Location(s):UK, Europe & Africa : UK : London UK, Europe & Africa : UK : Leeds BAE Systems Digital Intelligence is home to 4,500 digital, cyber and intelligence experts. We work collaboratively across 10 countries to collect, connect and understand complex data, so that governments, nation states, armed forces and commercial businesses can unlock digital advantage in the most demanding environments. Job Title: Threat Intelligence Analyst Requisition ID: 122576 Location: London - We offer a range of hybrid and flexible working arrangements - please speak to your recruiter about the options for this particular role. Grade: GG11 Referral Bonus: £5,000 Role description To undertake the day to day operation of (and incremental improvement of) a dedicated Security Operations Centre (SOC) to support the defence of a major UK CNI organisation. The networks protected are predominantly hosted in Azure cloud platforms, with many systems within these environments that must be protected. The customer is committed to development of this improved SOC to be a benchmark of best practice and excellence in reflection of the significant threat that the protected systems are subject to. The SOC Analyst roles are 'hands on' shift based roles, working as part of a 24/7 operation with four shift teams working in a standard rotation. They are responsible for utilising the SOC's SIEM and SOAR toolsets to detect and investigate potential Security and Service Incidents occurring within the monitored networks. These roles require a minimum of SC clearance. Due to timelines for the start of operations, it will not be possible to sponsor new clearances so candidates must have existing clearances. Responsibilities Produce and maintain threat assessments to provide a clear understanding of the customer threat landscape. Maintain the IoC database tailored to the monitored environment and threats and ensure changes are pushed to the detection systems in a timely manner. Maintain threat profiles and threat modelling and applicability to the monitored estate along with updating the modelling to detail what detection and controls are in place to mitigate the threats. Gather and maintain a set of TI requirements that define the threats that will be monitored, tracked and researched by the TI Team. Oversee the collection, collation and maintenance of threat data collected from open and closed sources and ensure it appropriately validated. Conduct analysis and research to determine the identity, motivations, relationships, targets / victims, capabilities, tooling and infrastructure of threat groups relevant to customer. Requirements Technical Working in a Threat Intelligence team developing threat intelligence products for technical and non-technical audiences. Performing malware analysis and reverse engineering. Conducting threat assessments and defining threat intelligence requirements. Developing and maintaining threat data sources. Advanced knowledge of Windows and Linux operating systems and use of the command line. Advanced knowledge of core networking concepts and technologies e.g. TCP/IP. Intermediate knowledge of malware behaviour and techniques employed by attackers to evade security controls. Intermediate knowledge of malware analysis and reverse engineering techniques. Non-technical Client side consulting, including stakeholder engagement and the ability to communicate insights and concepts to others (including briefing skills and report writing). Able to understand and adapt to different cultures and hierarchical structures. Team player and adept at working in multi disciplinary and diverse teams. Proven analytical skills capable of solving new and complex technical problems. Excellent written and verbal communication skills with the ability to communicate the impact and importance of detailed technical information to non technical and senior audiences. Leading and managing small teams of highly skilled technical people. Managing and building relationships with customer and internal stakeholders. Self motivated and motivates others keeping morale and performance high. Why BAE Systems? This is a place where you'll be able to make a real difference. You'll be part of an inclusive culture that values diversity, rewards integrity, and merit, and where you'll be empowered to fulfil your potential. We welcome candidates from all backgrounds and particularly from sections of the community who are currently underrepresented within our industry, including women, ethnic minorities, people with disabilities and LGBTQ+ individuals. We also want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments. Life at BAE Systems Digital Intelligence We are embracing Hybrid Working. This means you and your colleagues may be working in different locations, such as from home, another BAE Systems office or client site, some or all of the time, and work might be going on at different times of the day. By embracing technology, we can interact, collaborate and create together, even when we're working remotely from one another. Hybrid Working allows for increased flexibility in when and where we work, helping us to balance our work and personal life more effectively, and enhance well being. Diversity and inclusion are integral to the success of BAE Systems Digital Intelligence. We are proud to have an organisational culture where employees with varying perspectives, skills, life experiences and backgrounds - the best and brightest minds - can work together to achieve excellence and realise individual and organisational potential. Division overview: Government At BAE Systems Digital Intelligence, we pride ourselves in being a leader in the cyber defence industry, and Government contracts are an area we have many decades of experience in. Government and key infrastructure networks are critical targets to defend as the effects of these networks being breached can be devastating. As a member of the Government business unit, you will defend the connected world and ensure the protection of nations. We all have a role to play in defending our clients, and this is yours. This vacancy is eligible for the UK Employee Referral Scheme. Amount: £5,000
Jan 10, 2026
Full time
Location(s):UK, Europe & Africa : UK : London UK, Europe & Africa : UK : Leeds BAE Systems Digital Intelligence is home to 4,500 digital, cyber and intelligence experts. We work collaboratively across 10 countries to collect, connect and understand complex data, so that governments, nation states, armed forces and commercial businesses can unlock digital advantage in the most demanding environments. Job Title: Threat Intelligence Analyst Requisition ID: 122576 Location: London - We offer a range of hybrid and flexible working arrangements - please speak to your recruiter about the options for this particular role. Grade: GG11 Referral Bonus: £5,000 Role description To undertake the day to day operation of (and incremental improvement of) a dedicated Security Operations Centre (SOC) to support the defence of a major UK CNI organisation. The networks protected are predominantly hosted in Azure cloud platforms, with many systems within these environments that must be protected. The customer is committed to development of this improved SOC to be a benchmark of best practice and excellence in reflection of the significant threat that the protected systems are subject to. The SOC Analyst roles are 'hands on' shift based roles, working as part of a 24/7 operation with four shift teams working in a standard rotation. They are responsible for utilising the SOC's SIEM and SOAR toolsets to detect and investigate potential Security and Service Incidents occurring within the monitored networks. These roles require a minimum of SC clearance. Due to timelines for the start of operations, it will not be possible to sponsor new clearances so candidates must have existing clearances. Responsibilities Produce and maintain threat assessments to provide a clear understanding of the customer threat landscape. Maintain the IoC database tailored to the monitored environment and threats and ensure changes are pushed to the detection systems in a timely manner. Maintain threat profiles and threat modelling and applicability to the monitored estate along with updating the modelling to detail what detection and controls are in place to mitigate the threats. Gather and maintain a set of TI requirements that define the threats that will be monitored, tracked and researched by the TI Team. Oversee the collection, collation and maintenance of threat data collected from open and closed sources and ensure it appropriately validated. Conduct analysis and research to determine the identity, motivations, relationships, targets / victims, capabilities, tooling and infrastructure of threat groups relevant to customer. Requirements Technical Working in a Threat Intelligence team developing threat intelligence products for technical and non-technical audiences. Performing malware analysis and reverse engineering. Conducting threat assessments and defining threat intelligence requirements. Developing and maintaining threat data sources. Advanced knowledge of Windows and Linux operating systems and use of the command line. Advanced knowledge of core networking concepts and technologies e.g. TCP/IP. Intermediate knowledge of malware behaviour and techniques employed by attackers to evade security controls. Intermediate knowledge of malware analysis and reverse engineering techniques. Non-technical Client side consulting, including stakeholder engagement and the ability to communicate insights and concepts to others (including briefing skills and report writing). Able to understand and adapt to different cultures and hierarchical structures. Team player and adept at working in multi disciplinary and diverse teams. Proven analytical skills capable of solving new and complex technical problems. Excellent written and verbal communication skills with the ability to communicate the impact and importance of detailed technical information to non technical and senior audiences. Leading and managing small teams of highly skilled technical people. Managing and building relationships with customer and internal stakeholders. Self motivated and motivates others keeping morale and performance high. Why BAE Systems? This is a place where you'll be able to make a real difference. You'll be part of an inclusive culture that values diversity, rewards integrity, and merit, and where you'll be empowered to fulfil your potential. We welcome candidates from all backgrounds and particularly from sections of the community who are currently underrepresented within our industry, including women, ethnic minorities, people with disabilities and LGBTQ+ individuals. We also want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments. Life at BAE Systems Digital Intelligence We are embracing Hybrid Working. This means you and your colleagues may be working in different locations, such as from home, another BAE Systems office or client site, some or all of the time, and work might be going on at different times of the day. By embracing technology, we can interact, collaborate and create together, even when we're working remotely from one another. Hybrid Working allows for increased flexibility in when and where we work, helping us to balance our work and personal life more effectively, and enhance well being. Diversity and inclusion are integral to the success of BAE Systems Digital Intelligence. We are proud to have an organisational culture where employees with varying perspectives, skills, life experiences and backgrounds - the best and brightest minds - can work together to achieve excellence and realise individual and organisational potential. Division overview: Government At BAE Systems Digital Intelligence, we pride ourselves in being a leader in the cyber defence industry, and Government contracts are an area we have many decades of experience in. Government and key infrastructure networks are critical targets to defend as the effects of these networks being breached can be devastating. As a member of the Government business unit, you will defend the connected world and ensure the protection of nations. We all have a role to play in defending our clients, and this is yours. This vacancy is eligible for the UK Employee Referral Scheme. Amount: £5,000
Nomios' mission is to build a 'secure and connected' future. Organisations across Europe depend on us to help secure and connect their digital infrastructures. In support of our continued UK growth, we are seeking a SOC Analyst to join our 24/7 Security Operations Centre. This is an excellent opportunity for someone early in their SOC career, or for an individual with a strong infrastructure and networking background looking to transition into cyber security operations. You will be working across a diverse set of customer environments as part of our Security Operations Centre, focusing on investigation, understanding attacker behaviour and contributing to the continual improvement of SOC capabilities. Your role as Security Operations Centre (SOC) Analyst As a 24/7 SOC Analyst, you will be on the frontline of our Security Operations Centre - monitoring, investigating and escalating security events across multiple customer environments. You will work closely with Senior and Lead Analysts for guidance, development and collaborative investigation. You will use platforms such as Microsoft Sentinel, Google SecOps, Defender XDR, CrowdStrike Falcon, SentinelOne and Cortex XSOAR/XSIAM to understand what has happened, how activity progressed and what actions need to be taken. You will be supported through structured training, cyber ranges, hands on exposure to modern SOC technologies and real investigation experience to help you grow quickly. You will join a modern, continuously evolving SOC run by people who are technical at heart and understand what analysts need to succeed. Career development is a core focus, with clear pathways into Threat Intelligence, SOC Engineering, SOC Professional Services, senior SOC roles and Incident Response for those who want to specialise. You'll be part of a collaborative, agile team that values curiosity, humour and a genuine interest in technology. The environment is built around continuous improvement, with everyone having a voice in shaping how the department evolves. Regular team events and knowledge sharing sessions create a supportive, engaging place to work. Key Responsibilities Detect and investigate Monitor and triage alerts across SIEM, EDR or XDR, email and web security platforms. Investigate suspicious activity and determine whether escalation is required. Follow SOC runbooks and investigation workflows. Build clear timelines of activity and maintain accurate investigation notes. Escalate complex cases to Senior and Lead Analysts with appropriate context. Review vulnerability management output and provide basic prioritisation insight. Hunt and improve Take part in directed threat hunting activities. Suggest improvements to detections, dashboards and runbooks. Support testing of new use cases and detection logic. Collaborate and communicate Provide clear written updates for customers and internal stakeholders. Participate in shift handovers to maintain continuity. Work closely with Senior and Lead Analysts to develop your skills and technical depth. We hire result orientated, smart, and high energy individuals who bring a can do attitude and a willingness to go the extra mile and deliver exceptional outcomes. You should be organised and rigorous, with excellent analytical skills. Good communication with internal stakeholders is vital, as is the ability to work as part of a dynamic team. Required skills: Minimum 1 year in a Security Operations Centre (SOC), or Minimum 3 years in infrastructure or networking roles with demonstrable security exposure. Experience triaging and investigating security alerts. Understanding of attacker behaviours, TTPs, and common malware execution chains (e.g., phishing leading to script or binary execution). Ability to recognise indicators of compromise such as unusual processes, network connections, irregular logon activity or file changes. Hands on experience with at least one major security platform (SIEM, EDR or XDR). Familiarity with ticketing tools such as ServiceNow, Salesforce, or JIRA. Familiarity with Windows event logs, authentication logs, basic process trees, and command line tools (Windows & Unix like systems). Understanding of core network protocols: DNS, HTTP, SMB, LDAP. Operational knowledge of Windows, macOS and Linux. Ability to read and interpret logs from multiple sources. Awareness of MITRE ATT&CK and differentiating legitimate admin activity vs suspicious behaviour. Desirable skills: Experience with Microsoft Sentinel, Google SecOps or other SIEM platforms. Experience with Defender, CrowdStrike, SentinelOne or other XDR solutions. Ability to query in KQL, CQL, S1QL, XQL or similar languages. Awareness of threat intelligence concepts and application to investigations. Awareness of coding or scripting, with proficiency in at least one language preferred (but not required). Job Specifics Location: This role is home based with occasional visits to the office in Basingstoke Hours: 12 hour shifts: 2 days, 2 nights; 4 days/nights off. Flexibility with hours will be required in the event of a major incident Security clearance: Eligibility for SC clearance (lived in the UK for five years consecutively) required. DV clearance eligibility is advantageous. Why would you choose to come and work with us? We invest in our people. You will get to work in a dynamic, fast paced environment where you are free to use your initiative in support of our strategic objectives. You will work alongside high calibre sales, technical, and operational experts as part of a supportive, tight knit team, within which every individual has an important part to play and makes a real difference. Nomios offers a highly competitive salary and commission scheme along with industry leading benefits. Ready to make an impact? Apply now! Nomios is an equal opportunity employer and is committed to creating and sustaining an environment in which everyone is provided with an equal opportunity to grow and develop, and no individual will be unjustly discriminated against. This includes, but is not limited to, discrimination because of age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion and belief, sex and sexual orientation.
Jan 10, 2026
Full time
Nomios' mission is to build a 'secure and connected' future. Organisations across Europe depend on us to help secure and connect their digital infrastructures. In support of our continued UK growth, we are seeking a SOC Analyst to join our 24/7 Security Operations Centre. This is an excellent opportunity for someone early in their SOC career, or for an individual with a strong infrastructure and networking background looking to transition into cyber security operations. You will be working across a diverse set of customer environments as part of our Security Operations Centre, focusing on investigation, understanding attacker behaviour and contributing to the continual improvement of SOC capabilities. Your role as Security Operations Centre (SOC) Analyst As a 24/7 SOC Analyst, you will be on the frontline of our Security Operations Centre - monitoring, investigating and escalating security events across multiple customer environments. You will work closely with Senior and Lead Analysts for guidance, development and collaborative investigation. You will use platforms such as Microsoft Sentinel, Google SecOps, Defender XDR, CrowdStrike Falcon, SentinelOne and Cortex XSOAR/XSIAM to understand what has happened, how activity progressed and what actions need to be taken. You will be supported through structured training, cyber ranges, hands on exposure to modern SOC technologies and real investigation experience to help you grow quickly. You will join a modern, continuously evolving SOC run by people who are technical at heart and understand what analysts need to succeed. Career development is a core focus, with clear pathways into Threat Intelligence, SOC Engineering, SOC Professional Services, senior SOC roles and Incident Response for those who want to specialise. You'll be part of a collaborative, agile team that values curiosity, humour and a genuine interest in technology. The environment is built around continuous improvement, with everyone having a voice in shaping how the department evolves. Regular team events and knowledge sharing sessions create a supportive, engaging place to work. Key Responsibilities Detect and investigate Monitor and triage alerts across SIEM, EDR or XDR, email and web security platforms. Investigate suspicious activity and determine whether escalation is required. Follow SOC runbooks and investigation workflows. Build clear timelines of activity and maintain accurate investigation notes. Escalate complex cases to Senior and Lead Analysts with appropriate context. Review vulnerability management output and provide basic prioritisation insight. Hunt and improve Take part in directed threat hunting activities. Suggest improvements to detections, dashboards and runbooks. Support testing of new use cases and detection logic. Collaborate and communicate Provide clear written updates for customers and internal stakeholders. Participate in shift handovers to maintain continuity. Work closely with Senior and Lead Analysts to develop your skills and technical depth. We hire result orientated, smart, and high energy individuals who bring a can do attitude and a willingness to go the extra mile and deliver exceptional outcomes. You should be organised and rigorous, with excellent analytical skills. Good communication with internal stakeholders is vital, as is the ability to work as part of a dynamic team. Required skills: Minimum 1 year in a Security Operations Centre (SOC), or Minimum 3 years in infrastructure or networking roles with demonstrable security exposure. Experience triaging and investigating security alerts. Understanding of attacker behaviours, TTPs, and common malware execution chains (e.g., phishing leading to script or binary execution). Ability to recognise indicators of compromise such as unusual processes, network connections, irregular logon activity or file changes. Hands on experience with at least one major security platform (SIEM, EDR or XDR). Familiarity with ticketing tools such as ServiceNow, Salesforce, or JIRA. Familiarity with Windows event logs, authentication logs, basic process trees, and command line tools (Windows & Unix like systems). Understanding of core network protocols: DNS, HTTP, SMB, LDAP. Operational knowledge of Windows, macOS and Linux. Ability to read and interpret logs from multiple sources. Awareness of MITRE ATT&CK and differentiating legitimate admin activity vs suspicious behaviour. Desirable skills: Experience with Microsoft Sentinel, Google SecOps or other SIEM platforms. Experience with Defender, CrowdStrike, SentinelOne or other XDR solutions. Ability to query in KQL, CQL, S1QL, XQL or similar languages. Awareness of threat intelligence concepts and application to investigations. Awareness of coding or scripting, with proficiency in at least one language preferred (but not required). Job Specifics Location: This role is home based with occasional visits to the office in Basingstoke Hours: 12 hour shifts: 2 days, 2 nights; 4 days/nights off. Flexibility with hours will be required in the event of a major incident Security clearance: Eligibility for SC clearance (lived in the UK for five years consecutively) required. DV clearance eligibility is advantageous. Why would you choose to come and work with us? We invest in our people. You will get to work in a dynamic, fast paced environment where you are free to use your initiative in support of our strategic objectives. You will work alongside high calibre sales, technical, and operational experts as part of a supportive, tight knit team, within which every individual has an important part to play and makes a real difference. Nomios offers a highly competitive salary and commission scheme along with industry leading benefits. Ready to make an impact? Apply now! Nomios is an equal opportunity employer and is committed to creating and sustaining an environment in which everyone is provided with an equal opportunity to grow and develop, and no individual will be unjustly discriminated against. This includes, but is not limited to, discrimination because of age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion and belief, sex and sexual orientation.
ROLE TITLE: SOC Analyst - SC Cleared LOCATION: flexible (can be predominantly remote) The ideal candidate must have active SC clearance We are actively looking to secure an SOC Analyst to join Experis. Experis Consultancy is a Global entity with a well-established team with over 1000 consultants on assignment across 20 clients globally. Our UK operation is growing and has very aggressive plans for expansion over the coming years. We form part of the Manpower group of companies that turn over $20 billion a year collectively. Experis UK have partnerships with major clients across the UK spanning multiple industries; our approach is a very personal one, with both our clients and our own employees. We are passionate about training, technology and career development. Skills required: Microsoft Certified: Security Operations Analyst Associate Certification (SC200) is a mandatory requirement for role fulfilment Experience working with SIEM technologies and security tooling An understanding of IT Infrastructure and Networking An understanding of vulnerability and threat management An understanding of the incident response lifecycle T he ability to work in a close team and independently The ability to be adaptable to a high pace changeable workload An interest in security and threat management Nice to have skills A SOC Analyst will be responsible for providing Protective Monitoring Services across a range of Secure Customers. They will be responsible for the day to day monitoring using various SIEM Tools (Qradar, Sentinel & LogRhythm). Some of the responsibilities that come along with this role include the following: Security Analytics Incident investigation, triage and escalation Threat monitoring and response Trend reporting Rule tuning and continual service improvement The role involves working alongside other team members including SOC engineers and Service Managers. Benefits Include: Contributory pension scheme Employee Assistance Program Medical and Dental cover 22 days holiday + bank holidays Maternity Pay/Shared Parental leave and paternity leave Sick pay Suitable Candidates should submit CVs in the first instance.
Jan 09, 2026
Full time
ROLE TITLE: SOC Analyst - SC Cleared LOCATION: flexible (can be predominantly remote) The ideal candidate must have active SC clearance We are actively looking to secure an SOC Analyst to join Experis. Experis Consultancy is a Global entity with a well-established team with over 1000 consultants on assignment across 20 clients globally. Our UK operation is growing and has very aggressive plans for expansion over the coming years. We form part of the Manpower group of companies that turn over $20 billion a year collectively. Experis UK have partnerships with major clients across the UK spanning multiple industries; our approach is a very personal one, with both our clients and our own employees. We are passionate about training, technology and career development. Skills required: Microsoft Certified: Security Operations Analyst Associate Certification (SC200) is a mandatory requirement for role fulfilment Experience working with SIEM technologies and security tooling An understanding of IT Infrastructure and Networking An understanding of vulnerability and threat management An understanding of the incident response lifecycle T he ability to work in a close team and independently The ability to be adaptable to a high pace changeable workload An interest in security and threat management Nice to have skills A SOC Analyst will be responsible for providing Protective Monitoring Services across a range of Secure Customers. They will be responsible for the day to day monitoring using various SIEM Tools (Qradar, Sentinel & LogRhythm). Some of the responsibilities that come along with this role include the following: Security Analytics Incident investigation, triage and escalation Threat monitoring and response Trend reporting Rule tuning and continual service improvement The role involves working alongside other team members including SOC engineers and Service Managers. Benefits Include: Contributory pension scheme Employee Assistance Program Medical and Dental cover 22 days holiday + bank holidays Maternity Pay/Shared Parental leave and paternity leave Sick pay Suitable Candidates should submit CVs in the first instance.
Security Operations Centre / SOC Team Lead 58,252 - 68,586 per annum 28.97% Employer pension contribution and more great benefits Relaxed hybrid and flexible working environment Location: Glasgow or Edinburgh About the Role Hays' Cyber practice have partnered exclusively with Registers of Scotland (RoS) on the search for a Technical Team Lead within their internal Security Operations Centre. This role will have you leading a team of analysts and working alongside security engineers to develop and automate threat detection and response playbooks, as well as security architects and the wider IT function. The ideal candidate will have the technical expertise to work on day-to-day operations within a busy SOC, but also will have led SOC teams from a line-management, pastoral leadership, and ITSM perspective, ranging from SIEM use case tuning, to employee appraisals, KPI's and reporting metrics. About the Organisation Registers of Scotland (RoS) manages 21 land, property and other legal registers which are a critical asset for the Scottish economy. They aim to provide the best public service for Scotland and are on a mission to make some of the oldest public land registers in the world into some of the most modern. Registers of Scotland (RoS) is also an award-winning organisation recognised for its technology and innovation and is a world-leading pioneer in land and property registration. Their full-stack teams design, architect, and build all our registration products in-house, and they work to create digital solutions for the people of Scotland. You will get an opportunity to nurture your creativity and develop with RoS through access to the latest data, software engineering and product delivery techniques. Key Responsibilities Provide day-to-day line management, coaching, and development of SOC analysts and engineers. Lead the configuration, tuning, and maintenance of core SOC capabilities including log aggregation, alerting, correlation, threat detection, and response tooling. Define, track, and report SOC performance metrics and KPIs, ensuring operational efficiency and alignment with organisation objectives. Manage and mentor SOC team members, setting clear performance objectives, monitoring KPIs, analysing metrics, and driving continuous improvement through coaching, training, and performance reviews. Collaborate with cyber engineers to develop and automate detection logic and incident response playbooks. Work with Technical Product Manager and Security Architect to ensure SOC capabilities align with enterprise security architecture and strategy. Ensure SOC processes are integrated with ITSM systems for effective incident, change, and problem management. Develop and maintain scenario-based runbooks and technical procedures for incident response. Engage with project teams to provide security assurance for new and existing services. Drive continuous improvement in SOC operations, tooling, and team capability. What We're Looking For Proven experience in a Security Operations Centre or operational security environment. Demonstrable experience managing or leading a technical team or function in an enterprise setting. Strong background in operating and maintaining SOC capabilities such as log management, alerting, threat detection, and incident response tooling. Experience in incident response, including leading technical investigations and developing response frameworks. Proficiency in integrating and operationalising cyber threat intelligence. Experience working with ITSM systems to manage and prioritise workloads. Experience reporting on SOC metrics including SLA/OLA performance, MTTD/MTTR, alert accuracy, and outcome-based security improvements. Excellent interpersonal and communication skills, with the ability to work effectively across technical and non-technical teams. Experience developing or implementing vulnerability management tools and processes. Familiarity with cloud security monitoring and hybrid infrastructure environments. Knowledge of relevant security frameworks such as NIST CRF, ISO 27001, NCSC CAF, and MITRE ATT&CK. Experience contributing to or leading SOC maturity assessments or improvement programmes. Package, Benefits and What's in it for you Up to 68,586 inclusive of market supplement Pay progression 28.97% pension (employer contribution) 38 days annual holiday, increasing to 42 days with length of service. Other benefits such as career development opportunities, qualifications, up to a year in parental leave and more Further information For further information relating to RoS, including: Additional details on pay & benefits The Civil Service Code Complaints process Use of AI in the application/recruitment process, Please view our additional information page online: ros . gov . uk/about/publications/governance-and-corporate/2024/recruitment-information Nationality and immigration status In general, only nationals from the following countries (and associations of countries) are eligible for employment in the Civil Service: the United Kingdom, the Republic of Ireland, and the Commonwealth. EU nationals (with settled or pre-settled status), certain EEA nationals, Swiss and Turkish nationals are also eligible for employment. Detailed provisions on determining eligibility on the grounds of nationality and, where relevant, immigration status can be reviewed here. gov . uk/government/publications/nationality-rules What you need to do now If you're interested in this role, click 'apply now' to send us your CV, or contact us for a confidential discussion. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)
Jan 09, 2026
Full time
Security Operations Centre / SOC Team Lead 58,252 - 68,586 per annum 28.97% Employer pension contribution and more great benefits Relaxed hybrid and flexible working environment Location: Glasgow or Edinburgh About the Role Hays' Cyber practice have partnered exclusively with Registers of Scotland (RoS) on the search for a Technical Team Lead within their internal Security Operations Centre. This role will have you leading a team of analysts and working alongside security engineers to develop and automate threat detection and response playbooks, as well as security architects and the wider IT function. The ideal candidate will have the technical expertise to work on day-to-day operations within a busy SOC, but also will have led SOC teams from a line-management, pastoral leadership, and ITSM perspective, ranging from SIEM use case tuning, to employee appraisals, KPI's and reporting metrics. About the Organisation Registers of Scotland (RoS) manages 21 land, property and other legal registers which are a critical asset for the Scottish economy. They aim to provide the best public service for Scotland and are on a mission to make some of the oldest public land registers in the world into some of the most modern. Registers of Scotland (RoS) is also an award-winning organisation recognised for its technology and innovation and is a world-leading pioneer in land and property registration. Their full-stack teams design, architect, and build all our registration products in-house, and they work to create digital solutions for the people of Scotland. You will get an opportunity to nurture your creativity and develop with RoS through access to the latest data, software engineering and product delivery techniques. Key Responsibilities Provide day-to-day line management, coaching, and development of SOC analysts and engineers. Lead the configuration, tuning, and maintenance of core SOC capabilities including log aggregation, alerting, correlation, threat detection, and response tooling. Define, track, and report SOC performance metrics and KPIs, ensuring operational efficiency and alignment with organisation objectives. Manage and mentor SOC team members, setting clear performance objectives, monitoring KPIs, analysing metrics, and driving continuous improvement through coaching, training, and performance reviews. Collaborate with cyber engineers to develop and automate detection logic and incident response playbooks. Work with Technical Product Manager and Security Architect to ensure SOC capabilities align with enterprise security architecture and strategy. Ensure SOC processes are integrated with ITSM systems for effective incident, change, and problem management. Develop and maintain scenario-based runbooks and technical procedures for incident response. Engage with project teams to provide security assurance for new and existing services. Drive continuous improvement in SOC operations, tooling, and team capability. What We're Looking For Proven experience in a Security Operations Centre or operational security environment. Demonstrable experience managing or leading a technical team or function in an enterprise setting. Strong background in operating and maintaining SOC capabilities such as log management, alerting, threat detection, and incident response tooling. Experience in incident response, including leading technical investigations and developing response frameworks. Proficiency in integrating and operationalising cyber threat intelligence. Experience working with ITSM systems to manage and prioritise workloads. Experience reporting on SOC metrics including SLA/OLA performance, MTTD/MTTR, alert accuracy, and outcome-based security improvements. Excellent interpersonal and communication skills, with the ability to work effectively across technical and non-technical teams. Experience developing or implementing vulnerability management tools and processes. Familiarity with cloud security monitoring and hybrid infrastructure environments. Knowledge of relevant security frameworks such as NIST CRF, ISO 27001, NCSC CAF, and MITRE ATT&CK. Experience contributing to or leading SOC maturity assessments or improvement programmes. Package, Benefits and What's in it for you Up to 68,586 inclusive of market supplement Pay progression 28.97% pension (employer contribution) 38 days annual holiday, increasing to 42 days with length of service. Other benefits such as career development opportunities, qualifications, up to a year in parental leave and more Further information For further information relating to RoS, including: Additional details on pay & benefits The Civil Service Code Complaints process Use of AI in the application/recruitment process, Please view our additional information page online: ros . gov . uk/about/publications/governance-and-corporate/2024/recruitment-information Nationality and immigration status In general, only nationals from the following countries (and associations of countries) are eligible for employment in the Civil Service: the United Kingdom, the Republic of Ireland, and the Commonwealth. EU nationals (with settled or pre-settled status), certain EEA nationals, Swiss and Turkish nationals are also eligible for employment. Detailed provisions on determining eligibility on the grounds of nationality and, where relevant, immigration status can be reviewed here. gov . uk/government/publications/nationality-rules What you need to do now If you're interested in this role, click 'apply now' to send us your CV, or contact us for a confidential discussion. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)
Senior SOC Analysts and Lead SOC Analysts for our government client based near Glasgow. Applicants need to have Active SC or DV clearance And be Eligible for DV vetting if successful. Fully onsite working on a 24/7 shift pattern Must be eligible/for DV vetting - Single British Nationality required by our government services client Rate 610-650 pd (depending on which role) Inside IR35 - Umbrella Company Working in an DV (Developed Vetting) Security cleared environment. You will hold a current DV or SC Security Clearance, or be eligible to undertake. The role requires working as part of a 24/7 shift pattern. This pattern will include weekends and bank holidays. Skills and Experience Required: Experience of SPLUNK with in a Security Operations Centre (SOC). A bachelor's degree in computer science, Cyber Security or relevant experience You should have a foundational understanding of networking concepts (TCP/IP, DNS, etc.), operating systems (Windows, Linux), and common cyber-attack techniques. Certifications like CompTIA Security+, Cybersecurity Analyst (CySA+), or a similar certification are a significant bonus to the role Key Responsibilities Continuous Monitoring: You will monitor security tools, including Security Information and Event Management (SIEM) systems, to detect suspicious activity. You will be the first to see potential threats and will need to be efficient and professional response against defined processes. Incident Triage: You will analyse alerts and logs to determine if an event is a genuine security incident or a false positive. You will need to be methodical and follow established procedures to classify and prioritize incidents. Initial Incident Response: For confirmed incidents, youll perform initial containment actions, such as isolating affected systems, and escalate the incident to a Level 2 or 3 analyst for deeper investigation. Reporting and Documentation: You will create detailed tickets and reports for all detected incidents, documenting your findings and the steps you took. This is crucial for tracking incidents and for future analysis. Tool Management: You will assist in the maintenance and optimization of security tools, ensuring they are working correctly and effectively. Please apply on line in the first instance SmartSourcing are a Disability Confident Employer and we promote, celebrate and value diversity, we are committed to promoting equality and inclusion for all.
Jan 09, 2026
Contractor
Senior SOC Analysts and Lead SOC Analysts for our government client based near Glasgow. Applicants need to have Active SC or DV clearance And be Eligible for DV vetting if successful. Fully onsite working on a 24/7 shift pattern Must be eligible/for DV vetting - Single British Nationality required by our government services client Rate 610-650 pd (depending on which role) Inside IR35 - Umbrella Company Working in an DV (Developed Vetting) Security cleared environment. You will hold a current DV or SC Security Clearance, or be eligible to undertake. The role requires working as part of a 24/7 shift pattern. This pattern will include weekends and bank holidays. Skills and Experience Required: Experience of SPLUNK with in a Security Operations Centre (SOC). A bachelor's degree in computer science, Cyber Security or relevant experience You should have a foundational understanding of networking concepts (TCP/IP, DNS, etc.), operating systems (Windows, Linux), and common cyber-attack techniques. Certifications like CompTIA Security+, Cybersecurity Analyst (CySA+), or a similar certification are a significant bonus to the role Key Responsibilities Continuous Monitoring: You will monitor security tools, including Security Information and Event Management (SIEM) systems, to detect suspicious activity. You will be the first to see potential threats and will need to be efficient and professional response against defined processes. Incident Triage: You will analyse alerts and logs to determine if an event is a genuine security incident or a false positive. You will need to be methodical and follow established procedures to classify and prioritize incidents. Initial Incident Response: For confirmed incidents, youll perform initial containment actions, such as isolating affected systems, and escalate the incident to a Level 2 or 3 analyst for deeper investigation. Reporting and Documentation: You will create detailed tickets and reports for all detected incidents, documenting your findings and the steps you took. This is crucial for tracking incidents and for future analysis. Tool Management: You will assist in the maintenance and optimization of security tools, ensuring they are working correctly and effectively. Please apply on line in the first instance SmartSourcing are a Disability Confident Employer and we promote, celebrate and value diversity, we are committed to promoting equality and inclusion for all.
SENIOR CYBER ENGINEER - LONDON - HYBRID WORKING - £90 - £100K + BONUS The Role We are seeking a Senior Cyber Engineer to lead project-based security engineering work, with a focus on securing identity, devices and cloud platforms. You will serve as the specialist in identity, access, and cloud security controls, supporting the secure operation and working predominantly within our Microsoft 365, Azure, and Salesforce environments. Working closely with the Head of Technology Operations & Cyber, internal stakeholders, our IT MSP, and our SOC, you will ensure our environment is secure, resilient, and well-governed. This is a hands-on, delivery-focused role owning security engineering projects end-to-end from design and planning through to implementation, documentation and transition into BAU. Key Responsibilities Security Engineering (Identity, Device & Cloud) Define, implement, maintain and enhance security baselines for: Improve overall security posture in line with Zero Trust principles. Roll out new cloud security features and controls. Integrate SaaS platforms for secure SSO and life cycle management. Continuously review and strengthen our cyber posture using industry-standard security benchmarks, configuration assessments and cloud security recommendations. Establish, champion and evolve patterns for: Identity and access management Microsoft 365 services (email, collaboration, file sharing) MDM/Intune device management (enrolment, compliance, baselines, app protection, conditional access enforcement) Application onboarding and SSO Admin access and just-in-time elevation Use of service accounts and service principals 2. Detection, Response & Assurance Enhance identity and access logs and signals within detection and response tooling. Tune identity-related alerts in partnership with SOC analysts. Support investigations into identity-related security incidents and lead root-cause analysis. Contribute to internal/external audits, penetration tests and regulatory reviews relating to identity, access or cloud security. 3. Governance, Documentation & Ways of Working Support assurance activities, including internal/external audits, penetration tests and regulatory reviews relating to identity, access and cloud security. Maintain documentation for identity and cloud security configurations, guardrails and principles. Contribute to policies, standards and procedures related to identity, access and cloud security. Support the business in embedding consistent security-by-design practices. Skills & Experience Essential Strong understanding of Microsoft 365 security capabilities, Azure cloud security concepts and Zero Trust principles. Significant hands-on experience administering and securing identity and access management platforms in a complex enterprise environment. Strong knowledge of adaptive access and MFA, RBAC and least privilege, Privileged Access Management, Data Loss Prevention, Identity Governance & access reviews, application onboarding and modern authentication (SAML/OAuth/OIDC). Proven experience delivering end-to-end security or platform engineering projects in cloud environments. Ability to translate regulatory and security requirements into pragmatic technical controls. Excellent communication skills across technical and non-technical stakeholders. SIEM/XDR tooling experience, such as Microsoft Sentinel. Experience contributing to security architecture and design decisions. Self-starter mindset - able to work independently and as part of a team. Strong problem-solving approach, with willingness to learn, adapt and figure things out. Desirable Experience with Infrastructure-as-Code and automation, eg, Bicep, ARM, Terraform, PowerShell. Experience in a regulated financial services environment, ideally FCA-regulated (not essential) Experience implementing Salesforce security enhancements (eg, Salesforce Shield). Qualifications Essential Relevant certifications such as Identity & Access Administrator (eg, SC-300 equivalent) and Cloud Security Engineer (eg, AZ-500 equivalent), or equivalent hands-on experience. Strong grounding in cyber security principles through training, qualifications or demonstrable experience. Desirable Industry certifications such as CISSP, CCSP, SSCP or similar. Degree in Computer Science, Information Security or a related discipline, or equivalent experience. This is an excellent opportunity to join a field leading client with opportunities for career progression. For more information and a full job description, please contact Ben Turner at BRT Consulting.
Jan 09, 2026
Full time
SENIOR CYBER ENGINEER - LONDON - HYBRID WORKING - £90 - £100K + BONUS The Role We are seeking a Senior Cyber Engineer to lead project-based security engineering work, with a focus on securing identity, devices and cloud platforms. You will serve as the specialist in identity, access, and cloud security controls, supporting the secure operation and working predominantly within our Microsoft 365, Azure, and Salesforce environments. Working closely with the Head of Technology Operations & Cyber, internal stakeholders, our IT MSP, and our SOC, you will ensure our environment is secure, resilient, and well-governed. This is a hands-on, delivery-focused role owning security engineering projects end-to-end from design and planning through to implementation, documentation and transition into BAU. Key Responsibilities Security Engineering (Identity, Device & Cloud) Define, implement, maintain and enhance security baselines for: Improve overall security posture in line with Zero Trust principles. Roll out new cloud security features and controls. Integrate SaaS platforms for secure SSO and life cycle management. Continuously review and strengthen our cyber posture using industry-standard security benchmarks, configuration assessments and cloud security recommendations. Establish, champion and evolve patterns for: Identity and access management Microsoft 365 services (email, collaboration, file sharing) MDM/Intune device management (enrolment, compliance, baselines, app protection, conditional access enforcement) Application onboarding and SSO Admin access and just-in-time elevation Use of service accounts and service principals 2. Detection, Response & Assurance Enhance identity and access logs and signals within detection and response tooling. Tune identity-related alerts in partnership with SOC analysts. Support investigations into identity-related security incidents and lead root-cause analysis. Contribute to internal/external audits, penetration tests and regulatory reviews relating to identity, access or cloud security. 3. Governance, Documentation & Ways of Working Support assurance activities, including internal/external audits, penetration tests and regulatory reviews relating to identity, access and cloud security. Maintain documentation for identity and cloud security configurations, guardrails and principles. Contribute to policies, standards and procedures related to identity, access and cloud security. Support the business in embedding consistent security-by-design practices. Skills & Experience Essential Strong understanding of Microsoft 365 security capabilities, Azure cloud security concepts and Zero Trust principles. Significant hands-on experience administering and securing identity and access management platforms in a complex enterprise environment. Strong knowledge of adaptive access and MFA, RBAC and least privilege, Privileged Access Management, Data Loss Prevention, Identity Governance & access reviews, application onboarding and modern authentication (SAML/OAuth/OIDC). Proven experience delivering end-to-end security or platform engineering projects in cloud environments. Ability to translate regulatory and security requirements into pragmatic technical controls. Excellent communication skills across technical and non-technical stakeholders. SIEM/XDR tooling experience, such as Microsoft Sentinel. Experience contributing to security architecture and design decisions. Self-starter mindset - able to work independently and as part of a team. Strong problem-solving approach, with willingness to learn, adapt and figure things out. Desirable Experience with Infrastructure-as-Code and automation, eg, Bicep, ARM, Terraform, PowerShell. Experience in a regulated financial services environment, ideally FCA-regulated (not essential) Experience implementing Salesforce security enhancements (eg, Salesforce Shield). Qualifications Essential Relevant certifications such as Identity & Access Administrator (eg, SC-300 equivalent) and Cloud Security Engineer (eg, AZ-500 equivalent), or equivalent hands-on experience. Strong grounding in cyber security principles through training, qualifications or demonstrable experience. Desirable Industry certifications such as CISSP, CCSP, SSCP or similar. Degree in Computer Science, Information Security or a related discipline, or equivalent experience. This is an excellent opportunity to join a field leading client with opportunities for career progression. For more information and a full job description, please contact Ben Turner at BRT Consulting.
Senior SOC Analysts Lead SOC Analysts with active SC or ideally DV clearance. Fully onsite working on a 24/7 shift rota. Must be eligible/for DV vetting - Single British Nationality required by our government services client in Milton Keynes or Glasgow Rate 610-650 pd Inside IR35 - Umbrella Company Working in an DV (Developed Vetting) Security cleared environment. You will hold a current DV or SC Security Clearance, or be eligible to undertake. The role requires working as part of a 24/7 shift pattern. This pattern will include weekends and bank holidays. Skills and Experience Required: Experience of SPLUNK with in a Security Operations Centre (SOC). A bachelor's degree in computer science, Cyber Security or relevant experience You should have a foundational understanding of networking concepts (TCP/IP, DNS, etc.), operating systems (Windows, Linux), and common cyber-attack techniques. Certifications like CompTIA Security+, Cybersecurity Analyst (CySA+), or a similar certification are a significant bonus to the role Key Responsibilities Continuous Monitoring: You will monitor security tools, including Security Information and Event Management (SIEM) systems, to detect suspicious activity. You will be the first to see potential threats and will need to be efficient and professional response against defined processes. Incident Triage: You will analyse alerts and logs to determine if an event is a genuine security incident or a false positive. You will need to be methodical and follow established procedures to classify and prioritize incidents. Initial Incident Response: For confirmed incidents, youll perform initial containment actions, such as isolating affected systems, and escalate the incident to a Level 2 or 3 analyst for deeper investigation. Reporting and Documentation: You'll create detailed tickets and reports for all detected incidents, documenting your findings and the steps you took. This is crucial for tracking incidents and for future analysis. Tool Management: You will assist in the maintenance and optimization of security tools, ensuring they are working correctly and effectively. Please apply on line in the first instance SmartSourcing are a Disability Confident Employer and we promote, celebrate and value diversity, we are committed to promoting equality and inclusion for all.
Jan 09, 2026
Contractor
Senior SOC Analysts Lead SOC Analysts with active SC or ideally DV clearance. Fully onsite working on a 24/7 shift rota. Must be eligible/for DV vetting - Single British Nationality required by our government services client in Milton Keynes or Glasgow Rate 610-650 pd Inside IR35 - Umbrella Company Working in an DV (Developed Vetting) Security cleared environment. You will hold a current DV or SC Security Clearance, or be eligible to undertake. The role requires working as part of a 24/7 shift pattern. This pattern will include weekends and bank holidays. Skills and Experience Required: Experience of SPLUNK with in a Security Operations Centre (SOC). A bachelor's degree in computer science, Cyber Security or relevant experience You should have a foundational understanding of networking concepts (TCP/IP, DNS, etc.), operating systems (Windows, Linux), and common cyber-attack techniques. Certifications like CompTIA Security+, Cybersecurity Analyst (CySA+), or a similar certification are a significant bonus to the role Key Responsibilities Continuous Monitoring: You will monitor security tools, including Security Information and Event Management (SIEM) systems, to detect suspicious activity. You will be the first to see potential threats and will need to be efficient and professional response against defined processes. Incident Triage: You will analyse alerts and logs to determine if an event is a genuine security incident or a false positive. You will need to be methodical and follow established procedures to classify and prioritize incidents. Initial Incident Response: For confirmed incidents, youll perform initial containment actions, such as isolating affected systems, and escalate the incident to a Level 2 or 3 analyst for deeper investigation. Reporting and Documentation: You'll create detailed tickets and reports for all detected incidents, documenting your findings and the steps you took. This is crucial for tracking incidents and for future analysis. Tool Management: You will assist in the maintenance and optimization of security tools, ensuring they are working correctly and effectively. Please apply on line in the first instance SmartSourcing are a Disability Confident Employer and we promote, celebrate and value diversity, we are committed to promoting equality and inclusion for all.
Security Operations Centre/SOC Team Lead £58,252 - £68,586 per annum 28.97% Employer pension contribution and more great benefits Relaxed hybrid and flexible working environment Location: Glasgow or Edinburgh About the Role Hays' Cyber practice have partnered exclusively with Registers of Scotland (RoS) on the search for a Technical Team Lead within their internal Security Operations Centre. This role will have you leading a team of analysts and working alongside security engineers to develop and automate threat detection and response playbooks, as well as security architects and the wider IT function. The ideal candidate will have the technical expertise to work on day-to-day operations within a busy SOC, but also will have led SOC teams from a line-management, pastoral leadership, and ITSM perspective, ranging from SIEM use case tuning, to employee appraisals, KPI's and reporting metrics. About the Organisation Registers of Scotland (RoS) manages 21 land, property and other legal registers which are a critical asset for the Scottish economy. They aim to provide the best public service for Scotland and are on a mission to make some of the oldest public land registers in the world into some of the most modern. Registers of Scotland (RoS) is also an award-winning organisation recognised for its technology and innovation and is a world-leading pioneer in land and property registration. Their full-stack teams design, architect, and build all our registration products in-house, and they work to create digital solutions for the people of Scotland. You will get an opportunity to nurture your creativity and develop with RoS through access to the latest data, software engineering and product delivery techniques. Key Responsibilities Provide day-to-day line management, coaching, and development of SOC analysts and engineers. Lead the configuration, tuning, and maintenance of core SOC capabilities including log aggregation, alerting, correlation, threat detection, and response tooling. Define, track, and report SOC performance metrics and KPIs, ensuring operational efficiency and alignment with organisation objectives. Manage and mentor SOC team members, setting clear performance objectives, monitoring KPIs, analysing metrics, and driving continuous improvement through coaching, training, and performance reviews. Collaborate with cyber engineers to develop and automate detection logic and incident response playbooks. Work with Technical Product Manager and Security Architect to ensure SOC capabilities align with enterprise security architecture and strategy. Ensure SOC processes are integrated with ITSM systems for effective incident, change, and problem management. Develop and maintain scenario-based runbooks and technical procedures for incident response. Engage with project teams to provide security assurance for new and existing services. Drive continuous improvement in SOC operations, tooling, and team capability. What We're Looking For Proven experience in a Security Operations Centre or operational security environment. Demonstrable experience managing or leading a technical team or function in an enterprise setting. Strong background in operating and maintaining SOC capabilities such as log management, alerting, threat detection, and incident response tooling. Experience in incident response, including leading technical investigations and developing response frameworks. Proficiency in integrating and operationalising cyber threat intelligence. Experience working with ITSM systems to manage and prioritise workloads. Experience reporting on SOC metrics including SLA/OLA performance, MTTD/MTTR, alert accuracy, and outcome-based security improvements. Excellent interpersonal and communication skills, with the ability to work effectively across technical and non-technical teams. Experience developing or implementing vulnerability management tools and processes. Familiarity with cloud security monitoring and hybrid infrastructure environments. Knowledge of relevant security frameworks such as NIST CRF, ISO 27001, NCSC CAF, and MITRE ATT&CK. Experience contributing to or leading SOC maturity assessments or improvement programmes. Package, Benefits and What's in it for you Up to £68,586 inclusive of market supplement Pay progression 28.97% pension (employer contribution) 38 days annual holiday, increasing to 42 days with length of service. Other benefits such as career development opportunities, qualifications, up to a year in parental leave and more Further information For further information relating to RoS, including: Additional details on pay & benefits The Civil Service Code Complaints process Use of AI in the application/recruitment process, Please view our additional information page online Nationality and immigration status In general, only nationals from the following countries (and associations of countries) are eligible for employment in the Civil Service: the United Kingdom, the Republic of Ireland, and the Commonwealth. EU nationals (with settled or pre-settled status), certain EEA nationals, Swiss and Turkish nationals are also eligible for employment. Detailed provisions on determining eligibility on the grounds of nationality and where relevant, immigration status can be reviewed here. gov[.]uk/government/publications/nationality-rules What you need to do now If you're interested in this role, click 'apply now' to send us your CV, or contact us for a confidential discussion. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found on our website.
Jan 09, 2026
Full time
Security Operations Centre/SOC Team Lead £58,252 - £68,586 per annum 28.97% Employer pension contribution and more great benefits Relaxed hybrid and flexible working environment Location: Glasgow or Edinburgh About the Role Hays' Cyber practice have partnered exclusively with Registers of Scotland (RoS) on the search for a Technical Team Lead within their internal Security Operations Centre. This role will have you leading a team of analysts and working alongside security engineers to develop and automate threat detection and response playbooks, as well as security architects and the wider IT function. The ideal candidate will have the technical expertise to work on day-to-day operations within a busy SOC, but also will have led SOC teams from a line-management, pastoral leadership, and ITSM perspective, ranging from SIEM use case tuning, to employee appraisals, KPI's and reporting metrics. About the Organisation Registers of Scotland (RoS) manages 21 land, property and other legal registers which are a critical asset for the Scottish economy. They aim to provide the best public service for Scotland and are on a mission to make some of the oldest public land registers in the world into some of the most modern. Registers of Scotland (RoS) is also an award-winning organisation recognised for its technology and innovation and is a world-leading pioneer in land and property registration. Their full-stack teams design, architect, and build all our registration products in-house, and they work to create digital solutions for the people of Scotland. You will get an opportunity to nurture your creativity and develop with RoS through access to the latest data, software engineering and product delivery techniques. Key Responsibilities Provide day-to-day line management, coaching, and development of SOC analysts and engineers. Lead the configuration, tuning, and maintenance of core SOC capabilities including log aggregation, alerting, correlation, threat detection, and response tooling. Define, track, and report SOC performance metrics and KPIs, ensuring operational efficiency and alignment with organisation objectives. Manage and mentor SOC team members, setting clear performance objectives, monitoring KPIs, analysing metrics, and driving continuous improvement through coaching, training, and performance reviews. Collaborate with cyber engineers to develop and automate detection logic and incident response playbooks. Work with Technical Product Manager and Security Architect to ensure SOC capabilities align with enterprise security architecture and strategy. Ensure SOC processes are integrated with ITSM systems for effective incident, change, and problem management. Develop and maintain scenario-based runbooks and technical procedures for incident response. Engage with project teams to provide security assurance for new and existing services. Drive continuous improvement in SOC operations, tooling, and team capability. What We're Looking For Proven experience in a Security Operations Centre or operational security environment. Demonstrable experience managing or leading a technical team or function in an enterprise setting. Strong background in operating and maintaining SOC capabilities such as log management, alerting, threat detection, and incident response tooling. Experience in incident response, including leading technical investigations and developing response frameworks. Proficiency in integrating and operationalising cyber threat intelligence. Experience working with ITSM systems to manage and prioritise workloads. Experience reporting on SOC metrics including SLA/OLA performance, MTTD/MTTR, alert accuracy, and outcome-based security improvements. Excellent interpersonal and communication skills, with the ability to work effectively across technical and non-technical teams. Experience developing or implementing vulnerability management tools and processes. Familiarity with cloud security monitoring and hybrid infrastructure environments. Knowledge of relevant security frameworks such as NIST CRF, ISO 27001, NCSC CAF, and MITRE ATT&CK. Experience contributing to or leading SOC maturity assessments or improvement programmes. Package, Benefits and What's in it for you Up to £68,586 inclusive of market supplement Pay progression 28.97% pension (employer contribution) 38 days annual holiday, increasing to 42 days with length of service. Other benefits such as career development opportunities, qualifications, up to a year in parental leave and more Further information For further information relating to RoS, including: Additional details on pay & benefits The Civil Service Code Complaints process Use of AI in the application/recruitment process, Please view our additional information page online Nationality and immigration status In general, only nationals from the following countries (and associations of countries) are eligible for employment in the Civil Service: the United Kingdom, the Republic of Ireland, and the Commonwealth. EU nationals (with settled or pre-settled status), certain EEA nationals, Swiss and Turkish nationals are also eligible for employment. Detailed provisions on determining eligibility on the grounds of nationality and where relevant, immigration status can be reviewed here. gov[.]uk/government/publications/nationality-rules What you need to do now If you're interested in this role, click 'apply now' to send us your CV, or contact us for a confidential discussion. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found on our website.
ROLE TITLE: SOC Analyst - SC Cleared LOCATION: flexible (can be predominantly remote) The ideal candidate must have active SC clearance We are actively looking to secure an SOC Analyst to join Experis. Experis Consultancy is a Global entity with a well-established team with over 1000 consultants on assignment across 20 clients globally. Our UK operation is growing and has very aggressive plans for expansion over the coming years. We form part of the Manpower group of companies that turn over $20 billion a year collectively. Experis UK have partnerships with major clients across the UK spanning multiple industries; our approach is a very personal one, with both our clients and our own employees. We are passionate about training, technology and career development. Skills required: Microsoft Certified: Security Operations Analyst Associate Certification (SC200) is a mandatory requirement for role fulfilment Experience working with SIEM technologies and security tooling An understanding of IT Infrastructure and Networking An understanding of vulnerability and threat management An understanding of the incident response life cycle T The ability to work in a close team and independently The ability to be adaptable to a high pace changeable workload An interest in security and threat management Nice to have skills A SOC Analyst will be responsible for providing Protective Monitoring Services across a range of Secure Customers. They will be responsible for the day to day monitoring using various SIEM Tools (Qradar, Sentinel & LogRhythm). Some of the responsibilities that come along with this role include the following: Security Analytics Incident investigation, triage and escalation Threat monitoring and response Trend reporting Rule tuning and continual service improvement The role involves working alongside other team members including SOC engineers and Service Managers. Benefits Include: Contributory pension scheme Employee Assistance Program Medical and Dental cover 22 days holiday + bank holidays Maternity Pay/Shared Parental leave and paternity leave Sick pay Suitable Candidates should submit CVs in the first instance.
Jan 09, 2026
Full time
ROLE TITLE: SOC Analyst - SC Cleared LOCATION: flexible (can be predominantly remote) The ideal candidate must have active SC clearance We are actively looking to secure an SOC Analyst to join Experis. Experis Consultancy is a Global entity with a well-established team with over 1000 consultants on assignment across 20 clients globally. Our UK operation is growing and has very aggressive plans for expansion over the coming years. We form part of the Manpower group of companies that turn over $20 billion a year collectively. Experis UK have partnerships with major clients across the UK spanning multiple industries; our approach is a very personal one, with both our clients and our own employees. We are passionate about training, technology and career development. Skills required: Microsoft Certified: Security Operations Analyst Associate Certification (SC200) is a mandatory requirement for role fulfilment Experience working with SIEM technologies and security tooling An understanding of IT Infrastructure and Networking An understanding of vulnerability and threat management An understanding of the incident response life cycle T The ability to work in a close team and independently The ability to be adaptable to a high pace changeable workload An interest in security and threat management Nice to have skills A SOC Analyst will be responsible for providing Protective Monitoring Services across a range of Secure Customers. They will be responsible for the day to day monitoring using various SIEM Tools (Qradar, Sentinel & LogRhythm). Some of the responsibilities that come along with this role include the following: Security Analytics Incident investigation, triage and escalation Threat monitoring and response Trend reporting Rule tuning and continual service improvement The role involves working alongside other team members including SOC engineers and Service Managers. Benefits Include: Contributory pension scheme Employee Assistance Program Medical and Dental cover 22 days holiday + bank holidays Maternity Pay/Shared Parental leave and paternity leave Sick pay Suitable Candidates should submit CVs in the first instance.
The Role: We are working with a global enterprise who has an opening for a SIEM Engineer/Cyber Security Engineer with experience of building rules to detect threats. The successful team will be working with an established team of engineers to build a new SIEM platform. SIEM Solution Development: Collaborate with security analysts and architects to design and implement SIEM solutions using Elasticsearch. Optimize SIEM rules, alerts, and dashboards for efficient threat detection. Collaboration: Collaborate effectively with others to drive forward key security objectives Query Optimization and Performance Tuning: Write efficient Elasticsearch queries to retrieve relevant security events. Monitor and manage the performance of the SIEM infrastructure. Security Engineering: Contribute to security engineering projects, transitions, and transformations. Work closely with security operations and associated security incident response systems Stay informed about emerging threats and security best practices. Skills Required: 3 years + experience working in a Cyber Security Engineer/SIEM Engineer role. Experience setting up access controls, authentication and encryption using Elastic Security features. Knowledge of detection rule development. Including the ability to create, test and optimise detection rules to identify suspicious activities and potential threats. Performance Tuning with Elasticsearch and Logstash including fine-tune query performance using Elasticsearch indices and mappings. Experience of monitoring Logstash pipelines. Experience with Kibana visualization and monitoring. Creating custom visualizations to track data quality metrics and systems performance. Knowledge of offensive testing frameworks advantageous.
Jan 09, 2026
Contractor
The Role: We are working with a global enterprise who has an opening for a SIEM Engineer/Cyber Security Engineer with experience of building rules to detect threats. The successful team will be working with an established team of engineers to build a new SIEM platform. SIEM Solution Development: Collaborate with security analysts and architects to design and implement SIEM solutions using Elasticsearch. Optimize SIEM rules, alerts, and dashboards for efficient threat detection. Collaboration: Collaborate effectively with others to drive forward key security objectives Query Optimization and Performance Tuning: Write efficient Elasticsearch queries to retrieve relevant security events. Monitor and manage the performance of the SIEM infrastructure. Security Engineering: Contribute to security engineering projects, transitions, and transformations. Work closely with security operations and associated security incident response systems Stay informed about emerging threats and security best practices. Skills Required: 3 years + experience working in a Cyber Security Engineer/SIEM Engineer role. Experience setting up access controls, authentication and encryption using Elastic Security features. Knowledge of detection rule development. Including the ability to create, test and optimise detection rules to identify suspicious activities and potential threats. Performance Tuning with Elasticsearch and Logstash including fine-tune query performance using Elasticsearch indices and mappings. Experience of monitoring Logstash pipelines. Experience with Kibana visualization and monitoring. Creating custom visualizations to track data quality metrics and systems performance. Knowledge of offensive testing frameworks advantageous.
Graduate SOC Analyst Managed Security Services Provider, London Fully Remote We are working with a leading MSSP in London who are looking to hire a Graduate SOC Analyst to join their growing Security Operations team. This is a fully remote role, ideal for someone at the start of their cyber security career who is keen to learn, investigate, and grow in a hands on SOC environment. Main Skills Required Basic programming or Scripting experience Linux experience Bonus Skills Genuine passion for cyber security Enjoys problem solving and investigation Naturally inquisitive mindset Understanding of the Cyber Kill Chain and the phases of security incident response Responsibilities Analyse and investigate alerts generated by SIEM platforms Support the day to day maintenance and tuning of SIEM and Next Gen UBA tools, including rules, alerts, and reports Take ownership of the security incident management process, including customer notification, prioritisation, investigation, updates, reporting, and closure Monitor and analyse events and abnormal user behaviour to identify potential breaches, malware, and malicious activity Use threat intelligence services to identify known and emerging threats and help develop mitigations Work closely with customer security teams to detect, contain, and eradicate threats Build knowledge across wider IT and security tools including Firewalls, endpoint solutions, and Active Directory Gain exposure to security assessments and compliance standards such as ISO27001 and PCI, advantageous but not essential This role offers structured training, real world security exposure, and a clear path for progression within a professional SOC environment, all while working fully remotely.
Jan 08, 2026
Full time
Graduate SOC Analyst Managed Security Services Provider, London Fully Remote We are working with a leading MSSP in London who are looking to hire a Graduate SOC Analyst to join their growing Security Operations team. This is a fully remote role, ideal for someone at the start of their cyber security career who is keen to learn, investigate, and grow in a hands on SOC environment. Main Skills Required Basic programming or Scripting experience Linux experience Bonus Skills Genuine passion for cyber security Enjoys problem solving and investigation Naturally inquisitive mindset Understanding of the Cyber Kill Chain and the phases of security incident response Responsibilities Analyse and investigate alerts generated by SIEM platforms Support the day to day maintenance and tuning of SIEM and Next Gen UBA tools, including rules, alerts, and reports Take ownership of the security incident management process, including customer notification, prioritisation, investigation, updates, reporting, and closure Monitor and analyse events and abnormal user behaviour to identify potential breaches, malware, and malicious activity Use threat intelligence services to identify known and emerging threats and help develop mitigations Work closely with customer security teams to detect, contain, and eradicate threats Build knowledge across wider IT and security tools including Firewalls, endpoint solutions, and Active Directory Gain exposure to security assessments and compliance standards such as ISO27001 and PCI, advantageous but not essential This role offers structured training, real world security exposure, and a clear path for progression within a professional SOC environment, all while working fully remotely.
Your New Company and Role We're partnering with a leading organisation seeking an experienced Lead SOC Analyst to join their team in Glasgow on a 12-month contract. This is a fantastic opportunity to take a leadership role within a 24/7 Security Operations Centre (SOC), protecting critical systems from cyber threats. As a Level 2 SOC Analyst, you'll not only monitor and respond to incidents but also provide guidance and support to junior team members. Your responsibilities will include: Continuous Monitoring: Oversee SIEM tools (including Splunk) to detect suspicious activity and ensure timely response. Incident Triage: Analyse alerts and logs to confirm genuine incidents and prioritise effectively. Initial Incident Response: Execute containment actions and escalate complex cases to senior analysts. Reporting & Documentation: Maintain detailed records of incidents and actions taken for tracking and analysis. Team Leadership: Provide direction and support to junior analysts during shifts and ensure smooth handovers. Tool Management: Assist in maintaining and optimising security tools for peak performance. What You'll Need to Succeed Strong leadership skills with the ability to guide and mentor junior team members. Excellent problem-solving abilities, attention to detail, and ability to work under pressure. Hands-on experience with Splunk in a SOC environment. Solid understanding of networking (TCP/IP, DNS), operating systems (Windows/Linux), and common cyber-attack techniques. A degree in Computer Science, Cybersecurity, IT, or equivalent experience. Certifications such as CompTIA Security+, CySA+, or similar are highly desirable. What You'll Get in Return Competitive daily rate up to 633. 12-month contract with potential for extension. Opportunity to lead within a high-performing SOC team on mission-critical projects. What you need to do now If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now. If this job isn't quite right for you, but you are looking for a new position, please contact us for a confidential discussion about your career. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)
Jan 08, 2026
Contractor
Your New Company and Role We're partnering with a leading organisation seeking an experienced Lead SOC Analyst to join their team in Glasgow on a 12-month contract. This is a fantastic opportunity to take a leadership role within a 24/7 Security Operations Centre (SOC), protecting critical systems from cyber threats. As a Level 2 SOC Analyst, you'll not only monitor and respond to incidents but also provide guidance and support to junior team members. Your responsibilities will include: Continuous Monitoring: Oversee SIEM tools (including Splunk) to detect suspicious activity and ensure timely response. Incident Triage: Analyse alerts and logs to confirm genuine incidents and prioritise effectively. Initial Incident Response: Execute containment actions and escalate complex cases to senior analysts. Reporting & Documentation: Maintain detailed records of incidents and actions taken for tracking and analysis. Team Leadership: Provide direction and support to junior analysts during shifts and ensure smooth handovers. Tool Management: Assist in maintaining and optimising security tools for peak performance. What You'll Need to Succeed Strong leadership skills with the ability to guide and mentor junior team members. Excellent problem-solving abilities, attention to detail, and ability to work under pressure. Hands-on experience with Splunk in a SOC environment. Solid understanding of networking (TCP/IP, DNS), operating systems (Windows/Linux), and common cyber-attack techniques. A degree in Computer Science, Cybersecurity, IT, or equivalent experience. Certifications such as CompTIA Security+, CySA+, or similar are highly desirable. What You'll Get in Return Competitive daily rate up to 633. 12-month contract with potential for extension. Opportunity to lead within a high-performing SOC team on mission-critical projects. What you need to do now If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now. If this job isn't quite right for you, but you are looking for a new position, please contact us for a confidential discussion about your career. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)
Your New Company and Role We're working with a leading organisation seeking a Senior SOC Analyst to join their team in Glasgow on a 12-month contract. This is an exciting opportunity to be at the forefront of cyber defence, protecting critical systems from evolving threats. As part of a 24/7 Security Operations Centre (SOC) team, you'll monitor systems, detect potential incidents, and initiate the incident response process. Your key responsibilities will include: Continuous Monitoring: Use SIEM tools (including Splunk) to identify suspicious activity and respond efficiently. Incident Triage: Analyse alerts and logs to determine genuine incidents and prioritise accordingly. Initial Incident Response: Perform containment actions and escalate to senior analysts for deeper investigation. Reporting & Documentation: Create detailed incident reports and maintain accurate records. Tool Management: Assist in maintaining and optimising security tools for peak performance. What You'll Need to Succeed Strong problem-solving skills, attention to detail, and ability to work under pressure. Excellent communication skills and a collaborative approach. Hands-on experience with Splunk in a SOC environment. Solid understanding of networking (TCP/IP, DNS), operating systems (Windows/Linux), and common cyber-attack techniques. A degree in Computer Science, Cybersecurity, IT, or equivalent experience. Certifications such as CompTIA Security+, CySA+, or similar are highly desirable. What You'll Get in Return Competitive daily rate up to 573. 12-month contract with potential for extension. Opportunity to work in a high-performing SOC team on mission-critical projects. What you need to do now If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now. If this job isn't quite right for you, but you are looking for a new position, please contact us for a confidential discussion about your career. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)
Jan 08, 2026
Contractor
Your New Company and Role We're working with a leading organisation seeking a Senior SOC Analyst to join their team in Glasgow on a 12-month contract. This is an exciting opportunity to be at the forefront of cyber defence, protecting critical systems from evolving threats. As part of a 24/7 Security Operations Centre (SOC) team, you'll monitor systems, detect potential incidents, and initiate the incident response process. Your key responsibilities will include: Continuous Monitoring: Use SIEM tools (including Splunk) to identify suspicious activity and respond efficiently. Incident Triage: Analyse alerts and logs to determine genuine incidents and prioritise accordingly. Initial Incident Response: Perform containment actions and escalate to senior analysts for deeper investigation. Reporting & Documentation: Create detailed incident reports and maintain accurate records. Tool Management: Assist in maintaining and optimising security tools for peak performance. What You'll Need to Succeed Strong problem-solving skills, attention to detail, and ability to work under pressure. Excellent communication skills and a collaborative approach. Hands-on experience with Splunk in a SOC environment. Solid understanding of networking (TCP/IP, DNS), operating systems (Windows/Linux), and common cyber-attack techniques. A degree in Computer Science, Cybersecurity, IT, or equivalent experience. Certifications such as CompTIA Security+, CySA+, or similar are highly desirable. What You'll Get in Return Competitive daily rate up to 573. 12-month contract with potential for extension. Opportunity to work in a high-performing SOC team on mission-critical projects. What you need to do now If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now. If this job isn't quite right for you, but you are looking for a new position, please contact us for a confidential discussion about your career. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)
Threat Intelligence Analyst - initial 3-6 month contract Portsmouth or London (2 days a week onsite) 500 - 600 a day (inside IR35) We're seeking a highly experienced Threat Intelligence Analyst to lead adversary tracking, threat analysis, and intelligence integration across this large organisation. This is a senior, hands-on role combining strategic threat insight with operational delivery, acting as the primary threat intelligence specialist within the InfoSec function and managing a third-party intelligence provider. This role is ideal for someone who understands the UK threat landscape, particularly critical national infrastructure and public sector risks, and can translate threat intelligence into actionable detection, response, and executive insight. Key Responsibilities Lead threat actor tracking and attribution, focusing on APTs, ransomware, supply chain attacks and UK-relevant campaigns Maintain adversary profiles using MITRE ATT&CK, Diamond Model and sector-specific threat frameworks Correlate internal security telemetry with external intelligence feeds (e.g. MISP, Recorded Future, ISACs, Microsoft TI) Operationalise STIX/TAXII feeds and enrich IOC/IOA pipelines for SOC and Incident Response teams Translate threat intelligence into actionable detections, working with engineers on KQL/SPL queries and proactive threat hunts Produce regular threat reports and briefings for SOC leadership, CISO and senior stakeholders, including board-level risk narratives Manage and oversee a third-party cyber threat intelligence provider, ensuring quality, relevance and value Engage with UK threat-sharing communities and maintain internal threat intelligence documentation and playbooks Required Skills & Experience 5+ years' experience in Threat Intelligence, SOC or Incident Response Strong working knowledge of MITRE ATT&CK and threat actor lifecycle analysis Hands-on experience with threat intelligence platforms such as MISP, Recorded Future, Anomali or similar Strong experience with Microsoft security tooling, ideally Sentinel and Defender Proficiency in KQL and working knowledge of Python for automation and enrichment Experience integrating intelligence into SIEM, EDR/XDR, and cloud security platforms (Microsoft, AWS, CrowdStrike, etc.) Deep understanding of the UK cyber threat landscape, particularly critical national infrastructure and public sector threats Comfortable operating as a sole senior threat intelligence specialist while collaborating across SOC and InfoSec teams Desirable Certifications GIAC Cyber Threat Intelligence (GCTI) CREST Threat Intelligence Analyst GCIH, SC-200, AWS Security Specialty We're looking for someone who can interview in Jan and ideally start within a few weeks so please apply asap
Jan 07, 2026
Contractor
Threat Intelligence Analyst - initial 3-6 month contract Portsmouth or London (2 days a week onsite) 500 - 600 a day (inside IR35) We're seeking a highly experienced Threat Intelligence Analyst to lead adversary tracking, threat analysis, and intelligence integration across this large organisation. This is a senior, hands-on role combining strategic threat insight with operational delivery, acting as the primary threat intelligence specialist within the InfoSec function and managing a third-party intelligence provider. This role is ideal for someone who understands the UK threat landscape, particularly critical national infrastructure and public sector risks, and can translate threat intelligence into actionable detection, response, and executive insight. Key Responsibilities Lead threat actor tracking and attribution, focusing on APTs, ransomware, supply chain attacks and UK-relevant campaigns Maintain adversary profiles using MITRE ATT&CK, Diamond Model and sector-specific threat frameworks Correlate internal security telemetry with external intelligence feeds (e.g. MISP, Recorded Future, ISACs, Microsoft TI) Operationalise STIX/TAXII feeds and enrich IOC/IOA pipelines for SOC and Incident Response teams Translate threat intelligence into actionable detections, working with engineers on KQL/SPL queries and proactive threat hunts Produce regular threat reports and briefings for SOC leadership, CISO and senior stakeholders, including board-level risk narratives Manage and oversee a third-party cyber threat intelligence provider, ensuring quality, relevance and value Engage with UK threat-sharing communities and maintain internal threat intelligence documentation and playbooks Required Skills & Experience 5+ years' experience in Threat Intelligence, SOC or Incident Response Strong working knowledge of MITRE ATT&CK and threat actor lifecycle analysis Hands-on experience with threat intelligence platforms such as MISP, Recorded Future, Anomali or similar Strong experience with Microsoft security tooling, ideally Sentinel and Defender Proficiency in KQL and working knowledge of Python for automation and enrichment Experience integrating intelligence into SIEM, EDR/XDR, and cloud security platforms (Microsoft, AWS, CrowdStrike, etc.) Deep understanding of the UK cyber threat landscape, particularly critical national infrastructure and public sector threats Comfortable operating as a sole senior threat intelligence specialist while collaborating across SOC and InfoSec teams Desirable Certifications GIAC Cyber Threat Intelligence (GCTI) CREST Threat Intelligence Analyst GCIH, SC-200, AWS Security Specialty We're looking for someone who can interview in Jan and ideally start within a few weeks so please apply asap
Security Analyst 3-month contract My Customer is looking for a proactive Security Analyst to join their team and take ownership of monitoring, triaging, and responding to security alerts across their Microsoft security ecosystem. Strong experience troubleshooting and responding to alerts would be the main focus of the role. Strong expertise with Microsoft Defender and Sentinel is needed. Key Skills & Experience from the Security Analyst: Strong experience with Microsoft Sentinel (SIEM) and Microsoft Defender suite (Defender for Endpoint, Identity, Cloud, etc.). Proven track record in security monitoring, incident response, and alert troubleshooting . Working knowledge of SOAR platforms (preferably within Sentinel or similar). Understanding of threat detection, log analysis, and automation within Microsoft s security ecosystem. Experience with Tenable is beneficial Knowledge of Microsoft Purview would be beneficial Key Responsibilities of the Security Analyst: Monitor, investigate, and respond to security alerts and incidents in Microsoft Sentinel and Microsoft Defender . Perform detailed security event analysis and correlation, escalating incidents where necessary. Develop and optimise SOAR (Security Orchestration, Automation and Response) playbooks to enhance incident response and efficiency. Collaborate with wider IT and security teams to improve threat detection, incident handling, and response processes. Apply now to speak with VIQU IT in confidence about the Security Analyst role. Or reach out to Connor Smal via the VIQU IT website. Do you know someone great? We ll thank you with up to £1,000 if your referral is successful (terms apply). For more exciting roles and opportunities like this, please follow us on IT Recruitment.
Jan 06, 2026
Contractor
Security Analyst 3-month contract My Customer is looking for a proactive Security Analyst to join their team and take ownership of monitoring, triaging, and responding to security alerts across their Microsoft security ecosystem. Strong experience troubleshooting and responding to alerts would be the main focus of the role. Strong expertise with Microsoft Defender and Sentinel is needed. Key Skills & Experience from the Security Analyst: Strong experience with Microsoft Sentinel (SIEM) and Microsoft Defender suite (Defender for Endpoint, Identity, Cloud, etc.). Proven track record in security monitoring, incident response, and alert troubleshooting . Working knowledge of SOAR platforms (preferably within Sentinel or similar). Understanding of threat detection, log analysis, and automation within Microsoft s security ecosystem. Experience with Tenable is beneficial Knowledge of Microsoft Purview would be beneficial Key Responsibilities of the Security Analyst: Monitor, investigate, and respond to security alerts and incidents in Microsoft Sentinel and Microsoft Defender . Perform detailed security event analysis and correlation, escalating incidents where necessary. Develop and optimise SOAR (Security Orchestration, Automation and Response) playbooks to enhance incident response and efficiency. Collaborate with wider IT and security teams to improve threat detection, incident handling, and response processes. Apply now to speak with VIQU IT in confidence about the Security Analyst role. Or reach out to Connor Smal via the VIQU IT website. Do you know someone great? We ll thank you with up to £1,000 if your referral is successful (terms apply). For more exciting roles and opportunities like this, please follow us on IT Recruitment.
Location: Stevenage (onsite / shift patterns) Duration: 6 month initial contract Rate: 45ph UMB to 66ph UMB (Inside IR35) Due to the nature of the role, candidates must be eligible for UK Eyes Only Security Clearance. Role details: Our client, a leading defence company, are looking for a SOC Analyst to join their team in Stevenage. The successful applicant will drive a proactive ethos in an ever-changing cyber security environment and provide robust threat detection and analysis within the 24x7 SOC. Responsibilities: This role will cover analysis, monitoring, reporting, alerting and investigation activity utilising a wide variety of security platforms including AI/ML and behavioural analytics, SIEM (Security Information Event Management), Network Packet Capture platform, Anti Malicious Code, Threat Detection technologies and platforms across the UK Network Perimeter working with the best standard technologies. Effective Tier 1 to 2 alert triage of security events Monitoring of Cyber Security tools Monitoring the SOC email notification mailboxes Assists with the maintenance of MBDA Security technologies Assisting the SOC Solutions Lead with project activity Assist proactive threat hunting in collaboration with the CTI function Assist IR in HR and InfoSec related investigations Ensure the timely triage and remediation of any incident or request tickets raised to the SOC Participate in the activity of adding/removing URLs from the AcceptList and BlockList Attend routine security meetings Conduct activities in line with SOC Maturity and continuous improvement What we are looking for in you: A career background in Cyber Security. Security awareness and experience in all areas of IT, primarily Network Security, Infrastructure and the secondary area being Operating Systems & Applications. Knowledge of IT Security standard methodologies. Demonstrable understanding of the OSI Reference Model and the network communication protocols, including but not limited to DNS, HTTP/S, SSL, SMTP, FTP/S, LDAP/S. Demonstrable experience with Security Information Event Monitoring Tools and/or Network Packet Capture tools. Hands on experience with IDS/IPS technologies and threat hunting activities. Strong analytical experience and mind-set. Experience within Defensive Cyber-attack methodologies and frameworks. Understanding of Malware capabilities, attack vectors, propagation and impact. Good communication skills liaising with the business and suppliers. Desirable Skillset/experience (Senior grade): Root cause analysis and leading T2 incident investigations Process / Playbook / Runbook development Working knowledge of detection engineering, false positive improvements Capability to tune SIEM rules or create custom detections Scripted automation experience e.g. Python, SOAR, PowerShell Threat modelling and Hunting methodologies Note, shift patterns applicable. (The shift pattern rotates each cycle - it may start with lates -> Nights -> earlies and the next cycle could be: Nights -> earlies -> lates). Initially you may not be expected to do nights until the team grows. 31.5 hours per week Apply today via the link provided!
Jan 06, 2026
Contractor
Location: Stevenage (onsite / shift patterns) Duration: 6 month initial contract Rate: 45ph UMB to 66ph UMB (Inside IR35) Due to the nature of the role, candidates must be eligible for UK Eyes Only Security Clearance. Role details: Our client, a leading defence company, are looking for a SOC Analyst to join their team in Stevenage. The successful applicant will drive a proactive ethos in an ever-changing cyber security environment and provide robust threat detection and analysis within the 24x7 SOC. Responsibilities: This role will cover analysis, monitoring, reporting, alerting and investigation activity utilising a wide variety of security platforms including AI/ML and behavioural analytics, SIEM (Security Information Event Management), Network Packet Capture platform, Anti Malicious Code, Threat Detection technologies and platforms across the UK Network Perimeter working with the best standard technologies. Effective Tier 1 to 2 alert triage of security events Monitoring of Cyber Security tools Monitoring the SOC email notification mailboxes Assists with the maintenance of MBDA Security technologies Assisting the SOC Solutions Lead with project activity Assist proactive threat hunting in collaboration with the CTI function Assist IR in HR and InfoSec related investigations Ensure the timely triage and remediation of any incident or request tickets raised to the SOC Participate in the activity of adding/removing URLs from the AcceptList and BlockList Attend routine security meetings Conduct activities in line with SOC Maturity and continuous improvement What we are looking for in you: A career background in Cyber Security. Security awareness and experience in all areas of IT, primarily Network Security, Infrastructure and the secondary area being Operating Systems & Applications. Knowledge of IT Security standard methodologies. Demonstrable understanding of the OSI Reference Model and the network communication protocols, including but not limited to DNS, HTTP/S, SSL, SMTP, FTP/S, LDAP/S. Demonstrable experience with Security Information Event Monitoring Tools and/or Network Packet Capture tools. Hands on experience with IDS/IPS technologies and threat hunting activities. Strong analytical experience and mind-set. Experience within Defensive Cyber-attack methodologies and frameworks. Understanding of Malware capabilities, attack vectors, propagation and impact. Good communication skills liaising with the business and suppliers. Desirable Skillset/experience (Senior grade): Root cause analysis and leading T2 incident investigations Process / Playbook / Runbook development Working knowledge of detection engineering, false positive improvements Capability to tune SIEM rules or create custom detections Scripted automation experience e.g. Python, SOAR, PowerShell Threat modelling and Hunting methodologies Note, shift patterns applicable. (The shift pattern rotates each cycle - it may start with lates -> Nights -> earlies and the next cycle could be: Nights -> earlies -> lates). Initially you may not be expected to do nights until the team grows. 31.5 hours per week Apply today via the link provided!
Location: Edinburgh, Basildon, Luton or Southampton (remote with adhoc travel) Duration: 12 month contract Rate: 60ph UMB (Inside IR35) Role details: Our client, a prominent entity in the Defence & Security sector, is seeking an Functional Analyst / TCU Implementation Consultant to join their team on a contract basis. This role entails working with cutting-edge technologies within the Siemens Toolset, primarily focusing on S/4HANA, Creo, and PLM in an Azure environment. The position is mostly remote but may require occasional visits to sites in Edinburgh, Basildon, Luton, or Southampton. Key Responsibilities: Support upgrade and configuration of Siemens Teamcenter on Microsoft Azure across development, test, and production environments. Collaborate with Siemens via screen sharing sessions to troubleshoot, debug, and validate configuration deployments. Execute and monitor Windows services and command-line operations to support TCU deployment and maintenance. Support integration between Teamcenter, Creo (IPEM interface), EDA, Component Information system, SAP S/4HANA, and Siemens Opscenter, ensuring data consistency and process alignment across PLM, MES, and ERP systems. Liaise with external partners during upgrade and enhancement activities. Provide technical input into test planning and environment readiness. Document deployment processes and contribute to the continuous improvement of TCU implementation practices. Job Requirements: Proven experience with Siemens toolset, especially Teamcenter, Opscenter, and Polarion. Strong understanding of PLM deployment lifecycle and configuration management. Experience integrating PLM with engineering tools, MES, and ERP systems, particularly Polarion, Creo, Siemens EDA, Opscenter, and SAP S/4HANA. Experience deploying and managing PLM solutions in Azure Cloud environments. Proficiency in Windows command prompt and service management. Experience in remote collaboration and screen sharing for technical troubleshooting. Ability to work in a fast-paced, multi-vendor environment. Excellent communication and stakeholder engagement skills. Desirable Skills: Familiarity with Siemens upgrade activities and test planning. Knowledge of QAPS environments and production readiness processes. If you have the required skills and experience and are keen to contribute to impactful projects within the Defence & Security industry, we would love to hear from you. Apply now to join our client's dynamic team.
Jan 05, 2026
Contractor
Location: Edinburgh, Basildon, Luton or Southampton (remote with adhoc travel) Duration: 12 month contract Rate: 60ph UMB (Inside IR35) Role details: Our client, a prominent entity in the Defence & Security sector, is seeking an Functional Analyst / TCU Implementation Consultant to join their team on a contract basis. This role entails working with cutting-edge technologies within the Siemens Toolset, primarily focusing on S/4HANA, Creo, and PLM in an Azure environment. The position is mostly remote but may require occasional visits to sites in Edinburgh, Basildon, Luton, or Southampton. Key Responsibilities: Support upgrade and configuration of Siemens Teamcenter on Microsoft Azure across development, test, and production environments. Collaborate with Siemens via screen sharing sessions to troubleshoot, debug, and validate configuration deployments. Execute and monitor Windows services and command-line operations to support TCU deployment and maintenance. Support integration between Teamcenter, Creo (IPEM interface), EDA, Component Information system, SAP S/4HANA, and Siemens Opscenter, ensuring data consistency and process alignment across PLM, MES, and ERP systems. Liaise with external partners during upgrade and enhancement activities. Provide technical input into test planning and environment readiness. Document deployment processes and contribute to the continuous improvement of TCU implementation practices. Job Requirements: Proven experience with Siemens toolset, especially Teamcenter, Opscenter, and Polarion. Strong understanding of PLM deployment lifecycle and configuration management. Experience integrating PLM with engineering tools, MES, and ERP systems, particularly Polarion, Creo, Siemens EDA, Opscenter, and SAP S/4HANA. Experience deploying and managing PLM solutions in Azure Cloud environments. Proficiency in Windows command prompt and service management. Experience in remote collaboration and screen sharing for technical troubleshooting. Ability to work in a fast-paced, multi-vendor environment. Excellent communication and stakeholder engagement skills. Desirable Skills: Familiarity with Siemens upgrade activities and test planning. Knowledge of QAPS environments and production readiness processes. If you have the required skills and experience and are keen to contribute to impactful projects within the Defence & Security industry, we would love to hear from you. Apply now to join our client's dynamic team.
SOC Analyst: IT Security Team Location: Bristol Remote: 1 day onsite per month Salary: Up to 45,000 + generous benefits package, yearly salary review and personal development / business success bonus Contract: Permanent, full-time (35 hours per week); core hours 09:00-17:00 (incl. 1 hour lunch) I'm working with a company that's looking to bring a skilled SOC Analyst into their IT Security team as part of continued growth within the function. They're keen to move quickly for the right person. What you'll be doing As SOC Analyst, you will: Operate, tune and configure SIEM tools Monitor and triage security alerts, applying custom queries (e.g. KQL) and correlation rules to detect suspicious activity. Investigate security incidents across endpoints, networks, and cloud environments; perform root-cause analysis, impact assessment and containment actions. Develop and maintain detection rules, use cases, threat-intelligence processes, and incident response playbooks. Automate detection and response workflows, using scripting tools (e.g. Python, PowerShell). Perform threat-hunting, log-analysis (including firewall, web/email filters), implement or review DLP controls, and collaborate with infrastructure/cloud/application teams on remediation and security posture improvements. Contribute to continuous improvement of SOC processes (alert tuning, log-source enrichment, documentation), and take part in an on-call rotation to support out-of-hours coverage if needed. What we're looking for Solid experience, ideally 3+ years working in a SOC or security operations/incident-response role. Strong working knowledge of Microsoft security stack (e.g. Sentinel, Defender) and hands-on experience with SIEM tooling, alerts triage, detection logic, and security incident workflows. Ability to write and optimise detection queries (e.g. in KQL), review firewall and security logs, manage email/web filtering policies, and implement / review Data Loss Prevention (DLP) controls. Experience with automation or scripting (e.g. Python, PowerShell) to streamline detection/response and improve SOC efficiency. Threat-hunting and analytical mindset; proactive and collaborative approach; good communication skills and ability to work across teams. Why consider this opportunity You'll join a growing, forward-thinking security operations function, gaining hands-on responsibility for threat detection, incident response and overall security posture. Competitive salary and benefits, plus opportunities for professional development and long-term career growth. Flexible, hybrid working with monthly in-office requirement, suitable if you value work/life balance. Great entry point for someone experienced in general SOC/InfoSec backgrounds, no need to have previous experience in the legal or financial sector (though that kind of background is welcome). If you're looking to join an established team that will aid career growth, whilst offering an excellent work-life balance. Apply NOW
Jan 05, 2026
Full time
SOC Analyst: IT Security Team Location: Bristol Remote: 1 day onsite per month Salary: Up to 45,000 + generous benefits package, yearly salary review and personal development / business success bonus Contract: Permanent, full-time (35 hours per week); core hours 09:00-17:00 (incl. 1 hour lunch) I'm working with a company that's looking to bring a skilled SOC Analyst into their IT Security team as part of continued growth within the function. They're keen to move quickly for the right person. What you'll be doing As SOC Analyst, you will: Operate, tune and configure SIEM tools Monitor and triage security alerts, applying custom queries (e.g. KQL) and correlation rules to detect suspicious activity. Investigate security incidents across endpoints, networks, and cloud environments; perform root-cause analysis, impact assessment and containment actions. Develop and maintain detection rules, use cases, threat-intelligence processes, and incident response playbooks. Automate detection and response workflows, using scripting tools (e.g. Python, PowerShell). Perform threat-hunting, log-analysis (including firewall, web/email filters), implement or review DLP controls, and collaborate with infrastructure/cloud/application teams on remediation and security posture improvements. Contribute to continuous improvement of SOC processes (alert tuning, log-source enrichment, documentation), and take part in an on-call rotation to support out-of-hours coverage if needed. What we're looking for Solid experience, ideally 3+ years working in a SOC or security operations/incident-response role. Strong working knowledge of Microsoft security stack (e.g. Sentinel, Defender) and hands-on experience with SIEM tooling, alerts triage, detection logic, and security incident workflows. Ability to write and optimise detection queries (e.g. in KQL), review firewall and security logs, manage email/web filtering policies, and implement / review Data Loss Prevention (DLP) controls. Experience with automation or scripting (e.g. Python, PowerShell) to streamline detection/response and improve SOC efficiency. Threat-hunting and analytical mindset; proactive and collaborative approach; good communication skills and ability to work across teams. Why consider this opportunity You'll join a growing, forward-thinking security operations function, gaining hands-on responsibility for threat detection, incident response and overall security posture. Competitive salary and benefits, plus opportunities for professional development and long-term career growth. Flexible, hybrid working with monthly in-office requirement, suitable if you value work/life balance. Great entry point for someone experienced in general SOC/InfoSec backgrounds, no need to have previous experience in the legal or financial sector (though that kind of background is welcome). If you're looking to join an established team that will aid career growth, whilst offering an excellent work-life balance. Apply NOW
Senior Cyber Security Analyst Location: London hybrid working IR35: Inside via Triumph Consultants you will be paid PAYE for the length of the 3 month contract It is essential for candidates to have advanced proficiency in using Splunk for security monitoring, log analysis, threat detection, and reporting The role: The Cyber Defence team at the delivers threat intelligence, threat detection, incident response, and vulnerability management to defend both internal IT infrastructure and citizen-facing services. They are looking for a Senior Cyber Security Analyst with proven experience in incident response and Splunk to take a leading role in strengthening the organisation's cyber defence capability. Key Accountabilities: Lead investigations into security alerts and cyber incidents. Perform forensic analysis of systems, files, network traffic, and cloud environments. Drive technical response actions including containment, eradication, and recovery. Coordinate cyber incident responses across teams and stakeholders. Identify lessons learned and embed continual improvement. Develop and update incident response playbooks and knowledge base articles. Act as an escalation point and mentor for security analysts. Provide leadership and line management within the team. Join the out-of-hours on-call rota to support 24/7 incident response. Key Criteria: 5+ years' experience investigating and responding to cyber incidents in large organisations. Strong track record with incident response coordination. Significant hands-on experience with Splunk and security tools (eg, EDR, SIEM). Analytical, problem-solving, and forensic investigation skills. Proven experience coaching or mentoring junior staff. Strong understanding of threat actor tools, techniques, and procedures. Experience of cloud environments such as AWS Excellent written and verbal communication skills. How to Apply Quote the Job Title and Reference Number in your application. Submit your CV in Word format. Applications are reviewed on a rolling basis-early submission is recommended. We will also add your details to our mail out lists. Please note you may receive details of roles outside of your immediate vicinity, as many candidates are able to relocate temporarily for work. Please disregard any such emails that are not of interest and let us know if you would rather not receive such mailouts and/or if you wish us to delete your details and prefer to apply direct to our advertised roles. If you do not hear from us within three working days, unfortunately your application has not been shortlisted on this occasion. Thank you for your interest in working with us.
Oct 07, 2025
Contractor
Senior Cyber Security Analyst Location: London hybrid working IR35: Inside via Triumph Consultants you will be paid PAYE for the length of the 3 month contract It is essential for candidates to have advanced proficiency in using Splunk for security monitoring, log analysis, threat detection, and reporting The role: The Cyber Defence team at the delivers threat intelligence, threat detection, incident response, and vulnerability management to defend both internal IT infrastructure and citizen-facing services. They are looking for a Senior Cyber Security Analyst with proven experience in incident response and Splunk to take a leading role in strengthening the organisation's cyber defence capability. Key Accountabilities: Lead investigations into security alerts and cyber incidents. Perform forensic analysis of systems, files, network traffic, and cloud environments. Drive technical response actions including containment, eradication, and recovery. Coordinate cyber incident responses across teams and stakeholders. Identify lessons learned and embed continual improvement. Develop and update incident response playbooks and knowledge base articles. Act as an escalation point and mentor for security analysts. Provide leadership and line management within the team. Join the out-of-hours on-call rota to support 24/7 incident response. Key Criteria: 5+ years' experience investigating and responding to cyber incidents in large organisations. Strong track record with incident response coordination. Significant hands-on experience with Splunk and security tools (eg, EDR, SIEM). Analytical, problem-solving, and forensic investigation skills. Proven experience coaching or mentoring junior staff. Strong understanding of threat actor tools, techniques, and procedures. Experience of cloud environments such as AWS Excellent written and verbal communication skills. How to Apply Quote the Job Title and Reference Number in your application. Submit your CV in Word format. Applications are reviewed on a rolling basis-early submission is recommended. We will also add your details to our mail out lists. Please note you may receive details of roles outside of your immediate vicinity, as many candidates are able to relocate temporarily for work. Please disregard any such emails that are not of interest and let us know if you would rather not receive such mailouts and/or if you wish us to delete your details and prefer to apply direct to our advertised roles. If you do not hear from us within three working days, unfortunately your application has not been shortlisted on this occasion. Thank you for your interest in working with us.
SOC Analyst - Corsham - Circa 46,000 per annum - On-site (5 days per week) Permanent SC Clearance Required. Deerfoot Recruitment is working on behalf of a leading organisation seeking to hire an experienced SOC Analyst to join their Security Operations Centre based in Corsham . This is a full-time, on-site role requiring 5 days per week presence. The successful candidate will play a vital role in monitoring, analysing, and responding to security threats using tools such as Splunk, Flexera, and other industry-standard SIEM platforms. You'll investigate security incidents, coordinate with other IT and security teams, and support continuous improvement of threat detection and response processes. Key Requirements: Previous experience in a SOC Analyst or similar cybersecurity role Strong expertise in Splunk or similar SIEM tools Familiarity with Flexera for vulnerability management Understanding of firewalls, network protocols, intrusion detection/prevention systems Relevant certifications (e.g., CISSP, CEH, Splunk) advantageous Must be eligible for Developed Vetting (DV) clearance , requiring 10 years continuous UK residency Please Note: All offers will be subject to standard pre-employment checks including ID, employment history (last 3 years), immigration status, and an unspent criminal record check. This is an excellent opportunity to join a forward-thinking, inclusive environment with strong investment in training, development, and employee wellbeing. To apply or learn more, please contact us today at Deerfoot Recruitment . Deerfoot Recruitment Solutions Ltd is a leading independent tech recruitment consultancy in the UK. For every CV sent to clients, we donate 1 to The Born Free Foundation. We are a Climate Action Workforce in partnership with Ecologi. If this role isn't right for you, explore our referral reward program with payouts at interview and placement milestones. Visit our website for details. Deerfoot Recruitment Solutions Ltd is acting as an Employment Agency in relation to this vacancy.
Oct 07, 2025
Full time
SOC Analyst - Corsham - Circa 46,000 per annum - On-site (5 days per week) Permanent SC Clearance Required. Deerfoot Recruitment is working on behalf of a leading organisation seeking to hire an experienced SOC Analyst to join their Security Operations Centre based in Corsham . This is a full-time, on-site role requiring 5 days per week presence. The successful candidate will play a vital role in monitoring, analysing, and responding to security threats using tools such as Splunk, Flexera, and other industry-standard SIEM platforms. You'll investigate security incidents, coordinate with other IT and security teams, and support continuous improvement of threat detection and response processes. Key Requirements: Previous experience in a SOC Analyst or similar cybersecurity role Strong expertise in Splunk or similar SIEM tools Familiarity with Flexera for vulnerability management Understanding of firewalls, network protocols, intrusion detection/prevention systems Relevant certifications (e.g., CISSP, CEH, Splunk) advantageous Must be eligible for Developed Vetting (DV) clearance , requiring 10 years continuous UK residency Please Note: All offers will be subject to standard pre-employment checks including ID, employment history (last 3 years), immigration status, and an unspent criminal record check. This is an excellent opportunity to join a forward-thinking, inclusive environment with strong investment in training, development, and employee wellbeing. To apply or learn more, please contact us today at Deerfoot Recruitment . Deerfoot Recruitment Solutions Ltd is a leading independent tech recruitment consultancy in the UK. For every CV sent to clients, we donate 1 to The Born Free Foundation. We are a Climate Action Workforce in partnership with Ecologi. If this role isn't right for you, explore our referral reward program with payouts at interview and placement milestones. Visit our website for details. Deerfoot Recruitment Solutions Ltd is acting as an Employment Agency in relation to this vacancy.
