud DNS) and third-party systems, to support Real Time threat detection and analysis. Build and maintain detection logic by transforming raw log data into actionable insights such as indicators of compromise (IOCs), behavioural patterns, or risk-based alerts using tools such as Google Chronicle, BigQuery, or Splunk. Lead or support incident response investigations, working closely with SOC analysts, engineering teams, and stakeholders to contain and remediate threats effectively across complex cloud infrastructures. Design and implement automated response workflows, leveraging GCP-native services like Cloud Functions, Pub/Sub, and Event Threat Detection to streamline alert triage and reduce mean time to response (MTTR). Enhance visibility and detection coverage by improving log source onboarding, parsing, and enrichment pipelines ensuring critical cloud activities are captured, monitored, and aligned with compliance requirements.
Oct 06, 2025
Contractor
Security Operations Engineer (GCP) A Global Financial Services client requires a Contract GCP SecOps Engineer with strong hands-on expertise in Google Cloud Platform (GCP), incident response, and log source integration to join their Security Operations team. Day Rate: £700-£750pd IR35 Status: Outside Duration: Initial 6 months Travel: 2 days a week in Central London This GCP Security Engineer will have the previous following exp: Ingest, normalise and correlate log data from a wide range of sources, including GCP-native services (eg VPC Flow Logs, Cloud Audit Logs, Cloud DNS) and third-party systems, to support Real Time threat detection and analysis. Build and maintain detection logic by transforming raw log data into actionable insights such as indicators of compromise (IOCs), behavioural patterns, or risk-based alerts using tools such as Google Chronicle, BigQuery, or Splunk. Lead or support incident response investigations, working closely with SOC analysts, engineering teams, and stakeholders to contain and remediate threats effectively across complex cloud infrastructures. Design and implement automated response workflows, leveraging GCP-native services like Cloud Functions, Pub/Sub, and Event Threat Detection to streamline alert triage and reduce mean time to response (MTTR). Enhance visibility and detection coverage by improving log source onboarding, parsing, and enrichment pipelines ensuring critical cloud activities are captured, monitored, and aligned with compliance requirements.
Principal Cyber Security Incident Response Analyst 60,000 - 70,000 Full Time / Permanent West Midlands / Hybrid (1-2 days a month in the office ideally) The Role I am looking for a driven and experienced Principal Cyber Security Incident Response Analyst to join a large nationally recognised brand head quartered in the West Midlands. As a Principal Cyber Security Incident Response Analyst, you will play a pivotal role in protecting critical systems, assets, and people from cyber security threats. You'll be part of a world-class team, working at the forefront of threat detection and response. We are ideally looking for someone Midlands based who can be on site in Warwickshire 1-2 days a month on average. Responsibilities: Provide leadership and mentorship to Analysts and Senior Analysts, fostering a culture of excellence and continuous development. Drive the evolution and enhancement of the Cyber Security Incident Response function, ensuring the team consistently meets and exceeds key performance indicators. Lead investigations and remediation efforts for cyber security incidents and alerts across diverse sources, including network, endpoint, cloud environments, and threat intelligence feeds. Perform in-depth trend analysis to identify patterns and inform improvements in organisational controls and threat detection capabilities. Develop, maintain, and continuously improve documentation and reporting frameworks to support transparency, consistency, and strategic decision-making. Experience required: Previous experience in a similar Cyber Incident Response Analyst role, preferably in a senior or lead capacity. Strong experience in security monitoring across diverse systems and environments, including cloud and on-premises. Proven leadership in incident response within SOC settings. Deep understanding of the cyber threat landscape, attack vectors, and detection techniques. Proficient in cybersecurity tools, regulations, and compliance standards. Excellent communication and stakeholder engagement skills, with the ability to convey technical insights to varied audiences. Please apply via the link or contact (url removed) for more information Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law. Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers. By applying for this role your details will be submitted to Modis International Ltd and/ or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.
Oct 04, 2025
Full time
Principal Cyber Security Incident Response Analyst 60,000 - 70,000 Full Time / Permanent West Midlands / Hybrid (1-2 days a month in the office ideally) The Role I am looking for a driven and experienced Principal Cyber Security Incident Response Analyst to join a large nationally recognised brand head quartered in the West Midlands. As a Principal Cyber Security Incident Response Analyst, you will play a pivotal role in protecting critical systems, assets, and people from cyber security threats. You'll be part of a world-class team, working at the forefront of threat detection and response. We are ideally looking for someone Midlands based who can be on site in Warwickshire 1-2 days a month on average. Responsibilities: Provide leadership and mentorship to Analysts and Senior Analysts, fostering a culture of excellence and continuous development. Drive the evolution and enhancement of the Cyber Security Incident Response function, ensuring the team consistently meets and exceeds key performance indicators. Lead investigations and remediation efforts for cyber security incidents and alerts across diverse sources, including network, endpoint, cloud environments, and threat intelligence feeds. Perform in-depth trend analysis to identify patterns and inform improvements in organisational controls and threat detection capabilities. Develop, maintain, and continuously improve documentation and reporting frameworks to support transparency, consistency, and strategic decision-making. Experience required: Previous experience in a similar Cyber Incident Response Analyst role, preferably in a senior or lead capacity. Strong experience in security monitoring across diverse systems and environments, including cloud and on-premises. Proven leadership in incident response within SOC settings. Deep understanding of the cyber threat landscape, attack vectors, and detection techniques. Proficient in cybersecurity tools, regulations, and compliance standards. Excellent communication and stakeholder engagement skills, with the ability to convey technical insights to varied audiences. Please apply via the link or contact (url removed) for more information Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law. Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers. By applying for this role your details will be submitted to Modis International Ltd and/ or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.
Senior Cyber Security Analyst - Central Gov (Contract) Incident Response | Threat Detection | Forensics | SIEM The Cyber Defence team is hiring a Senior Cyber Security Analyst to lead on incident response and protect critical citizen-facing services. You'll: Investigate and respond to cyber incidents at scale Lead forensic analysis (systems, files, network, cloud) Coordinate containment, eradication & recovery actions Mentor Junior Analysts and shape IR playbooks Must have strong Splunk skills. Requirements: Strong incident response & cyber investigation experience Skilled with EDR/SIEM tools - splunk Deep knowledge of attacker TTPs Excellent problem solving & communication London | Competitive Day Rate | SC Clearance required | On-call rota
Oct 03, 2025
Contractor
Senior Cyber Security Analyst - Central Gov (Contract) Incident Response | Threat Detection | Forensics | SIEM The Cyber Defence team is hiring a Senior Cyber Security Analyst to lead on incident response and protect critical citizen-facing services. You'll: Investigate and respond to cyber incidents at scale Lead forensic analysis (systems, files, network, cloud) Coordinate containment, eradication & recovery actions Mentor Junior Analysts and shape IR playbooks Must have strong Splunk skills. Requirements: Strong incident response & cyber investigation experience Skilled with EDR/SIEM tools - splunk Deep knowledge of attacker TTPs Excellent problem solving & communication London | Competitive Day Rate | SC Clearance required | On-call rota
*Senior Cyber Security Analyst - £600-800pd (experience dependent) INSIDE IR35 - 3 month initial contract - London (3 days per week onsite)* Please note: Due to the nature of the role, we are ideally looking for candidates to hold an active SC clearance. We are looking for a SC Cleared Senior Cyber Security Analyst with SPLUNK experience to join our central government client on an initial 3-month contract. You must have experience investigating and responding to cyber incidents, co-ordinating incident response in a large organisation. We have both a Senior and mid-level role available. Main responsibilities: As a senior security analyst with responsibility for incident response, you will: Lead the investigation of security alerts to understand the nature and extent of possible cyber incidents Lead the forensic analysis of systems, files, network traffic and cloud environment Lead the technical response to cyber incidents by identifying and implementing (or coordinating the implementation of) containment, eradication and recovery actions Support the wider coordination of cyber incidents Review previous incidents to identify lessons and actions Identify and deliver opportunities for continual improvement of the incident response capability Work closely alongside other Cyber Defence functions, supporting the continual improvement of wider capabilities Develop and update internal plans, playbooks and knowledge base articles Act as an escalation point for, and provide coaching and mentoring to, security analysts Be responsible for leadership and line management of security analysts Cyber incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join. Essential skills and experience: SPLUNK EDR (Endpoint Detection and Response) Significant experience investigating and responding to cyber incidents Significant experience using security tools (eg, EDR, SIEM) to support the investigation and response to cyber incidents Experience managing and coordinating the response to cyber incidents Experience coaching and mentoring junior staff An in-depth understanding of the tools, techniques and procedures used by threat actors Damia Group Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept our Data Protection Policy which can be found on our website. Please note that no terminology in this advert is intended to discriminate on the grounds of a person's gender, marital status, race, religion, colour, age, disability or sexual orientation. Every candidate will be assessed only in accordance with their merits, qualifications and ability to perform the duties of the job. Damia Group is acting as an Employment Business in relation to this vacancy and in accordance to Conduct Regulations 2003.
Oct 03, 2025
Contractor
*Senior Cyber Security Analyst - £600-800pd (experience dependent) INSIDE IR35 - 3 month initial contract - London (3 days per week onsite)* Please note: Due to the nature of the role, we are ideally looking for candidates to hold an active SC clearance. We are looking for a SC Cleared Senior Cyber Security Analyst with SPLUNK experience to join our central government client on an initial 3-month contract. You must have experience investigating and responding to cyber incidents, co-ordinating incident response in a large organisation. We have both a Senior and mid-level role available. Main responsibilities: As a senior security analyst with responsibility for incident response, you will: Lead the investigation of security alerts to understand the nature and extent of possible cyber incidents Lead the forensic analysis of systems, files, network traffic and cloud environment Lead the technical response to cyber incidents by identifying and implementing (or coordinating the implementation of) containment, eradication and recovery actions Support the wider coordination of cyber incidents Review previous incidents to identify lessons and actions Identify and deliver opportunities for continual improvement of the incident response capability Work closely alongside other Cyber Defence functions, supporting the continual improvement of wider capabilities Develop and update internal plans, playbooks and knowledge base articles Act as an escalation point for, and provide coaching and mentoring to, security analysts Be responsible for leadership and line management of security analysts Cyber incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join. Essential skills and experience: SPLUNK EDR (Endpoint Detection and Response) Significant experience investigating and responding to cyber incidents Significant experience using security tools (eg, EDR, SIEM) to support the investigation and response to cyber incidents Experience managing and coordinating the response to cyber incidents Experience coaching and mentoring junior staff An in-depth understanding of the tools, techniques and procedures used by threat actors Damia Group Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept our Data Protection Policy which can be found on our website. Please note that no terminology in this advert is intended to discriminate on the grounds of a person's gender, marital status, race, religion, colour, age, disability or sexual orientation. Every candidate will be assessed only in accordance with their merits, qualifications and ability to perform the duties of the job. Damia Group is acting as an Employment Business in relation to this vacancy and in accordance to Conduct Regulations 2003.
Deerfoot Recruitment Solutions Limited
City, London
Threat Intelligence Analyst Fully Onsite in London Inside IR35 Contract Deerfoot Recruitment has been engaged to identify an experienced Threat Intelligence Analyst for a leading global banking organisation with an advanced cyber defence function in London. This is a fantastic opportunity to shape threat intelligence, work alongside Red/Blue Teams, and operationalise intelligence using the latest cybersecurity, penetration testing, and Breach & Attack Simulation (BAS) platforms. Key Responsibilities: Monitor and analyse global cyber threat landscapes, identifying threats, adversary tactics, and emerging risks Collaborate with Red Team, Blue Team, and Penetration Testing specialists to integrate intelligence into Breach & Attack Simulation (BAS) scenarios Act as a point of contact between threat intelligence, Red/Blue, and SOC teams to align threat modelling and adversary simulation Support threat hunting activities and provide tactical, contextual intelligence to stakeholders Model and assess threat actors, including motivations, capabilities, attack vectors, and impacts Leverage the MITRE ATT&CK framework for mapping adversary behaviours and detection Develop and update threat profiles, attack surface assessments, and adversary emulation plans Present high-quality threat briefings, risk assessments, and operational recommendations Participate in incident response, providing context, attributions, and support as required Required Skills & Experience: Extensive experience in threat intelligence, cybersecurity operations, or penetration testing Proven ability to work collaboratively with Red/Blue teams and Security Operations Centres (SOC) Hands-on experience with TIPs (Threat Intelligence Platforms), SIEM tools, and threat data enrichment solutions Practical exposure to Breach & Attack Simulation (BAS) tools for threat scenario development Strong knowledge of adversary TTPs, MITRE ATT&CK, and modern threat modelling techniques Technical proficiency with pentesting tools such as Metasploit Framework, Burp Suite, Kali Linux, and Pentera Experience producing actionable threat intelligence reports and clear technical briefings If you are ready to drive the next wave of cyber defense, apply via Deerfoot Recruitment today to learn more about this exciting contract opportunity. Deerfoot Recruitment Solutions Ltd is a leading independent tech recruitment consultancy in the UK. For every CV sent to clients, we donate £1 to The Born Free Foundation. We are a Climate Action Workforce in partnership with Ecologi. If this role isn't right for you, explore our referral reward program with payouts at interview and placement milestones. Visit our website for details. Deerfoot Recruitment Solutions Ltd acts as an Employment Business in relation to this vacancy.
Oct 03, 2025
Contractor
Threat Intelligence Analyst Fully Onsite in London Inside IR35 Contract Deerfoot Recruitment has been engaged to identify an experienced Threat Intelligence Analyst for a leading global banking organisation with an advanced cyber defence function in London. This is a fantastic opportunity to shape threat intelligence, work alongside Red/Blue Teams, and operationalise intelligence using the latest cybersecurity, penetration testing, and Breach & Attack Simulation (BAS) platforms. Key Responsibilities: Monitor and analyse global cyber threat landscapes, identifying threats, adversary tactics, and emerging risks Collaborate with Red Team, Blue Team, and Penetration Testing specialists to integrate intelligence into Breach & Attack Simulation (BAS) scenarios Act as a point of contact between threat intelligence, Red/Blue, and SOC teams to align threat modelling and adversary simulation Support threat hunting activities and provide tactical, contextual intelligence to stakeholders Model and assess threat actors, including motivations, capabilities, attack vectors, and impacts Leverage the MITRE ATT&CK framework for mapping adversary behaviours and detection Develop and update threat profiles, attack surface assessments, and adversary emulation plans Present high-quality threat briefings, risk assessments, and operational recommendations Participate in incident response, providing context, attributions, and support as required Required Skills & Experience: Extensive experience in threat intelligence, cybersecurity operations, or penetration testing Proven ability to work collaboratively with Red/Blue teams and Security Operations Centres (SOC) Hands-on experience with TIPs (Threat Intelligence Platforms), SIEM tools, and threat data enrichment solutions Practical exposure to Breach & Attack Simulation (BAS) tools for threat scenario development Strong knowledge of adversary TTPs, MITRE ATT&CK, and modern threat modelling techniques Technical proficiency with pentesting tools such as Metasploit Framework, Burp Suite, Kali Linux, and Pentera Experience producing actionable threat intelligence reports and clear technical briefings If you are ready to drive the next wave of cyber defense, apply via Deerfoot Recruitment today to learn more about this exciting contract opportunity. Deerfoot Recruitment Solutions Ltd is a leading independent tech recruitment consultancy in the UK. For every CV sent to clients, we donate £1 to The Born Free Foundation. We are a Climate Action Workforce in partnership with Ecologi. If this role isn't right for you, explore our referral reward program with payouts at interview and placement milestones. Visit our website for details. Deerfoot Recruitment Solutions Ltd acts as an Employment Business in relation to this vacancy.
Job Title: Senior Cyber Security Analyst - SC Location : Hybrid/London - 3 days a week on site Contract Duration : 3 months initially Daily Rate: £800/day (Umbrella - Maximum) IR35 Status: Inside IR35 Minimum requirement: Experience of investigating and responding to cyber incidents, coordinating incident response in large org 5+ years' experience with SPLUNK EDR (Endpoint Detection and Response) Analytical, problem solving Security Clearance: SC Senior Cyber Security Analyst The Cyber Defence team delivers cyber threat intelligence, threat detection, incident response and Vulnerability management capabilities for the organisation, and is responsible for defending both internal IT infrastructure and citizen-facing services. As a senior security analyst, you'll take a leading role in building and delivering these core capabilities, focusing on incident response. As a senior security analyst with responsibility for incident response, you will l: Lead the investigation of security alerts to understand the nature and extent of possible cyber incidents Lead the forensic analysis of systems, files, network traffic and cloud environments Lead the technical response to cyber incidents by identifying and implementing (or coordinating the implementation of) containment, eradication and recovery actions Support the wider coordination of cyber incidents Review previous incidents to identify lessons and actions Identify and deliver opportunities for continual improvement of the incident response capability Work closely alongside other Cyber Defence functions, supporting the continual improvement of wider capabilities Develop and update internal plans, playbooks and knowledge base articles Act as an escalation point for, and provide coaching and mentoring to, security analysts Be responsible for leadership and line management of security analysts Cyber incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join. We're interested in people who have: Significant experience investigating and responding to cyber incidents Significant experience using security tools (eg, EDR, SIEM) to support the investigation and response to cyber incidents Experience managing and coordinating the response to cyber incidents Experience coaching and mentoring junior staff An in-depth understanding of the tools, techniques and procedures used by threat actors Excellent analytical and problem solving skills Excellent verbal and written communication skills Experience with Splunk Experience working in an Agile environment Experience with cloud environments such as AWS Disability Confident As a member of the disability confident scheme, CLIENT guarantees to interview all candidates who have a disability and who meet all the essential criteria for the vacancy. In cases where we have a high volume of candidates who have a disability who meet all the essential criteria, we will interview the best candidates from within that group. Armed Forces Covenant CLIENT is proud to support the Armed Forces Covenant and as such, we guarantee to interview all veterans or spouses/partners of military personnel who meet all the essential criteria for the vacancy. In cases where we have a high volume of ex-military candidates/military spouses or partners, who meet all of the essential criteria, we will interview the best candidates from within that group. If you qualify for the above, please notify us. We will be in touch to discuss your suitability and arrange your Guaranteed Interview. Should you require reasonable adjustments at any point during the recruitment process or if there is a more accessible way for us to communicate, please do let me know. To apply for this role please submit your latest CV or contact Aspect Resources
Oct 03, 2025
Contractor
Job Title: Senior Cyber Security Analyst - SC Location : Hybrid/London - 3 days a week on site Contract Duration : 3 months initially Daily Rate: £800/day (Umbrella - Maximum) IR35 Status: Inside IR35 Minimum requirement: Experience of investigating and responding to cyber incidents, coordinating incident response in large org 5+ years' experience with SPLUNK EDR (Endpoint Detection and Response) Analytical, problem solving Security Clearance: SC Senior Cyber Security Analyst The Cyber Defence team delivers cyber threat intelligence, threat detection, incident response and Vulnerability management capabilities for the organisation, and is responsible for defending both internal IT infrastructure and citizen-facing services. As a senior security analyst, you'll take a leading role in building and delivering these core capabilities, focusing on incident response. As a senior security analyst with responsibility for incident response, you will l: Lead the investigation of security alerts to understand the nature and extent of possible cyber incidents Lead the forensic analysis of systems, files, network traffic and cloud environments Lead the technical response to cyber incidents by identifying and implementing (or coordinating the implementation of) containment, eradication and recovery actions Support the wider coordination of cyber incidents Review previous incidents to identify lessons and actions Identify and deliver opportunities for continual improvement of the incident response capability Work closely alongside other Cyber Defence functions, supporting the continual improvement of wider capabilities Develop and update internal plans, playbooks and knowledge base articles Act as an escalation point for, and provide coaching and mentoring to, security analysts Be responsible for leadership and line management of security analysts Cyber incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join. We're interested in people who have: Significant experience investigating and responding to cyber incidents Significant experience using security tools (eg, EDR, SIEM) to support the investigation and response to cyber incidents Experience managing and coordinating the response to cyber incidents Experience coaching and mentoring junior staff An in-depth understanding of the tools, techniques and procedures used by threat actors Excellent analytical and problem solving skills Excellent verbal and written communication skills Experience with Splunk Experience working in an Agile environment Experience with cloud environments such as AWS Disability Confident As a member of the disability confident scheme, CLIENT guarantees to interview all candidates who have a disability and who meet all the essential criteria for the vacancy. In cases where we have a high volume of candidates who have a disability who meet all the essential criteria, we will interview the best candidates from within that group. Armed Forces Covenant CLIENT is proud to support the Armed Forces Covenant and as such, we guarantee to interview all veterans or spouses/partners of military personnel who meet all the essential criteria for the vacancy. In cases where we have a high volume of ex-military candidates/military spouses or partners, who meet all of the essential criteria, we will interview the best candidates from within that group. If you qualify for the above, please notify us. We will be in touch to discuss your suitability and arrange your Guaranteed Interview. Should you require reasonable adjustments at any point during the recruitment process or if there is a more accessible way for us to communicate, please do let me know. To apply for this role please submit your latest CV or contact Aspect Resources
SOC Manager required for innovative MSP. You will lead the strategic direction, performance, and day-to-day operations of their Security Operations Centre (SOC). As a central figure in security services, you'll ensure the efficient detection, analysis, and response to cyber threats across a diverse client portfolio. This leadership role involves mentoring your team, enhancing our security processes, and driving ongoing improvements in threat detection and incident response capabilities. Key Responsibilities Team Leadership & Development Lead and mentor a team of SOC analysts, fostering a collaborative, high-performing environment. Manage team scheduling, conduct performance reviews, and support professional growth and development. SOC Operations Oversight Supervise 24/7/365 monitoring of client environments, ensuring consistent adherence to SLAs for threat detection and incident response. Drive operational efficiency and ensure timely escalation and resolution of security incidents. Incident Response Management Serve as the main escalation point for significant security incidents. Coordinate response efforts and ensure clear communication with both internal teams and external clients. Process & Workflow Optimization Continuously review, update, and document SOC processes, playbooks, and standard operating procedures (SOPs) to improve operational effectiveness. Technology Oversight Ensure the reliability and performance of security tools, including SIEM and EDR platforms. Lead the evaluation, selection, and implementation of new security technologies and enhancements. Reporting & Analytics Develop and maintain KPIs and metrics to assess SOC performance. Deliver regular reports and insights to senior leadership and clients on security trends and incident management. Client Relationship Management Act as a trusted advisor to clients, contributing to service reviews and providing expert security guidance. Required Experience & Skills Proven experience working in a Security Operations Centre (SOC) or related cybersecurity environment. Industry-recognised certifications (preferred), such as a cybersecurity degree, Network+, Security+, or equivalent technical qualifications. Strong hands-on knowledge of SIEM and EDR platforms, including experience configuring and writing queries (eg, SQL, KQL). Familiarity with cloud platforms (AWS, Azure, etc.) and securing hybrid IT environments. Excellent communication skills, both verbal and written, with the ability to translate technical information for non-technical audiences. Previous experience in an incident response role and a solid understanding of IR processes. Demonstrated experience leading or managing a security-focused team. Understanding of key security frameworks and standards, such as ISO 27001, NIST, and Crest.
Oct 02, 2025
Full time
SOC Manager required for innovative MSP. You will lead the strategic direction, performance, and day-to-day operations of their Security Operations Centre (SOC). As a central figure in security services, you'll ensure the efficient detection, analysis, and response to cyber threats across a diverse client portfolio. This leadership role involves mentoring your team, enhancing our security processes, and driving ongoing improvements in threat detection and incident response capabilities. Key Responsibilities Team Leadership & Development Lead and mentor a team of SOC analysts, fostering a collaborative, high-performing environment. Manage team scheduling, conduct performance reviews, and support professional growth and development. SOC Operations Oversight Supervise 24/7/365 monitoring of client environments, ensuring consistent adherence to SLAs for threat detection and incident response. Drive operational efficiency and ensure timely escalation and resolution of security incidents. Incident Response Management Serve as the main escalation point for significant security incidents. Coordinate response efforts and ensure clear communication with both internal teams and external clients. Process & Workflow Optimization Continuously review, update, and document SOC processes, playbooks, and standard operating procedures (SOPs) to improve operational effectiveness. Technology Oversight Ensure the reliability and performance of security tools, including SIEM and EDR platforms. Lead the evaluation, selection, and implementation of new security technologies and enhancements. Reporting & Analytics Develop and maintain KPIs and metrics to assess SOC performance. Deliver regular reports and insights to senior leadership and clients on security trends and incident management. Client Relationship Management Act as a trusted advisor to clients, contributing to service reviews and providing expert security guidance. Required Experience & Skills Proven experience working in a Security Operations Centre (SOC) or related cybersecurity environment. Industry-recognised certifications (preferred), such as a cybersecurity degree, Network+, Security+, or equivalent technical qualifications. Strong hands-on knowledge of SIEM and EDR platforms, including experience configuring and writing queries (eg, SQL, KQL). Familiarity with cloud platforms (AWS, Azure, etc.) and securing hybrid IT environments. Excellent communication skills, both verbal and written, with the ability to translate technical information for non-technical audiences. Previous experience in an incident response role and a solid understanding of IR processes. Demonstrated experience leading or managing a security-focused team. Understanding of key security frameworks and standards, such as ISO 27001, NIST, and Crest.
The Information Security Analyst will play a critical role in safeguarding the organisation's systems and data, ensuring compliance with security policies and regulations. Based in Hatfield, this role is ideal for individuals passionate about the life science industry and technology. Client Details The hiring company is a medium-sized organisation operating within the life science industry, with a focus on innovation and excellence in its field. The company is known for its commitment to leveraging technology to drive forward its mission. Description Implement and maintain ISMS aligning with ISO27001 Ensure security controls are in-place based on ISO27001 and NIST As the regional security representative in the global Security / Technology project Lead / execute phishing campaign Conduct vulnerability assessments and implement measures to mitigate potential risks. Involve in global security operations process, analysis and escalate security alerts / tickets from global SOC team Maintain and update security policies, standards, and procedures in alignment with industry regulations. Collaborate with cross-functional teams to ensure secure system designs and implementations. Provide training and support to staff to enhance security awareness across the organisation. Profile Practical experience and understanding of ISO27001 Familiar with NIST and GDPR is preferred Solid experience in threat, risk and vulnerabilities management process Experience with security tools such as SIEM, intrusion detection systems, and endpoint protection. Strong analytical and problem-solving skills. Hold at least one security related professional certification is desirable Job Offer 24 days of holiday leave Performance-based bonus of up to 10%. Pension scheme with contributions up to 10%. Private medical insurance, life assurance, dental cover Finance support on professional certifications / memberships
Oct 02, 2025
Full time
The Information Security Analyst will play a critical role in safeguarding the organisation's systems and data, ensuring compliance with security policies and regulations. Based in Hatfield, this role is ideal for individuals passionate about the life science industry and technology. Client Details The hiring company is a medium-sized organisation operating within the life science industry, with a focus on innovation and excellence in its field. The company is known for its commitment to leveraging technology to drive forward its mission. Description Implement and maintain ISMS aligning with ISO27001 Ensure security controls are in-place based on ISO27001 and NIST As the regional security representative in the global Security / Technology project Lead / execute phishing campaign Conduct vulnerability assessments and implement measures to mitigate potential risks. Involve in global security operations process, analysis and escalate security alerts / tickets from global SOC team Maintain and update security policies, standards, and procedures in alignment with industry regulations. Collaborate with cross-functional teams to ensure secure system designs and implementations. Provide training and support to staff to enhance security awareness across the organisation. Profile Practical experience and understanding of ISO27001 Familiar with NIST and GDPR is preferred Solid experience in threat, risk and vulnerabilities management process Experience with security tools such as SIEM, intrusion detection systems, and endpoint protection. Strong analytical and problem-solving skills. Hold at least one security related professional certification is desirable Job Offer 24 days of holiday leave Performance-based bonus of up to 10%. Pension scheme with contributions up to 10%. Private medical insurance, life assurance, dental cover Finance support on professional certifications / memberships
Job Title: Cyber Security Incident Response Specialist Location: London, Wokingham, or Warwick (2 days per week onsite - hybrid working) Contract Duration: 6months + initially, with high potential for extension (long-term programme) Clearance: SC required or eligible THIS PROJECT IS INSIDE IR35 Project Overview: We are looking for an experienced Cyber Security Incident Response Specialist to join a high-impact security programme supporting the resilience of UK critical national infrastructure (CNI) . You'll join a team responsible for responding to cyber threats across both cyber and physical domains - helping to manage the full incident life cycle, improve response maturity, and develop scalable IR documentation and exercises. This is a specialist role for someone with real-world IR experience and the ability to assess, escalate, and coordinate technical and business responses. Key Responsibilities: Lead or support incident response (IR) activities across the full life cycle: detection, triage, containment, eradication, recovery, and lessons learned Develop and maintain IR playbooks, plans, and post-incident reports Support post-incident reviews , including root cause analysis (RCA) and lessons learned sessions Design and deliver incident response exercises (eg tabletop simulations) Act as a subject matter expert (SME) for incident response processes and frameworks Collaborate with SOC teams, technical SMEs, and non-technical stakeholders Communicate IR outcomes effectively via reports, presentations, and briefings Build working relationships across internal security functions and external CNI/regulatory stakeholders Mandatory Requirements (Must-Have): Strong, recent experience in cybersecurity incident response Ability to make informed decisions during incidents (triage, escalate, communicate) Experience working in Critical National Infrastructure (CNI) sectors - eg utilities, energy, telco, banking, health, defence, or transport Working knowledge of NIST, MITRE ATT&CK , or equivalent frameworks Proven ability to communicate IR findings to technical and non-technical audiences Experience contributing to or owning IR playbooks, SOPs, or RCA documentation Must hold current SC clearance or have been previously cleared within the last 12-18 months Desirable Skills (Nice-to-Have): Experience within the energy or utilities sector Exposure to OT/ICS environments (eg SCADA, PLCs, DCS) Experience delivering or supporting tabletop IR exercises Familiarity with tools like Microsoft Sentinel, Defender, Splunk, QRadar, Tenable, CrowdStrike, etc. Industry certifications such as CISSP, GCFA, GEIR, CCIM, CISM, CEH , or equivalent What We're Not Looking For: Junior SOC analysts (L1/L2 triage only) Generalist cyber roles without deep IR exposure Candidates without experience in CNI or enterprise-scale IR
Oct 01, 2025
Contractor
Job Title: Cyber Security Incident Response Specialist Location: London, Wokingham, or Warwick (2 days per week onsite - hybrid working) Contract Duration: 6months + initially, with high potential for extension (long-term programme) Clearance: SC required or eligible THIS PROJECT IS INSIDE IR35 Project Overview: We are looking for an experienced Cyber Security Incident Response Specialist to join a high-impact security programme supporting the resilience of UK critical national infrastructure (CNI) . You'll join a team responsible for responding to cyber threats across both cyber and physical domains - helping to manage the full incident life cycle, improve response maturity, and develop scalable IR documentation and exercises. This is a specialist role for someone with real-world IR experience and the ability to assess, escalate, and coordinate technical and business responses. Key Responsibilities: Lead or support incident response (IR) activities across the full life cycle: detection, triage, containment, eradication, recovery, and lessons learned Develop and maintain IR playbooks, plans, and post-incident reports Support post-incident reviews , including root cause analysis (RCA) and lessons learned sessions Design and deliver incident response exercises (eg tabletop simulations) Act as a subject matter expert (SME) for incident response processes and frameworks Collaborate with SOC teams, technical SMEs, and non-technical stakeholders Communicate IR outcomes effectively via reports, presentations, and briefings Build working relationships across internal security functions and external CNI/regulatory stakeholders Mandatory Requirements (Must-Have): Strong, recent experience in cybersecurity incident response Ability to make informed decisions during incidents (triage, escalate, communicate) Experience working in Critical National Infrastructure (CNI) sectors - eg utilities, energy, telco, banking, health, defence, or transport Working knowledge of NIST, MITRE ATT&CK , or equivalent frameworks Proven ability to communicate IR findings to technical and non-technical audiences Experience contributing to or owning IR playbooks, SOPs, or RCA documentation Must hold current SC clearance or have been previously cleared within the last 12-18 months Desirable Skills (Nice-to-Have): Experience within the energy or utilities sector Exposure to OT/ICS environments (eg SCADA, PLCs, DCS) Experience delivering or supporting tabletop IR exercises Familiarity with tools like Microsoft Sentinel, Defender, Splunk, QRadar, Tenable, CrowdStrike, etc. Industry certifications such as CISSP, GCFA, GEIR, CCIM, CISM, CEH , or equivalent What We're Not Looking For: Junior SOC analysts (L1/L2 triage only) Generalist cyber roles without deep IR exposure Candidates without experience in CNI or enterprise-scale IR
LA International Computer Consultants Ltd
Leamington Spa, Warwickshire
SOC Manager 6 Month contract initially Based: Hybrid/Leamington & Gaydon - Hybrid as per business need Rate: £Market rates p/d (via Umbrella company) We have a great opportunity with a world leading organisation where you will be provided with all of the support and development to succeed. A progressive organisation where you can really make a difference. We have a great opportunity for a SOC Manager to join the team. As SOC Manager you will: * Oversee SOC activities by reviewing your team's performance metrics, incident reports and other key indicators * Lead incident response efforts when a security incident occurs, the SOC team has to respond as quickly as possible * Lead these efforts by establishing clear incident response procedures and protocols and conveying them to the team * Analyse incident reports to understand your organization's security posture by reviewing incident reports, SOC managers identify patterns and trends that may indicate weaknesses or vulnerabilities in their security defences * Serve as the point of contact (POC) for security incidents within the company. You are the primary liaison between the SOC team, other internal stakeholders, and external parties such as vendors, clients or regulatory bodies. * Be responsible for conducting information security investigations as a result of security incidents. These are previously identified by the Level 2 security analyst who are monitoring the security consoles from various SOC entry channels (SIEM, Tickets, Email and Phone) End to end security incident management. You will play a key role in providing the highest level of technical expertise and handling the most complex security incidents. Key Responsibilities: * Manage service and process improvements of SOC, auditing SOC incidents, identifying new use cases and automations * POC for SOC engineering team, threat intelligence analyst and Threat exposure management * Act as a point of escalation for Level-2 SOC security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques * Act as the lead coordinator to individual information security incidents * Mentor security analysts regarding risk management, information security controls, incident analysis, incident response, SIEM monitoring, and other operational tasks (tools, techniques, Procedures) in support of technologies managed by the Security Operations Centre. * Document incidents from initial detection through final resolution * Ensure threat management, threat modelling, identify threat vectors and develop use cases for security monitoring * Create reports, dashboards, metrics for SOC operations and presentation to Sr. Mgmt. * Act as focal point for any investigations involving security; to prepare reports and note follow up action * Participate in the role of Incident Manager during any incidents and emergencies * Ensure that all business recovery/contingency plans and/or procedures held within the security control rooms are always kept up to date * Coordinate with IT teams on escalations, tracking, performance issues, and outages Key skills & experience: * Strong knowledge in Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), Public Key Infrastructure (PKI), Data Loss Prevention (DLP), Identity and Access Management (IAM) and SOC advancements such as EDR and SOAR * Good knowledge of SIEM technologies, like Google Chronicle, Splunk ES or QRadar * In-depth familiarity with security policies based on industry standards and best practices * Experienced within the information security field, with emphasis on security operations, incident management, intrusion analysis, security device installations, configuration, and troubleshooting (e. g., Firewall, IDS, etc.) * Experience in Log source integration and in Developing new correlation rules & Parser writing * Experienced in SOC automation development, cloud operations (e. g. AWS), Designing, building security operations centers and Regulatory Compliance * Ability to lead and communicate efficiently within a team environment along with Incident management process development and/or incident management experience * Solid understanding of information technology and information security required * Excellent communication and presentation skills with demonstrated skill in presenting analytical data effectively to varied audiences (including executives) * Ability to work well under pressure with differing levels of Management This is an excellent opportunity on a great project of work, If you are looking for your next exciting opportunity, apply now for your CV to reach me directly, we will respond as soon as possible. LA International is a HMG approved ICT Recruitment and Project Solutions Consultancy, operating globally from the largest single site in the UK as an IT Consultancy or as an Employment Business & Agency depending upon the precise nature of the work, for security cleared jobs or non-clearance vacancies, LA International welcome applications from all sections of the community and from people with diverse experience and backgrounds. Award Winning LA International, winner of the Recruiter Awards for Excellence, Best IT Recruitment Company, Best Public Sector Recruitment Company and overall Gold Award winner, has now secured the most prestigious business award that any business can receive, The Queens Award for Enterprise: International Trade, for the second consecutive period.
Sep 26, 2025
Contractor
SOC Manager 6 Month contract initially Based: Hybrid/Leamington & Gaydon - Hybrid as per business need Rate: £Market rates p/d (via Umbrella company) We have a great opportunity with a world leading organisation where you will be provided with all of the support and development to succeed. A progressive organisation where you can really make a difference. We have a great opportunity for a SOC Manager to join the team. As SOC Manager you will: * Oversee SOC activities by reviewing your team's performance metrics, incident reports and other key indicators * Lead incident response efforts when a security incident occurs, the SOC team has to respond as quickly as possible * Lead these efforts by establishing clear incident response procedures and protocols and conveying them to the team * Analyse incident reports to understand your organization's security posture by reviewing incident reports, SOC managers identify patterns and trends that may indicate weaknesses or vulnerabilities in their security defences * Serve as the point of contact (POC) for security incidents within the company. You are the primary liaison between the SOC team, other internal stakeholders, and external parties such as vendors, clients or regulatory bodies. * Be responsible for conducting information security investigations as a result of security incidents. These are previously identified by the Level 2 security analyst who are monitoring the security consoles from various SOC entry channels (SIEM, Tickets, Email and Phone) End to end security incident management. You will play a key role in providing the highest level of technical expertise and handling the most complex security incidents. Key Responsibilities: * Manage service and process improvements of SOC, auditing SOC incidents, identifying new use cases and automations * POC for SOC engineering team, threat intelligence analyst and Threat exposure management * Act as a point of escalation for Level-2 SOC security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques * Act as the lead coordinator to individual information security incidents * Mentor security analysts regarding risk management, information security controls, incident analysis, incident response, SIEM monitoring, and other operational tasks (tools, techniques, Procedures) in support of technologies managed by the Security Operations Centre. * Document incidents from initial detection through final resolution * Ensure threat management, threat modelling, identify threat vectors and develop use cases for security monitoring * Create reports, dashboards, metrics for SOC operations and presentation to Sr. Mgmt. * Act as focal point for any investigations involving security; to prepare reports and note follow up action * Participate in the role of Incident Manager during any incidents and emergencies * Ensure that all business recovery/contingency plans and/or procedures held within the security control rooms are always kept up to date * Coordinate with IT teams on escalations, tracking, performance issues, and outages Key skills & experience: * Strong knowledge in Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), Public Key Infrastructure (PKI), Data Loss Prevention (DLP), Identity and Access Management (IAM) and SOC advancements such as EDR and SOAR * Good knowledge of SIEM technologies, like Google Chronicle, Splunk ES or QRadar * In-depth familiarity with security policies based on industry standards and best practices * Experienced within the information security field, with emphasis on security operations, incident management, intrusion analysis, security device installations, configuration, and troubleshooting (e. g., Firewall, IDS, etc.) * Experience in Log source integration and in Developing new correlation rules & Parser writing * Experienced in SOC automation development, cloud operations (e. g. AWS), Designing, building security operations centers and Regulatory Compliance * Ability to lead and communicate efficiently within a team environment along with Incident management process development and/or incident management experience * Solid understanding of information technology and information security required * Excellent communication and presentation skills with demonstrated skill in presenting analytical data effectively to varied audiences (including executives) * Ability to work well under pressure with differing levels of Management This is an excellent opportunity on a great project of work, If you are looking for your next exciting opportunity, apply now for your CV to reach me directly, we will respond as soon as possible. LA International is a HMG approved ICT Recruitment and Project Solutions Consultancy, operating globally from the largest single site in the UK as an IT Consultancy or as an Employment Business & Agency depending upon the precise nature of the work, for security cleared jobs or non-clearance vacancies, LA International welcome applications from all sections of the community and from people with diverse experience and backgrounds. Award Winning LA International, winner of the Recruiter Awards for Excellence, Best IT Recruitment Company, Best Public Sector Recruitment Company and overall Gold Award winner, has now secured the most prestigious business award that any business can receive, The Queens Award for Enterprise: International Trade, for the second consecutive period.
SOC Manager Whitehall Resources are looking for a SOC Manager. This role is hybrid working with 2-3 days per week onsite in Warwickshire, and the remainder remote working, for an initial 6-month contract. *Inside IR35* Job Description: Establish goals and priorities by working closely with your team to identify the most critical focus areas. These include: Improving incident response times Reducing false positives and other extraneous alerts Enhancing threat detection capabilities Oversee your staff's activities and ensure they focus on the right priorities Oversee SOC activities by reviewing your team's performance metrics, incident reports and other key indicators Lead incident response efforts when a security incident occurs, the SOC team has to respond as quickly as possible Lead these efforts by establishing clear incident response procedures and protocols and conveying them to the team Analyse incident reports to understand your organization's security posture by reviewing incident reports, SOC managers identify patterns and trends that may indicate weaknesses or vulnerabilities in their security defences Serve as the point of contact (POC) for security incidents within the company. You are the primary liaison between the SOC team, other internal stakeholders, and external parties such as vendors, clients or regulatory bodies. Be responsible for conducting information security investigations as a result of security incidents. These are previously identified by the Level 2 security analyst who are monitoring the security consoles from various SOC entry channels (SIEM, Tickets, Email and Phone) End to end security incident management. You will play a key role in providing the highest level of technical expertise and handling the most complex security incidents. Report to the Customer about security operations. This means that you must keep the CISO and Head of security operations informed about everything that's happening in the operations centre. You can do this by preparing clear and concise reports that highlight key findings, and recommendations about the operations. Your reports will help the customer make informed decisions about security investments and strategies that align with the company's goals. Your responsibilities: Manage service and process improvements of SOC, auditing SOC incidents, identifying new use cases and automations POC for SOC engineering team, threat intelligence analyst and Threat exposure management Act as a point of escalation for Level-2 SOC security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques Act as the lead coordinator to individual information security incidents Mentor security analysts regarding risk management, information security controls, incident analysis, incident response, SIEM monitoring, and other operational tasks (tools, techniques, Procedures) in support of technologies managed by the Security Operations Centre. Document incidents from initial detection through final resolution Ensure threat management, threat modelling, identify threat vectors and develop use cases for security monitoring Create reports, dashboards, metrics for SOC operations and presentation to Sr. Mgmt. Act as focal point for any investigations involving security; to prepare reports and note follow up action Participate in the role of Incident Manager during any incidents and emergencies Ensure that all business recovery/contingency plans and/or procedures held within the security control rooms are always kept up to date Coordinate with IT teams on escalations, tracking, performance issues, and outages Essential skills and experience: Strong knowledge in Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), Public Key Infrastructure (PKI), Data Loss Prevention (DLP), Identity and Access Management (IAM) and SOC advancements such as EDR and SOAR Good knowledge of SIEM technologies, like Google Chronicle, Splunk ES or QRadar In-depth familiarity with security policies based on industry standards and best practices Experienced within the information security field, with emphasis on security operations, incident management, intrusion analysis, security device installations, configuration, and troubleshooting (e. g., Firewall, IDS, etc.) Experience in Log source integration and in Developing new correlation rules & Parser writing Experienced in SOC automation development, cloud operations (e. g. AWS), Designing, building security operations centers and Regulatory Compliance Ability to lead and communicate efficiently within a team environment along with Incident management process development and/or incident management experience Solid understanding of information technology and information security required Excellent communication and presentation skills with demonstrated skill in presenting analytical data effectively to varied audiences (including executives) Ability to work well under pressure with differing levels of Management Desirable skills and experience: Experience of Agile ways of working. All of our opportunities require that applicants are eligible to work in the specified country/location, unless otherwise stated in the job description. Whitehall Resources are an equal opportunities employer who value a diverse and inclusive working environment. All qualified applicants will receive consideration for employment without regard to race, religion, gender identity or expression, sexual orientation, national origin, pregnancy, disability, age, veteran status, or other characteristics.
Sep 26, 2025
Contractor
SOC Manager Whitehall Resources are looking for a SOC Manager. This role is hybrid working with 2-3 days per week onsite in Warwickshire, and the remainder remote working, for an initial 6-month contract. *Inside IR35* Job Description: Establish goals and priorities by working closely with your team to identify the most critical focus areas. These include: Improving incident response times Reducing false positives and other extraneous alerts Enhancing threat detection capabilities Oversee your staff's activities and ensure they focus on the right priorities Oversee SOC activities by reviewing your team's performance metrics, incident reports and other key indicators Lead incident response efforts when a security incident occurs, the SOC team has to respond as quickly as possible Lead these efforts by establishing clear incident response procedures and protocols and conveying them to the team Analyse incident reports to understand your organization's security posture by reviewing incident reports, SOC managers identify patterns and trends that may indicate weaknesses or vulnerabilities in their security defences Serve as the point of contact (POC) for security incidents within the company. You are the primary liaison between the SOC team, other internal stakeholders, and external parties such as vendors, clients or regulatory bodies. Be responsible for conducting information security investigations as a result of security incidents. These are previously identified by the Level 2 security analyst who are monitoring the security consoles from various SOC entry channels (SIEM, Tickets, Email and Phone) End to end security incident management. You will play a key role in providing the highest level of technical expertise and handling the most complex security incidents. Report to the Customer about security operations. This means that you must keep the CISO and Head of security operations informed about everything that's happening in the operations centre. You can do this by preparing clear and concise reports that highlight key findings, and recommendations about the operations. Your reports will help the customer make informed decisions about security investments and strategies that align with the company's goals. Your responsibilities: Manage service and process improvements of SOC, auditing SOC incidents, identifying new use cases and automations POC for SOC engineering team, threat intelligence analyst and Threat exposure management Act as a point of escalation for Level-2 SOC security analysts in support of information security investigations to provide guidance and oversight on incident resolution and containment techniques Act as the lead coordinator to individual information security incidents Mentor security analysts regarding risk management, information security controls, incident analysis, incident response, SIEM monitoring, and other operational tasks (tools, techniques, Procedures) in support of technologies managed by the Security Operations Centre. Document incidents from initial detection through final resolution Ensure threat management, threat modelling, identify threat vectors and develop use cases for security monitoring Create reports, dashboards, metrics for SOC operations and presentation to Sr. Mgmt. Act as focal point for any investigations involving security; to prepare reports and note follow up action Participate in the role of Incident Manager during any incidents and emergencies Ensure that all business recovery/contingency plans and/or procedures held within the security control rooms are always kept up to date Coordinate with IT teams on escalations, tracking, performance issues, and outages Essential skills and experience: Strong knowledge in Authentication, End Point Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), Public Key Infrastructure (PKI), Data Loss Prevention (DLP), Identity and Access Management (IAM) and SOC advancements such as EDR and SOAR Good knowledge of SIEM technologies, like Google Chronicle, Splunk ES or QRadar In-depth familiarity with security policies based on industry standards and best practices Experienced within the information security field, with emphasis on security operations, incident management, intrusion analysis, security device installations, configuration, and troubleshooting (e. g., Firewall, IDS, etc.) Experience in Log source integration and in Developing new correlation rules & Parser writing Experienced in SOC automation development, cloud operations (e. g. AWS), Designing, building security operations centers and Regulatory Compliance Ability to lead and communicate efficiently within a team environment along with Incident management process development and/or incident management experience Solid understanding of information technology and information security required Excellent communication and presentation skills with demonstrated skill in presenting analytical data effectively to varied audiences (including executives) Ability to work well under pressure with differing levels of Management Desirable skills and experience: Experience of Agile ways of working. All of our opportunities require that applicants are eligible to work in the specified country/location, unless otherwise stated in the job description. Whitehall Resources are an equal opportunities employer who value a diverse and inclusive working environment. All qualified applicants will receive consideration for employment without regard to race, religion, gender identity or expression, sexual orientation, national origin, pregnancy, disability, age, veteran status, or other characteristics.
