A leading asset management firm in the UK seeks a Senior Cyber Defence Operations Analyst to join their CISO function. Responsibilities include leading incident response, maintaining monitoring solutions, and enhancing operational security. The ideal candidate has extensive experience in cybersecurity operations and a strong knowledge of SIEM tools. This role offers opportunities to innovate security processes and practices within the firm.
Jan 12, 2026
Full time
A leading asset management firm in the UK seeks a Senior Cyber Defence Operations Analyst to join their CISO function. Responsibilities include leading incident response, maintaining monitoring solutions, and enhancing operational security. The ideal candidate has extensive experience in cybersecurity operations and a strong knowledge of SIEM tools. This role offers opportunities to innovate security processes and practices within the firm.
Sanderson Government & Defence
Farnborough, Hampshire
Senior SOC Analyst - MOD DV Cleared Location : Farnborough Type : 5 days on-site IR Status : Outside Rate : £500 - £600 Clearance : Must have active MOD DV Contingency : Must be a sole British National Length : Initial 3 months with scope for extensions Sanderson Government and Defence are seeking Senior SOC Analysts in the Defence sector for an on-going programme of work with a cyber security supplier into the MOD. This is a great opportunity to join a talented Cyber team on an interesting project. Tasks/Responsibilities: Management Monitoring of Systems for Security Alerts, Intrusions or activity considered to be unauthorised, unexpected or illegal Review and develop existing security controls in line with a constantly growing technical environment Contribute into developing an RBAC model in line with an existing IDAM (Identity and Access Management) service Generate recurring service and security reports for key stakeholders Providing security awareness training to users, stakeholders and visitors including onboarding briefs, security awareness campaigns and supplementary information Assist in the management of existing certification of technical systems, including ISO:27001 and other governance standards Provide ongoing support and guidance on security-related issues to users Collaborate with the Operational Security Manager to develop the SOC as a capability unit Keep up-to-date with the latest security threats and trends Research and develop understanding of security as a discipline Broad Experience: SIEM Cloud Computing Security Incident Management Networking Threat Intelligence Information Security Phishing, Ransomware and other key threats IDAM (Identity and Access Mgmt) JML (Joiners, Movers and Leavers Processes) ITSM Policies and Procedures Information Classification Team Management/Development If you're interested in any of the above and interested in learning more, apply or reach out to (see below) Reasonable Adjustments: Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients. If you need any help or adjustments during the recruitment process for any reason , please let us know when you apply or talk to the recruiters directly so we can support you.
Jan 12, 2026
Contractor
Senior SOC Analyst - MOD DV Cleared Location : Farnborough Type : 5 days on-site IR Status : Outside Rate : £500 - £600 Clearance : Must have active MOD DV Contingency : Must be a sole British National Length : Initial 3 months with scope for extensions Sanderson Government and Defence are seeking Senior SOC Analysts in the Defence sector for an on-going programme of work with a cyber security supplier into the MOD. This is a great opportunity to join a talented Cyber team on an interesting project. Tasks/Responsibilities: Management Monitoring of Systems for Security Alerts, Intrusions or activity considered to be unauthorised, unexpected or illegal Review and develop existing security controls in line with a constantly growing technical environment Contribute into developing an RBAC model in line with an existing IDAM (Identity and Access Management) service Generate recurring service and security reports for key stakeholders Providing security awareness training to users, stakeholders and visitors including onboarding briefs, security awareness campaigns and supplementary information Assist in the management of existing certification of technical systems, including ISO:27001 and other governance standards Provide ongoing support and guidance on security-related issues to users Collaborate with the Operational Security Manager to develop the SOC as a capability unit Keep up-to-date with the latest security threats and trends Research and develop understanding of security as a discipline Broad Experience: SIEM Cloud Computing Security Incident Management Networking Threat Intelligence Information Security Phishing, Ransomware and other key threats IDAM (Identity and Access Mgmt) JML (Joiners, Movers and Leavers Processes) ITSM Policies and Procedures Information Classification Team Management/Development If you're interested in any of the above and interested in learning more, apply or reach out to (see below) Reasonable Adjustments: Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients. If you need any help or adjustments during the recruitment process for any reason , please let us know when you apply or talk to the recruiters directly so we can support you.
Data & Information Security Analyst - Hybrid Our client is urgently looking for an experienced Data & Information Security Analyst to join their team on a Fixed-Term contract basis, for 18 months initially with a view to extend or go permanent. Please note, this is a hybrid role with 3 days required on site per week. Once probation is passed, this will drop down to 2 days per week. You must have Experience required: Strong knowledge and sound understanding of ISO 27001:2022 and either: At least three or more years' experience in the same or similar role, accompanied with a bachelor's degree in computer science/information security, or a related field; OR At least five or more year's industry experience in the same or similar role You will be rewarded with an excellent salary, as well as a brilliant benefits package including annual leave, pension scheme, hybrid working, private medical cover, life assurance, cycle to work scheme, retail discounts and many, many more perks! Data & Information Security Analyst - Key Skills: Experience required: Strong knowledge and sound understanding of ISO 27001:2022 and either: At least three or more years' experience in the same or similar role, accompanied with a bachelor's degree in computer science/information security, or a related field OR at least five or more year's industry experience in the same or similar role Experience working in a similar role, within the legal sector. Relevant profession certification(s) eg, CISSP, CISM, CompTIA Security+. Strong knowledge of security frameworks, NIST, UKGDPR and Cyber Essentials/Cyber Essentials +). Proficiency in security tools and technologies eg, XDR, EDR, SIEM. Good time management skills with the ability to prioritise workloads. A flexible approach to ensure all deadline are met. Must be able to work as part of a team and possess excellent communication skills. A lively and enthusiastic personality with a service orientated approach. Data & Information Security Analyst - Hybrid Due to the volume of applications received for positions, it will not be possible to respond to all applications and only applicants who are considered suitable for interview will be contacted. Proactive Appointments Limited operates as an employment agency and employment business and is an equal opportunities organisation We take our obligations to protect your personal data very seriously. Any information provided to us will be processed as detailed in our Privacy Notice, a copy of which can be found on our website
Jan 12, 2026
Data & Information Security Analyst - Hybrid Our client is urgently looking for an experienced Data & Information Security Analyst to join their team on a Fixed-Term contract basis, for 18 months initially with a view to extend or go permanent. Please note, this is a hybrid role with 3 days required on site per week. Once probation is passed, this will drop down to 2 days per week. You must have Experience required: Strong knowledge and sound understanding of ISO 27001:2022 and either: At least three or more years' experience in the same or similar role, accompanied with a bachelor's degree in computer science/information security, or a related field; OR At least five or more year's industry experience in the same or similar role You will be rewarded with an excellent salary, as well as a brilliant benefits package including annual leave, pension scheme, hybrid working, private medical cover, life assurance, cycle to work scheme, retail discounts and many, many more perks! Data & Information Security Analyst - Key Skills: Experience required: Strong knowledge and sound understanding of ISO 27001:2022 and either: At least three or more years' experience in the same or similar role, accompanied with a bachelor's degree in computer science/information security, or a related field OR at least five or more year's industry experience in the same or similar role Experience working in a similar role, within the legal sector. Relevant profession certification(s) eg, CISSP, CISM, CompTIA Security+. Strong knowledge of security frameworks, NIST, UKGDPR and Cyber Essentials/Cyber Essentials +). Proficiency in security tools and technologies eg, XDR, EDR, SIEM. Good time management skills with the ability to prioritise workloads. A flexible approach to ensure all deadline are met. Must be able to work as part of a team and possess excellent communication skills. A lively and enthusiastic personality with a service orientated approach. Data & Information Security Analyst - Hybrid Due to the volume of applications received for positions, it will not be possible to respond to all applications and only applicants who are considered suitable for interview will be contacted. Proactive Appointments Limited operates as an employment agency and employment business and is an equal opportunities organisation We take our obligations to protect your personal data very seriously. Any information provided to us will be processed as detailed in our Privacy Notice, a copy of which can be found on our website
Data & Information Security Analyst - Hybrid Our client is urgently looking for an experienced Data & Information Security Analyst to join their team on a Fixed-Term contract basis, for 18 months initially with a view to extend or go permanent. Please note, this is a hybrid role with 3 days required on site per week. Once probation is passed, this will drop down to 2 days per week. You must have Experience required: Strong knowledge and sound understanding of ISO 27001:2022 and either: At least three or more years' experience in the same or similar role, accompanied with a bachelor's degree in computer science/information security, or a related field; OR At least five or more year's industry experience in the same or similar role You will be rewarded with an excellent salary, as well as a brilliant benefits package including annual leave, pension scheme, hybrid working, private medical cover, life assurance, cycle to work scheme, retail discounts and many, many more perks! Data & Information Security Analyst - Key Skills: Experience required: Strong knowledge and sound understanding of ISO 27001:2022 and either: At least three or more years' experience in the same or similar role, accompanied with a bachelor's degree in computer science/information security, or a related field OR at least five or more year's industry experience in the same or similar role Experience working in a similar role, within the legal sector. Relevant profession certification(s) eg, CISSP, CISM, CompTIA Security+. Strong knowledge of security frameworks, NIST, UKGDPR and Cyber Essentials/Cyber Essentials +). Proficiency in security tools and technologies eg, XDR, EDR, SIEM. Good time management skills with the ability to prioritise workloads. A flexible approach to ensure all deadline are met. Must be able to work as part of a team and possess excellent communication skills. A lively and enthusiastic personality with a service orientated approach. Data & Information Security Analyst - Hybrid Due to the volume of applications received for positions, it will not be possible to respond to all applications and only applicants who are considered suitable for interview will be contacted. Proactive Appointments Limited operates as an employment agency and employment business and is an equal opportunities organisation We take our obligations to protect your personal data very seriously. Any information provided to us will be processed as detailed in our Privacy Notice, a copy of which can be found on our website
Jan 12, 2026
Data & Information Security Analyst - Hybrid Our client is urgently looking for an experienced Data & Information Security Analyst to join their team on a Fixed-Term contract basis, for 18 months initially with a view to extend or go permanent. Please note, this is a hybrid role with 3 days required on site per week. Once probation is passed, this will drop down to 2 days per week. You must have Experience required: Strong knowledge and sound understanding of ISO 27001:2022 and either: At least three or more years' experience in the same or similar role, accompanied with a bachelor's degree in computer science/information security, or a related field; OR At least five or more year's industry experience in the same or similar role You will be rewarded with an excellent salary, as well as a brilliant benefits package including annual leave, pension scheme, hybrid working, private medical cover, life assurance, cycle to work scheme, retail discounts and many, many more perks! Data & Information Security Analyst - Key Skills: Experience required: Strong knowledge and sound understanding of ISO 27001:2022 and either: At least three or more years' experience in the same or similar role, accompanied with a bachelor's degree in computer science/information security, or a related field OR at least five or more year's industry experience in the same or similar role Experience working in a similar role, within the legal sector. Relevant profession certification(s) eg, CISSP, CISM, CompTIA Security+. Strong knowledge of security frameworks, NIST, UKGDPR and Cyber Essentials/Cyber Essentials +). Proficiency in security tools and technologies eg, XDR, EDR, SIEM. Good time management skills with the ability to prioritise workloads. A flexible approach to ensure all deadline are met. Must be able to work as part of a team and possess excellent communication skills. A lively and enthusiastic personality with a service orientated approach. Data & Information Security Analyst - Hybrid Due to the volume of applications received for positions, it will not be possible to respond to all applications and only applicants who are considered suitable for interview will be contacted. Proactive Appointments Limited operates as an employment agency and employment business and is an equal opportunities organisation We take our obligations to protect your personal data very seriously. Any information provided to us will be processed as detailed in our Privacy Notice, a copy of which can be found on our website
Insight Investment are seeking a Senior Cyber Defence Operations Analyst to be a part of the CISO function reporting to the Cyber Defence Operations Lead. The role will be to maintain and update alerts/rules within Insight Investment's monitoring solution, conduct vulnerability management with various stakeholders, continually ensure compliance with regulatory requirements, generate new security controls as required, and be responsible for incident response within the firm. The candidate will lead incident response activity as required. Role Responsibilities Lead, investigate, record and respond to SIEM alerts, determine scope and severity of incidents, and coordinate containment and remediation efforts. Define, implement and continuously improve operational security processes and runbooks to align with compliance standards and evolving threats. Assist with integrating and configuring security tooling, ensuring effective data ingestion, enrichment and alerting across the environment. Lead threat hunting activities to proactively identify suspicious behaviour and improve detection coverage. Deliver effective vulnerability management: analyse scanning outputs, coordinate with technology teams and ensure timely notification and remediation tracking. Participate in the out-of-hours, on-call rotation, supporting incident response efforts during non-core hours. Enforce security processes and requirements across the business. Experience Required Previous ownership of the incident response, vulnerability management or SIEM monitoring solution processes and procedures. Knowledge of SIEM tooling, designing and implementing use cases & documenting KBAs. Strong knowledge of KQL. Proven experience in incident response and handling. Experience contributing to cybersecurity operations in a professional or structured environment. Demonstrated commitment to continuous self-study. Experience working with an MSSP. Technical knowledge of access management and security controls. Strong collaboration skills with the ability to work across teams and stakeholders. A strong desire to drive security innovation across the firm. Advantageous Relevant technical cyber security certifications are desirable. Knowledge on task automation/scripting would be hugely beneficial. Experience with Microsoft suite (Defender/Azure), query-based SIEM (e.g. Sentinel, Splunk) and orchestration platforms. Experience in financial services or other highly regulated environments. Prior involvement in threat hunting activities. About Insight Investment Insight Investment is a leading asset manager focused on designing investment solutions to meet its clients' needs. Founded in 2002, Insight's collaborative approach has delivered both investment performance and growth in assets under management. Insight manages assets across its core liability-driven investment, risk management, full-spectrum fixed income, currency and absolute return capabilities. Insight has a global network of operations in the UK, Ireland, Germany, US, Japan and Australia. More information about Insight Investment can be found at:
Jan 12, 2026
Full time
Insight Investment are seeking a Senior Cyber Defence Operations Analyst to be a part of the CISO function reporting to the Cyber Defence Operations Lead. The role will be to maintain and update alerts/rules within Insight Investment's monitoring solution, conduct vulnerability management with various stakeholders, continually ensure compliance with regulatory requirements, generate new security controls as required, and be responsible for incident response within the firm. The candidate will lead incident response activity as required. Role Responsibilities Lead, investigate, record and respond to SIEM alerts, determine scope and severity of incidents, and coordinate containment and remediation efforts. Define, implement and continuously improve operational security processes and runbooks to align with compliance standards and evolving threats. Assist with integrating and configuring security tooling, ensuring effective data ingestion, enrichment and alerting across the environment. Lead threat hunting activities to proactively identify suspicious behaviour and improve detection coverage. Deliver effective vulnerability management: analyse scanning outputs, coordinate with technology teams and ensure timely notification and remediation tracking. Participate in the out-of-hours, on-call rotation, supporting incident response efforts during non-core hours. Enforce security processes and requirements across the business. Experience Required Previous ownership of the incident response, vulnerability management or SIEM monitoring solution processes and procedures. Knowledge of SIEM tooling, designing and implementing use cases & documenting KBAs. Strong knowledge of KQL. Proven experience in incident response and handling. Experience contributing to cybersecurity operations in a professional or structured environment. Demonstrated commitment to continuous self-study. Experience working with an MSSP. Technical knowledge of access management and security controls. Strong collaboration skills with the ability to work across teams and stakeholders. A strong desire to drive security innovation across the firm. Advantageous Relevant technical cyber security certifications are desirable. Knowledge on task automation/scripting would be hugely beneficial. Experience with Microsoft suite (Defender/Azure), query-based SIEM (e.g. Sentinel, Splunk) and orchestration platforms. Experience in financial services or other highly regulated environments. Prior involvement in threat hunting activities. About Insight Investment Insight Investment is a leading asset manager focused on designing investment solutions to meet its clients' needs. Founded in 2002, Insight's collaborative approach has delivered both investment performance and growth in assets under management. Insight manages assets across its core liability-driven investment, risk management, full-spectrum fixed income, currency and absolute return capabilities. Insight has a global network of operations in the UK, Ireland, Germany, US, Japan and Australia. More information about Insight Investment can be found at:
Level 1 SOC Analyst Up to 460pd DOE (Umbrella) DV Clearance required Milton Keynes - Hybrid 3 days in office 6-month contract Mon - Fri (Days) Are you a DV Cleared Practitioner SOC Analyst looking for an immediately available, long term contract role? My government client requires a DV Cleared SOC analyst to join their team on an initial 6-month contract basis. You will be required to be onsite in Milton Keynes for 3 days per week. Duties: Monitor, triage and investigate Security Alerts on the various monitoring tools to identify potential Security Incidents. Escalate suspected Security Incidents to the Lead Analysts. Assist Lead Analysts and Incident Response team with investigation and containment. Maintain knowledge of technology and cyber threats by reading Threat Intel, reports, attending Threat Intel briefings and self-study. Perform analysis of Security Event Data / Security Alerts to support Customers in responding to Security Incidents. Ensure Protective monitoring tools are performing as expected. Assist in the Creation of procedures to report incidents to customers Assisting in the Development of the team to ensure best practice and that their knowledge is up to date. In association with other colleagues provide an on-Call service to investigate and remedy security and technical issues in relation to the SOC service on a 24/7 basis . Skills & Experience Required: Working knowledge of Various Operating systems including Windows and Linux. Experience of working with SIEM and IPS products within a SOC Environment. Good Analytical skills with the ability to manipulate, interrogate and analyse large data sets. Relevant cyber security analyst experience within a SOC environment. Knowledge of IT Networking, specifically in Firewalls and other Network security devices Strong interpersonal skills ability to assist other team members Excellent Communication Skills To apply for this role or to be considered for further roles, please click "Apply Now" Rise Technical Recruitment Ltd acts an employment agency for permanent roles and an employment business for temporary roles. The salary advertised is the bracket available for this position. The actual salary paid will be dependent on your level of experience, qualifications and skill set. We are an equal opportunities employer and welcome applications from all suitable candidates.
Jan 12, 2026
Contractor
Level 1 SOC Analyst Up to 460pd DOE (Umbrella) DV Clearance required Milton Keynes - Hybrid 3 days in office 6-month contract Mon - Fri (Days) Are you a DV Cleared Practitioner SOC Analyst looking for an immediately available, long term contract role? My government client requires a DV Cleared SOC analyst to join their team on an initial 6-month contract basis. You will be required to be onsite in Milton Keynes for 3 days per week. Duties: Monitor, triage and investigate Security Alerts on the various monitoring tools to identify potential Security Incidents. Escalate suspected Security Incidents to the Lead Analysts. Assist Lead Analysts and Incident Response team with investigation and containment. Maintain knowledge of technology and cyber threats by reading Threat Intel, reports, attending Threat Intel briefings and self-study. Perform analysis of Security Event Data / Security Alerts to support Customers in responding to Security Incidents. Ensure Protective monitoring tools are performing as expected. Assist in the Creation of procedures to report incidents to customers Assisting in the Development of the team to ensure best practice and that their knowledge is up to date. In association with other colleagues provide an on-Call service to investigate and remedy security and technical issues in relation to the SOC service on a 24/7 basis . Skills & Experience Required: Working knowledge of Various Operating systems including Windows and Linux. Experience of working with SIEM and IPS products within a SOC Environment. Good Analytical skills with the ability to manipulate, interrogate and analyse large data sets. Relevant cyber security analyst experience within a SOC environment. Knowledge of IT Networking, specifically in Firewalls and other Network security devices Strong interpersonal skills ability to assist other team members Excellent Communication Skills To apply for this role or to be considered for further roles, please click "Apply Now" Rise Technical Recruitment Ltd acts an employment agency for permanent roles and an employment business for temporary roles. The salary advertised is the bracket available for this position. The actual salary paid will be dependent on your level of experience, qualifications and skill set. We are an equal opportunities employer and welcome applications from all suitable candidates.
World Class Defence Organisation based in Stevenage, Hertfordshire is currently looking to recruit 8x SOC Threat Detection Analyst subcontractors on an initial 6 month contract. This role can start on an SC Security Clearance basis, however DV Clearance will be required down the line. This role would suit someone from a Cyber Security Analyst, SOC Analyst or Threat Detection Analyst background. Hourly Rate: 45ph - 85 per hour. There are 8 positions being recruited across the mid-senior level. Overtime rate of time and a quarter. Contract Duration: 6 Months initially and long-term thereafter. Shift pattern: 28 day Cycle Sat to Tue - Earlies (Apply online only) Wed to Sun - Off Mon to Fri - Lates (Apply online only) Sat to Tue Off Wed to Sun - Nights (Apply online only) (The type of shift rotates along the pattern through, so the start of the next 28 day cycle they start with lates -> Nights -> earlies then next cycle: Nights -> earlies -> lates) 28 days = 4 weeks, 14 days worked per 28 days, 3.5 days worked per week, 3.5 x 8 = 28 hours per week Initially may not be expected to do nights until team grows. SOC Threat Detection Analyst Job Description: An opportunity has arisen in the cyber security operations centre (SOC) within Information Management (IM) for a SOC Threat Detection Analyst. Supporting the Senior SOC analysts in assisting IM meet the challenges and demands of countering the Cyber Threat. The successful applicant will drive a proactive ethos in an ever-changing cyber security environment and provide robust threat detection and analysis within the 24x7 SOC. Responsibilities: To support the SOC Manager in assisting Information Management UK meet the challenges and demands of countering the Cyber Threat. Support for the operational functions of the UK SOC. To work with other UK SOC members, including the UK InfoSec Team and the IM Domains (Customer Support and Infrastructure / Information Systems). It will cover analysis, monitoring, reporting, alerting and investigation activity utilising a wide variety of security platforms including AI/ML and behavioural analytics, SIEM (Security Information Event Management), Network Packet Capture platform, Anti Malicious Code, Threat Detection technologies and platforms across the UK Network Perimeter working with the best standard technologies. The SOC Analyst reports to the SOC Manager. The SOC Analyst conducts a range of analysis and assists the incident response team with investigations that need to be escalated to an embedded member of staff. The SOC Analyst key responsibilities are: Effective Tier 1 to 2 alert triage of security events Monitoring of Cyber Security tools Monitoring the SOC email notification mailboxes Assists with the maintenance of Security technologies Assisting the SOC Solutions Lead with project activity Assist proactive threat hunting in collaboration with the CTI function Assist IR in HR and InfoSec related investigations Ensure the timely triage and remediation of any incident or request tickets raised to the SOC Participate in the activity of adding/removing URLs from the AcceptList and BlockList Attend routine security meetings Conduct activities in line with SOC Maturity and continuous improvement Skillset/experience required (Baseline): A career background in Cyber Security. Security awareness and experience in all areas of IT, primarily Network Security, Infrastructure and the secondary area being Operating Systems & Applications. Knowledge of IT Security standard methodologies. Demonstrable understanding of the OSI Reference Model and the network communication protocols, including but not limited to DNS, HTTP/S, SSL, SMTP, FTP/S, LDAP/S. Demonstrable experience with Security Information Event Monitoring Tools and/or Network Packet Capture tools. Hands on experience with IDS/IPS technologies and threat hunting activities. Strong analytical experience and mind-set. Experience within Defensive Cyber-attack methodologies and frameworks. Understanding of Malware capabilities, attack vectors, propagation and impact. Good communication skills liaising with the business and suppliers. Desirable Skillset/experience (Senior grade): Root cause analysis and leading T2 incident investigations Process / Playbook / Runbook development Working knowledge of detection engineering, false positive improvements Capability to tune SIEM rules or create custom detections Scripted automation experience e.g. Python, SOAR, PowerShell Threat modelling and Hunting methodologies
Jan 12, 2026
Contractor
World Class Defence Organisation based in Stevenage, Hertfordshire is currently looking to recruit 8x SOC Threat Detection Analyst subcontractors on an initial 6 month contract. This role can start on an SC Security Clearance basis, however DV Clearance will be required down the line. This role would suit someone from a Cyber Security Analyst, SOC Analyst or Threat Detection Analyst background. Hourly Rate: 45ph - 85 per hour. There are 8 positions being recruited across the mid-senior level. Overtime rate of time and a quarter. Contract Duration: 6 Months initially and long-term thereafter. Shift pattern: 28 day Cycle Sat to Tue - Earlies (Apply online only) Wed to Sun - Off Mon to Fri - Lates (Apply online only) Sat to Tue Off Wed to Sun - Nights (Apply online only) (The type of shift rotates along the pattern through, so the start of the next 28 day cycle they start with lates -> Nights -> earlies then next cycle: Nights -> earlies -> lates) 28 days = 4 weeks, 14 days worked per 28 days, 3.5 days worked per week, 3.5 x 8 = 28 hours per week Initially may not be expected to do nights until team grows. SOC Threat Detection Analyst Job Description: An opportunity has arisen in the cyber security operations centre (SOC) within Information Management (IM) for a SOC Threat Detection Analyst. Supporting the Senior SOC analysts in assisting IM meet the challenges and demands of countering the Cyber Threat. The successful applicant will drive a proactive ethos in an ever-changing cyber security environment and provide robust threat detection and analysis within the 24x7 SOC. Responsibilities: To support the SOC Manager in assisting Information Management UK meet the challenges and demands of countering the Cyber Threat. Support for the operational functions of the UK SOC. To work with other UK SOC members, including the UK InfoSec Team and the IM Domains (Customer Support and Infrastructure / Information Systems). It will cover analysis, monitoring, reporting, alerting and investigation activity utilising a wide variety of security platforms including AI/ML and behavioural analytics, SIEM (Security Information Event Management), Network Packet Capture platform, Anti Malicious Code, Threat Detection technologies and platforms across the UK Network Perimeter working with the best standard technologies. The SOC Analyst reports to the SOC Manager. The SOC Analyst conducts a range of analysis and assists the incident response team with investigations that need to be escalated to an embedded member of staff. The SOC Analyst key responsibilities are: Effective Tier 1 to 2 alert triage of security events Monitoring of Cyber Security tools Monitoring the SOC email notification mailboxes Assists with the maintenance of Security technologies Assisting the SOC Solutions Lead with project activity Assist proactive threat hunting in collaboration with the CTI function Assist IR in HR and InfoSec related investigations Ensure the timely triage and remediation of any incident or request tickets raised to the SOC Participate in the activity of adding/removing URLs from the AcceptList and BlockList Attend routine security meetings Conduct activities in line with SOC Maturity and continuous improvement Skillset/experience required (Baseline): A career background in Cyber Security. Security awareness and experience in all areas of IT, primarily Network Security, Infrastructure and the secondary area being Operating Systems & Applications. Knowledge of IT Security standard methodologies. Demonstrable understanding of the OSI Reference Model and the network communication protocols, including but not limited to DNS, HTTP/S, SSL, SMTP, FTP/S, LDAP/S. Demonstrable experience with Security Information Event Monitoring Tools and/or Network Packet Capture tools. Hands on experience with IDS/IPS technologies and threat hunting activities. Strong analytical experience and mind-set. Experience within Defensive Cyber-attack methodologies and frameworks. Understanding of Malware capabilities, attack vectors, propagation and impact. Good communication skills liaising with the business and suppliers. Desirable Skillset/experience (Senior grade): Root cause analysis and leading T2 incident investigations Process / Playbook / Runbook development Working knowledge of detection engineering, false positive improvements Capability to tune SIEM rules or create custom detections Scripted automation experience e.g. Python, SOAR, PowerShell Threat modelling and Hunting methodologies
Location(s):UK, Europe & Africa : UK : London UK, Europe & Africa : UK : Leeds BAE Systems Digital Intelligence is home to 4,500 digital, cyber and intelligence experts. We work collaboratively across 10 countries to collect, connect and understand complex data, so that governments, nation states, armed forces and commercial businesses can unlock digital advantage in the most demanding environments. Job Title: Threat Intelligence Analyst Requisition ID: 122576 Location: London - We offer a range of hybrid and flexible working arrangements - please speak to your recruiter about the options for this particular role. Grade: GG11 Referral Bonus: £5,000 Role description To undertake the day to day operation of (and incremental improvement of) a dedicated Security Operations Centre (SOC) to support the defence of a major UK CNI organisation. The networks protected are predominantly hosted in Azure cloud platforms, with many systems within these environments that must be protected. The customer is committed to development of this improved SOC to be a benchmark of best practice and excellence in reflection of the significant threat that the protected systems are subject to. The SOC Analyst roles are 'hands on' shift based roles, working as part of a 24/7 operation with four shift teams working in a standard rotation. They are responsible for utilising the SOC's SIEM and SOAR toolsets to detect and investigate potential Security and Service Incidents occurring within the monitored networks. These roles require a minimum of SC clearance. Due to timelines for the start of operations, it will not be possible to sponsor new clearances so candidates must have existing clearances. Responsibilities Produce and maintain threat assessments to provide a clear understanding of the customer threat landscape. Maintain the IoC database tailored to the monitored environment and threats and ensure changes are pushed to the detection systems in a timely manner. Maintain threat profiles and threat modelling and applicability to the monitored estate along with updating the modelling to detail what detection and controls are in place to mitigate the threats. Gather and maintain a set of TI requirements that define the threats that will be monitored, tracked and researched by the TI Team. Oversee the collection, collation and maintenance of threat data collected from open and closed sources and ensure it appropriately validated. Conduct analysis and research to determine the identity, motivations, relationships, targets / victims, capabilities, tooling and infrastructure of threat groups relevant to customer. Requirements Technical Working in a Threat Intelligence team developing threat intelligence products for technical and non-technical audiences. Performing malware analysis and reverse engineering. Conducting threat assessments and defining threat intelligence requirements. Developing and maintaining threat data sources. Advanced knowledge of Windows and Linux operating systems and use of the command line. Advanced knowledge of core networking concepts and technologies e.g. TCP/IP. Intermediate knowledge of malware behaviour and techniques employed by attackers to evade security controls. Intermediate knowledge of malware analysis and reverse engineering techniques. Non-technical Client side consulting, including stakeholder engagement and the ability to communicate insights and concepts to others (including briefing skills and report writing). Able to understand and adapt to different cultures and hierarchical structures. Team player and adept at working in multi disciplinary and diverse teams. Proven analytical skills capable of solving new and complex technical problems. Excellent written and verbal communication skills with the ability to communicate the impact and importance of detailed technical information to non technical and senior audiences. Leading and managing small teams of highly skilled technical people. Managing and building relationships with customer and internal stakeholders. Self motivated and motivates others keeping morale and performance high. Why BAE Systems? This is a place where you'll be able to make a real difference. You'll be part of an inclusive culture that values diversity, rewards integrity, and merit, and where you'll be empowered to fulfil your potential. We welcome candidates from all backgrounds and particularly from sections of the community who are currently underrepresented within our industry, including women, ethnic minorities, people with disabilities and LGBTQ+ individuals. We also want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments. Life at BAE Systems Digital Intelligence We are embracing Hybrid Working. This means you and your colleagues may be working in different locations, such as from home, another BAE Systems office or client site, some or all of the time, and work might be going on at different times of the day. By embracing technology, we can interact, collaborate and create together, even when we're working remotely from one another. Hybrid Working allows for increased flexibility in when and where we work, helping us to balance our work and personal life more effectively, and enhance well being. Diversity and inclusion are integral to the success of BAE Systems Digital Intelligence. We are proud to have an organisational culture where employees with varying perspectives, skills, life experiences and backgrounds - the best and brightest minds - can work together to achieve excellence and realise individual and organisational potential. Division overview: Government At BAE Systems Digital Intelligence, we pride ourselves in being a leader in the cyber defence industry, and Government contracts are an area we have many decades of experience in. Government and key infrastructure networks are critical targets to defend as the effects of these networks being breached can be devastating. As a member of the Government business unit, you will defend the connected world and ensure the protection of nations. We all have a role to play in defending our clients, and this is yours. This vacancy is eligible for the UK Employee Referral Scheme. Amount: £5,000
Jan 10, 2026
Full time
Location(s):UK, Europe & Africa : UK : London UK, Europe & Africa : UK : Leeds BAE Systems Digital Intelligence is home to 4,500 digital, cyber and intelligence experts. We work collaboratively across 10 countries to collect, connect and understand complex data, so that governments, nation states, armed forces and commercial businesses can unlock digital advantage in the most demanding environments. Job Title: Threat Intelligence Analyst Requisition ID: 122576 Location: London - We offer a range of hybrid and flexible working arrangements - please speak to your recruiter about the options for this particular role. Grade: GG11 Referral Bonus: £5,000 Role description To undertake the day to day operation of (and incremental improvement of) a dedicated Security Operations Centre (SOC) to support the defence of a major UK CNI organisation. The networks protected are predominantly hosted in Azure cloud platforms, with many systems within these environments that must be protected. The customer is committed to development of this improved SOC to be a benchmark of best practice and excellence in reflection of the significant threat that the protected systems are subject to. The SOC Analyst roles are 'hands on' shift based roles, working as part of a 24/7 operation with four shift teams working in a standard rotation. They are responsible for utilising the SOC's SIEM and SOAR toolsets to detect and investigate potential Security and Service Incidents occurring within the monitored networks. These roles require a minimum of SC clearance. Due to timelines for the start of operations, it will not be possible to sponsor new clearances so candidates must have existing clearances. Responsibilities Produce and maintain threat assessments to provide a clear understanding of the customer threat landscape. Maintain the IoC database tailored to the monitored environment and threats and ensure changes are pushed to the detection systems in a timely manner. Maintain threat profiles and threat modelling and applicability to the monitored estate along with updating the modelling to detail what detection and controls are in place to mitigate the threats. Gather and maintain a set of TI requirements that define the threats that will be monitored, tracked and researched by the TI Team. Oversee the collection, collation and maintenance of threat data collected from open and closed sources and ensure it appropriately validated. Conduct analysis and research to determine the identity, motivations, relationships, targets / victims, capabilities, tooling and infrastructure of threat groups relevant to customer. Requirements Technical Working in a Threat Intelligence team developing threat intelligence products for technical and non-technical audiences. Performing malware analysis and reverse engineering. Conducting threat assessments and defining threat intelligence requirements. Developing and maintaining threat data sources. Advanced knowledge of Windows and Linux operating systems and use of the command line. Advanced knowledge of core networking concepts and technologies e.g. TCP/IP. Intermediate knowledge of malware behaviour and techniques employed by attackers to evade security controls. Intermediate knowledge of malware analysis and reverse engineering techniques. Non-technical Client side consulting, including stakeholder engagement and the ability to communicate insights and concepts to others (including briefing skills and report writing). Able to understand and adapt to different cultures and hierarchical structures. Team player and adept at working in multi disciplinary and diverse teams. Proven analytical skills capable of solving new and complex technical problems. Excellent written and verbal communication skills with the ability to communicate the impact and importance of detailed technical information to non technical and senior audiences. Leading and managing small teams of highly skilled technical people. Managing and building relationships with customer and internal stakeholders. Self motivated and motivates others keeping morale and performance high. Why BAE Systems? This is a place where you'll be able to make a real difference. You'll be part of an inclusive culture that values diversity, rewards integrity, and merit, and where you'll be empowered to fulfil your potential. We welcome candidates from all backgrounds and particularly from sections of the community who are currently underrepresented within our industry, including women, ethnic minorities, people with disabilities and LGBTQ+ individuals. We also want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments. Life at BAE Systems Digital Intelligence We are embracing Hybrid Working. This means you and your colleagues may be working in different locations, such as from home, another BAE Systems office or client site, some or all of the time, and work might be going on at different times of the day. By embracing technology, we can interact, collaborate and create together, even when we're working remotely from one another. Hybrid Working allows for increased flexibility in when and where we work, helping us to balance our work and personal life more effectively, and enhance well being. Diversity and inclusion are integral to the success of BAE Systems Digital Intelligence. We are proud to have an organisational culture where employees with varying perspectives, skills, life experiences and backgrounds - the best and brightest minds - can work together to achieve excellence and realise individual and organisational potential. Division overview: Government At BAE Systems Digital Intelligence, we pride ourselves in being a leader in the cyber defence industry, and Government contracts are an area we have many decades of experience in. Government and key infrastructure networks are critical targets to defend as the effects of these networks being breached can be devastating. As a member of the Government business unit, you will defend the connected world and ensure the protection of nations. We all have a role to play in defending our clients, and this is yours. This vacancy is eligible for the UK Employee Referral Scheme. Amount: £5,000
Nomios' mission is to build a 'secure and connected' future. Organisations across Europe depend on us to help secure and connect their digital infrastructures. In support of our continued UK growth, we are seeking a SOC Analyst to join our 24/7 Security Operations Centre. This is an excellent opportunity for someone early in their SOC career, or for an individual with a strong infrastructure and networking background looking to transition into cyber security operations. You will be working across a diverse set of customer environments as part of our Security Operations Centre, focusing on investigation, understanding attacker behaviour and contributing to the continual improvement of SOC capabilities. Your role as Security Operations Centre (SOC) Analyst As a 24/7 SOC Analyst, you will be on the frontline of our Security Operations Centre - monitoring, investigating and escalating security events across multiple customer environments. You will work closely with Senior and Lead Analysts for guidance, development and collaborative investigation. You will use platforms such as Microsoft Sentinel, Google SecOps, Defender XDR, CrowdStrike Falcon, SentinelOne and Cortex XSOAR/XSIAM to understand what has happened, how activity progressed and what actions need to be taken. You will be supported through structured training, cyber ranges, hands on exposure to modern SOC technologies and real investigation experience to help you grow quickly. You will join a modern, continuously evolving SOC run by people who are technical at heart and understand what analysts need to succeed. Career development is a core focus, with clear pathways into Threat Intelligence, SOC Engineering, SOC Professional Services, senior SOC roles and Incident Response for those who want to specialise. You'll be part of a collaborative, agile team that values curiosity, humour and a genuine interest in technology. The environment is built around continuous improvement, with everyone having a voice in shaping how the department evolves. Regular team events and knowledge sharing sessions create a supportive, engaging place to work. Key Responsibilities Detect and investigate Monitor and triage alerts across SIEM, EDR or XDR, email and web security platforms. Investigate suspicious activity and determine whether escalation is required. Follow SOC runbooks and investigation workflows. Build clear timelines of activity and maintain accurate investigation notes. Escalate complex cases to Senior and Lead Analysts with appropriate context. Review vulnerability management output and provide basic prioritisation insight. Hunt and improve Take part in directed threat hunting activities. Suggest improvements to detections, dashboards and runbooks. Support testing of new use cases and detection logic. Collaborate and communicate Provide clear written updates for customers and internal stakeholders. Participate in shift handovers to maintain continuity. Work closely with Senior and Lead Analysts to develop your skills and technical depth. We hire result orientated, smart, and high energy individuals who bring a can do attitude and a willingness to go the extra mile and deliver exceptional outcomes. You should be organised and rigorous, with excellent analytical skills. Good communication with internal stakeholders is vital, as is the ability to work as part of a dynamic team. Required skills: Minimum 1 year in a Security Operations Centre (SOC), or Minimum 3 years in infrastructure or networking roles with demonstrable security exposure. Experience triaging and investigating security alerts. Understanding of attacker behaviours, TTPs, and common malware execution chains (e.g., phishing leading to script or binary execution). Ability to recognise indicators of compromise such as unusual processes, network connections, irregular logon activity or file changes. Hands on experience with at least one major security platform (SIEM, EDR or XDR). Familiarity with ticketing tools such as ServiceNow, Salesforce, or JIRA. Familiarity with Windows event logs, authentication logs, basic process trees, and command line tools (Windows & Unix like systems). Understanding of core network protocols: DNS, HTTP, SMB, LDAP. Operational knowledge of Windows, macOS and Linux. Ability to read and interpret logs from multiple sources. Awareness of MITRE ATT&CK and differentiating legitimate admin activity vs suspicious behaviour. Desirable skills: Experience with Microsoft Sentinel, Google SecOps or other SIEM platforms. Experience with Defender, CrowdStrike, SentinelOne or other XDR solutions. Ability to query in KQL, CQL, S1QL, XQL or similar languages. Awareness of threat intelligence concepts and application to investigations. Awareness of coding or scripting, with proficiency in at least one language preferred (but not required). Job Specifics Location: This role is home based with occasional visits to the office in Basingstoke Hours: 12 hour shifts: 2 days, 2 nights; 4 days/nights off. Flexibility with hours will be required in the event of a major incident Security clearance: Eligibility for SC clearance (lived in the UK for five years consecutively) required. DV clearance eligibility is advantageous. Why would you choose to come and work with us? We invest in our people. You will get to work in a dynamic, fast paced environment where you are free to use your initiative in support of our strategic objectives. You will work alongside high calibre sales, technical, and operational experts as part of a supportive, tight knit team, within which every individual has an important part to play and makes a real difference. Nomios offers a highly competitive salary and commission scheme along with industry leading benefits. Ready to make an impact? Apply now! Nomios is an equal opportunity employer and is committed to creating and sustaining an environment in which everyone is provided with an equal opportunity to grow and develop, and no individual will be unjustly discriminated against. This includes, but is not limited to, discrimination because of age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion and belief, sex and sexual orientation.
Jan 10, 2026
Full time
Nomios' mission is to build a 'secure and connected' future. Organisations across Europe depend on us to help secure and connect their digital infrastructures. In support of our continued UK growth, we are seeking a SOC Analyst to join our 24/7 Security Operations Centre. This is an excellent opportunity for someone early in their SOC career, or for an individual with a strong infrastructure and networking background looking to transition into cyber security operations. You will be working across a diverse set of customer environments as part of our Security Operations Centre, focusing on investigation, understanding attacker behaviour and contributing to the continual improvement of SOC capabilities. Your role as Security Operations Centre (SOC) Analyst As a 24/7 SOC Analyst, you will be on the frontline of our Security Operations Centre - monitoring, investigating and escalating security events across multiple customer environments. You will work closely with Senior and Lead Analysts for guidance, development and collaborative investigation. You will use platforms such as Microsoft Sentinel, Google SecOps, Defender XDR, CrowdStrike Falcon, SentinelOne and Cortex XSOAR/XSIAM to understand what has happened, how activity progressed and what actions need to be taken. You will be supported through structured training, cyber ranges, hands on exposure to modern SOC technologies and real investigation experience to help you grow quickly. You will join a modern, continuously evolving SOC run by people who are technical at heart and understand what analysts need to succeed. Career development is a core focus, with clear pathways into Threat Intelligence, SOC Engineering, SOC Professional Services, senior SOC roles and Incident Response for those who want to specialise. You'll be part of a collaborative, agile team that values curiosity, humour and a genuine interest in technology. The environment is built around continuous improvement, with everyone having a voice in shaping how the department evolves. Regular team events and knowledge sharing sessions create a supportive, engaging place to work. Key Responsibilities Detect and investigate Monitor and triage alerts across SIEM, EDR or XDR, email and web security platforms. Investigate suspicious activity and determine whether escalation is required. Follow SOC runbooks and investigation workflows. Build clear timelines of activity and maintain accurate investigation notes. Escalate complex cases to Senior and Lead Analysts with appropriate context. Review vulnerability management output and provide basic prioritisation insight. Hunt and improve Take part in directed threat hunting activities. Suggest improvements to detections, dashboards and runbooks. Support testing of new use cases and detection logic. Collaborate and communicate Provide clear written updates for customers and internal stakeholders. Participate in shift handovers to maintain continuity. Work closely with Senior and Lead Analysts to develop your skills and technical depth. We hire result orientated, smart, and high energy individuals who bring a can do attitude and a willingness to go the extra mile and deliver exceptional outcomes. You should be organised and rigorous, with excellent analytical skills. Good communication with internal stakeholders is vital, as is the ability to work as part of a dynamic team. Required skills: Minimum 1 year in a Security Operations Centre (SOC), or Minimum 3 years in infrastructure or networking roles with demonstrable security exposure. Experience triaging and investigating security alerts. Understanding of attacker behaviours, TTPs, and common malware execution chains (e.g., phishing leading to script or binary execution). Ability to recognise indicators of compromise such as unusual processes, network connections, irregular logon activity or file changes. Hands on experience with at least one major security platform (SIEM, EDR or XDR). Familiarity with ticketing tools such as ServiceNow, Salesforce, or JIRA. Familiarity with Windows event logs, authentication logs, basic process trees, and command line tools (Windows & Unix like systems). Understanding of core network protocols: DNS, HTTP, SMB, LDAP. Operational knowledge of Windows, macOS and Linux. Ability to read and interpret logs from multiple sources. Awareness of MITRE ATT&CK and differentiating legitimate admin activity vs suspicious behaviour. Desirable skills: Experience with Microsoft Sentinel, Google SecOps or other SIEM platforms. Experience with Defender, CrowdStrike, SentinelOne or other XDR solutions. Ability to query in KQL, CQL, S1QL, XQL or similar languages. Awareness of threat intelligence concepts and application to investigations. Awareness of coding or scripting, with proficiency in at least one language preferred (but not required). Job Specifics Location: This role is home based with occasional visits to the office in Basingstoke Hours: 12 hour shifts: 2 days, 2 nights; 4 days/nights off. Flexibility with hours will be required in the event of a major incident Security clearance: Eligibility for SC clearance (lived in the UK for five years consecutively) required. DV clearance eligibility is advantageous. Why would you choose to come and work with us? We invest in our people. You will get to work in a dynamic, fast paced environment where you are free to use your initiative in support of our strategic objectives. You will work alongside high calibre sales, technical, and operational experts as part of a supportive, tight knit team, within which every individual has an important part to play and makes a real difference. Nomios offers a highly competitive salary and commission scheme along with industry leading benefits. Ready to make an impact? Apply now! Nomios is an equal opportunity employer and is committed to creating and sustaining an environment in which everyone is provided with an equal opportunity to grow and develop, and no individual will be unjustly discriminated against. This includes, but is not limited to, discrimination because of age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion and belief, sex and sexual orientation.
ROLE TITLE: SOC Analyst - SC Cleared LOCATION: flexible (can be predominantly remote) The ideal candidate must have active SC clearance We are actively looking to secure an SOC Analyst to join Experis. Experis Consultancy is a Global entity with a well-established team with over 1000 consultants on assignment across 20 clients globally. Our UK operation is growing and has very aggressive plans for expansion over the coming years. We form part of the Manpower group of companies that turn over $20 billion a year collectively. Experis UK have partnerships with major clients across the UK spanning multiple industries; our approach is a very personal one, with both our clients and our own employees. We are passionate about training, technology and career development. Skills required: Microsoft Certified: Security Operations Analyst Associate Certification (SC200) is a mandatory requirement for role fulfilment Experience working with SIEM technologies and security tooling An understanding of IT Infrastructure and Networking An understanding of vulnerability and threat management An understanding of the incident response lifecycle T he ability to work in a close team and independently The ability to be adaptable to a high pace changeable workload An interest in security and threat management Nice to have skills A SOC Analyst will be responsible for providing Protective Monitoring Services across a range of Secure Customers. They will be responsible for the day to day monitoring using various SIEM Tools (Qradar, Sentinel & LogRhythm). Some of the responsibilities that come along with this role include the following: Security Analytics Incident investigation, triage and escalation Threat monitoring and response Trend reporting Rule tuning and continual service improvement The role involves working alongside other team members including SOC engineers and Service Managers. Benefits Include: Contributory pension scheme Employee Assistance Program Medical and Dental cover 22 days holiday + bank holidays Maternity Pay/Shared Parental leave and paternity leave Sick pay Suitable Candidates should submit CVs in the first instance.
Jan 09, 2026
Full time
ROLE TITLE: SOC Analyst - SC Cleared LOCATION: flexible (can be predominantly remote) The ideal candidate must have active SC clearance We are actively looking to secure an SOC Analyst to join Experis. Experis Consultancy is a Global entity with a well-established team with over 1000 consultants on assignment across 20 clients globally. Our UK operation is growing and has very aggressive plans for expansion over the coming years. We form part of the Manpower group of companies that turn over $20 billion a year collectively. Experis UK have partnerships with major clients across the UK spanning multiple industries; our approach is a very personal one, with both our clients and our own employees. We are passionate about training, technology and career development. Skills required: Microsoft Certified: Security Operations Analyst Associate Certification (SC200) is a mandatory requirement for role fulfilment Experience working with SIEM technologies and security tooling An understanding of IT Infrastructure and Networking An understanding of vulnerability and threat management An understanding of the incident response lifecycle T he ability to work in a close team and independently The ability to be adaptable to a high pace changeable workload An interest in security and threat management Nice to have skills A SOC Analyst will be responsible for providing Protective Monitoring Services across a range of Secure Customers. They will be responsible for the day to day monitoring using various SIEM Tools (Qradar, Sentinel & LogRhythm). Some of the responsibilities that come along with this role include the following: Security Analytics Incident investigation, triage and escalation Threat monitoring and response Trend reporting Rule tuning and continual service improvement The role involves working alongside other team members including SOC engineers and Service Managers. Benefits Include: Contributory pension scheme Employee Assistance Program Medical and Dental cover 22 days holiday + bank holidays Maternity Pay/Shared Parental leave and paternity leave Sick pay Suitable Candidates should submit CVs in the first instance.
Security Operations Centre / SOC Team Lead 58,252 - 68,586 per annum 28.97% Employer pension contribution and more great benefits Relaxed hybrid and flexible working environment Location: Glasgow or Edinburgh About the Role Hays' Cyber practice have partnered exclusively with Registers of Scotland (RoS) on the search for a Technical Team Lead within their internal Security Operations Centre. This role will have you leading a team of analysts and working alongside security engineers to develop and automate threat detection and response playbooks, as well as security architects and the wider IT function. The ideal candidate will have the technical expertise to work on day-to-day operations within a busy SOC, but also will have led SOC teams from a line-management, pastoral leadership, and ITSM perspective, ranging from SIEM use case tuning, to employee appraisals, KPI's and reporting metrics. About the Organisation Registers of Scotland (RoS) manages 21 land, property and other legal registers which are a critical asset for the Scottish economy. They aim to provide the best public service for Scotland and are on a mission to make some of the oldest public land registers in the world into some of the most modern. Registers of Scotland (RoS) is also an award-winning organisation recognised for its technology and innovation and is a world-leading pioneer in land and property registration. Their full-stack teams design, architect, and build all our registration products in-house, and they work to create digital solutions for the people of Scotland. You will get an opportunity to nurture your creativity and develop with RoS through access to the latest data, software engineering and product delivery techniques. Key Responsibilities Provide day-to-day line management, coaching, and development of SOC analysts and engineers. Lead the configuration, tuning, and maintenance of core SOC capabilities including log aggregation, alerting, correlation, threat detection, and response tooling. Define, track, and report SOC performance metrics and KPIs, ensuring operational efficiency and alignment with organisation objectives. Manage and mentor SOC team members, setting clear performance objectives, monitoring KPIs, analysing metrics, and driving continuous improvement through coaching, training, and performance reviews. Collaborate with cyber engineers to develop and automate detection logic and incident response playbooks. Work with Technical Product Manager and Security Architect to ensure SOC capabilities align with enterprise security architecture and strategy. Ensure SOC processes are integrated with ITSM systems for effective incident, change, and problem management. Develop and maintain scenario-based runbooks and technical procedures for incident response. Engage with project teams to provide security assurance for new and existing services. Drive continuous improvement in SOC operations, tooling, and team capability. What We're Looking For Proven experience in a Security Operations Centre or operational security environment. Demonstrable experience managing or leading a technical team or function in an enterprise setting. Strong background in operating and maintaining SOC capabilities such as log management, alerting, threat detection, and incident response tooling. Experience in incident response, including leading technical investigations and developing response frameworks. Proficiency in integrating and operationalising cyber threat intelligence. Experience working with ITSM systems to manage and prioritise workloads. Experience reporting on SOC metrics including SLA/OLA performance, MTTD/MTTR, alert accuracy, and outcome-based security improvements. Excellent interpersonal and communication skills, with the ability to work effectively across technical and non-technical teams. Experience developing or implementing vulnerability management tools and processes. Familiarity with cloud security monitoring and hybrid infrastructure environments. Knowledge of relevant security frameworks such as NIST CRF, ISO 27001, NCSC CAF, and MITRE ATT&CK. Experience contributing to or leading SOC maturity assessments or improvement programmes. Package, Benefits and What's in it for you Up to 68,586 inclusive of market supplement Pay progression 28.97% pension (employer contribution) 38 days annual holiday, increasing to 42 days with length of service. Other benefits such as career development opportunities, qualifications, up to a year in parental leave and more Further information For further information relating to RoS, including: Additional details on pay & benefits The Civil Service Code Complaints process Use of AI in the application/recruitment process, Please view our additional information page online: ros . gov . uk/about/publications/governance-and-corporate/2024/recruitment-information Nationality and immigration status In general, only nationals from the following countries (and associations of countries) are eligible for employment in the Civil Service: the United Kingdom, the Republic of Ireland, and the Commonwealth. EU nationals (with settled or pre-settled status), certain EEA nationals, Swiss and Turkish nationals are also eligible for employment. Detailed provisions on determining eligibility on the grounds of nationality and, where relevant, immigration status can be reviewed here. gov . uk/government/publications/nationality-rules What you need to do now If you're interested in this role, click 'apply now' to send us your CV, or contact us for a confidential discussion. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)
Jan 09, 2026
Full time
Security Operations Centre / SOC Team Lead 58,252 - 68,586 per annum 28.97% Employer pension contribution and more great benefits Relaxed hybrid and flexible working environment Location: Glasgow or Edinburgh About the Role Hays' Cyber practice have partnered exclusively with Registers of Scotland (RoS) on the search for a Technical Team Lead within their internal Security Operations Centre. This role will have you leading a team of analysts and working alongside security engineers to develop and automate threat detection and response playbooks, as well as security architects and the wider IT function. The ideal candidate will have the technical expertise to work on day-to-day operations within a busy SOC, but also will have led SOC teams from a line-management, pastoral leadership, and ITSM perspective, ranging from SIEM use case tuning, to employee appraisals, KPI's and reporting metrics. About the Organisation Registers of Scotland (RoS) manages 21 land, property and other legal registers which are a critical asset for the Scottish economy. They aim to provide the best public service for Scotland and are on a mission to make some of the oldest public land registers in the world into some of the most modern. Registers of Scotland (RoS) is also an award-winning organisation recognised for its technology and innovation and is a world-leading pioneer in land and property registration. Their full-stack teams design, architect, and build all our registration products in-house, and they work to create digital solutions for the people of Scotland. You will get an opportunity to nurture your creativity and develop with RoS through access to the latest data, software engineering and product delivery techniques. Key Responsibilities Provide day-to-day line management, coaching, and development of SOC analysts and engineers. Lead the configuration, tuning, and maintenance of core SOC capabilities including log aggregation, alerting, correlation, threat detection, and response tooling. Define, track, and report SOC performance metrics and KPIs, ensuring operational efficiency and alignment with organisation objectives. Manage and mentor SOC team members, setting clear performance objectives, monitoring KPIs, analysing metrics, and driving continuous improvement through coaching, training, and performance reviews. Collaborate with cyber engineers to develop and automate detection logic and incident response playbooks. Work with Technical Product Manager and Security Architect to ensure SOC capabilities align with enterprise security architecture and strategy. Ensure SOC processes are integrated with ITSM systems for effective incident, change, and problem management. Develop and maintain scenario-based runbooks and technical procedures for incident response. Engage with project teams to provide security assurance for new and existing services. Drive continuous improvement in SOC operations, tooling, and team capability. What We're Looking For Proven experience in a Security Operations Centre or operational security environment. Demonstrable experience managing or leading a technical team or function in an enterprise setting. Strong background in operating and maintaining SOC capabilities such as log management, alerting, threat detection, and incident response tooling. Experience in incident response, including leading technical investigations and developing response frameworks. Proficiency in integrating and operationalising cyber threat intelligence. Experience working with ITSM systems to manage and prioritise workloads. Experience reporting on SOC metrics including SLA/OLA performance, MTTD/MTTR, alert accuracy, and outcome-based security improvements. Excellent interpersonal and communication skills, with the ability to work effectively across technical and non-technical teams. Experience developing or implementing vulnerability management tools and processes. Familiarity with cloud security monitoring and hybrid infrastructure environments. Knowledge of relevant security frameworks such as NIST CRF, ISO 27001, NCSC CAF, and MITRE ATT&CK. Experience contributing to or leading SOC maturity assessments or improvement programmes. Package, Benefits and What's in it for you Up to 68,586 inclusive of market supplement Pay progression 28.97% pension (employer contribution) 38 days annual holiday, increasing to 42 days with length of service. Other benefits such as career development opportunities, qualifications, up to a year in parental leave and more Further information For further information relating to RoS, including: Additional details on pay & benefits The Civil Service Code Complaints process Use of AI in the application/recruitment process, Please view our additional information page online: ros . gov . uk/about/publications/governance-and-corporate/2024/recruitment-information Nationality and immigration status In general, only nationals from the following countries (and associations of countries) are eligible for employment in the Civil Service: the United Kingdom, the Republic of Ireland, and the Commonwealth. EU nationals (with settled or pre-settled status), certain EEA nationals, Swiss and Turkish nationals are also eligible for employment. Detailed provisions on determining eligibility on the grounds of nationality and, where relevant, immigration status can be reviewed here. gov . uk/government/publications/nationality-rules What you need to do now If you're interested in this role, click 'apply now' to send us your CV, or contact us for a confidential discussion. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)
Senior SOC Analysts and Lead SOC Analysts for our government client based near Glasgow. Applicants need to have Active SC or DV clearance And be Eligible for DV vetting if successful. Fully onsite working on a 24/7 shift pattern Must be eligible/for DV vetting - Single British Nationality required by our government services client Rate 610-650 pd (depending on which role) Inside IR35 - Umbrella Company Working in an DV (Developed Vetting) Security cleared environment. You will hold a current DV or SC Security Clearance, or be eligible to undertake. The role requires working as part of a 24/7 shift pattern. This pattern will include weekends and bank holidays. Skills and Experience Required: Experience of SPLUNK with in a Security Operations Centre (SOC). A bachelor's degree in computer science, Cyber Security or relevant experience You should have a foundational understanding of networking concepts (TCP/IP, DNS, etc.), operating systems (Windows, Linux), and common cyber-attack techniques. Certifications like CompTIA Security+, Cybersecurity Analyst (CySA+), or a similar certification are a significant bonus to the role Key Responsibilities Continuous Monitoring: You will monitor security tools, including Security Information and Event Management (SIEM) systems, to detect suspicious activity. You will be the first to see potential threats and will need to be efficient and professional response against defined processes. Incident Triage: You will analyse alerts and logs to determine if an event is a genuine security incident or a false positive. You will need to be methodical and follow established procedures to classify and prioritize incidents. Initial Incident Response: For confirmed incidents, youll perform initial containment actions, such as isolating affected systems, and escalate the incident to a Level 2 or 3 analyst for deeper investigation. Reporting and Documentation: You will create detailed tickets and reports for all detected incidents, documenting your findings and the steps you took. This is crucial for tracking incidents and for future analysis. Tool Management: You will assist in the maintenance and optimization of security tools, ensuring they are working correctly and effectively. Please apply on line in the first instance SmartSourcing are a Disability Confident Employer and we promote, celebrate and value diversity, we are committed to promoting equality and inclusion for all.
Jan 09, 2026
Contractor
Senior SOC Analysts and Lead SOC Analysts for our government client based near Glasgow. Applicants need to have Active SC or DV clearance And be Eligible for DV vetting if successful. Fully onsite working on a 24/7 shift pattern Must be eligible/for DV vetting - Single British Nationality required by our government services client Rate 610-650 pd (depending on which role) Inside IR35 - Umbrella Company Working in an DV (Developed Vetting) Security cleared environment. You will hold a current DV or SC Security Clearance, or be eligible to undertake. The role requires working as part of a 24/7 shift pattern. This pattern will include weekends and bank holidays. Skills and Experience Required: Experience of SPLUNK with in a Security Operations Centre (SOC). A bachelor's degree in computer science, Cyber Security or relevant experience You should have a foundational understanding of networking concepts (TCP/IP, DNS, etc.), operating systems (Windows, Linux), and common cyber-attack techniques. Certifications like CompTIA Security+, Cybersecurity Analyst (CySA+), or a similar certification are a significant bonus to the role Key Responsibilities Continuous Monitoring: You will monitor security tools, including Security Information and Event Management (SIEM) systems, to detect suspicious activity. You will be the first to see potential threats and will need to be efficient and professional response against defined processes. Incident Triage: You will analyse alerts and logs to determine if an event is a genuine security incident or a false positive. You will need to be methodical and follow established procedures to classify and prioritize incidents. Initial Incident Response: For confirmed incidents, youll perform initial containment actions, such as isolating affected systems, and escalate the incident to a Level 2 or 3 analyst for deeper investigation. Reporting and Documentation: You will create detailed tickets and reports for all detected incidents, documenting your findings and the steps you took. This is crucial for tracking incidents and for future analysis. Tool Management: You will assist in the maintenance and optimization of security tools, ensuring they are working correctly and effectively. Please apply on line in the first instance SmartSourcing are a Disability Confident Employer and we promote, celebrate and value diversity, we are committed to promoting equality and inclusion for all.
Senior SOC Analysts Lead SOC Analysts with active SC or ideally DV clearance. Fully onsite working on a 24/7 shift rota. Must be eligible/for DV vetting - Single British Nationality required by our government services client in Milton Keynes or Glasgow Rate 610-650 pd Inside IR35 - Umbrella Company Working in an DV (Developed Vetting) Security cleared environment. You will hold a current DV or SC Security Clearance, or be eligible to undertake. The role requires working as part of a 24/7 shift pattern. This pattern will include weekends and bank holidays. Skills and Experience Required: Experience of SPLUNK with in a Security Operations Centre (SOC). A bachelor's degree in computer science, Cyber Security or relevant experience You should have a foundational understanding of networking concepts (TCP/IP, DNS, etc.), operating systems (Windows, Linux), and common cyber-attack techniques. Certifications like CompTIA Security+, Cybersecurity Analyst (CySA+), or a similar certification are a significant bonus to the role Key Responsibilities Continuous Monitoring: You will monitor security tools, including Security Information and Event Management (SIEM) systems, to detect suspicious activity. You will be the first to see potential threats and will need to be efficient and professional response against defined processes. Incident Triage: You will analyse alerts and logs to determine if an event is a genuine security incident or a false positive. You will need to be methodical and follow established procedures to classify and prioritize incidents. Initial Incident Response: For confirmed incidents, youll perform initial containment actions, such as isolating affected systems, and escalate the incident to a Level 2 or 3 analyst for deeper investigation. Reporting and Documentation: You'll create detailed tickets and reports for all detected incidents, documenting your findings and the steps you took. This is crucial for tracking incidents and for future analysis. Tool Management: You will assist in the maintenance and optimization of security tools, ensuring they are working correctly and effectively. Please apply on line in the first instance SmartSourcing are a Disability Confident Employer and we promote, celebrate and value diversity, we are committed to promoting equality and inclusion for all.
Jan 09, 2026
Contractor
Senior SOC Analysts Lead SOC Analysts with active SC or ideally DV clearance. Fully onsite working on a 24/7 shift rota. Must be eligible/for DV vetting - Single British Nationality required by our government services client in Milton Keynes or Glasgow Rate 610-650 pd Inside IR35 - Umbrella Company Working in an DV (Developed Vetting) Security cleared environment. You will hold a current DV or SC Security Clearance, or be eligible to undertake. The role requires working as part of a 24/7 shift pattern. This pattern will include weekends and bank holidays. Skills and Experience Required: Experience of SPLUNK with in a Security Operations Centre (SOC). A bachelor's degree in computer science, Cyber Security or relevant experience You should have a foundational understanding of networking concepts (TCP/IP, DNS, etc.), operating systems (Windows, Linux), and common cyber-attack techniques. Certifications like CompTIA Security+, Cybersecurity Analyst (CySA+), or a similar certification are a significant bonus to the role Key Responsibilities Continuous Monitoring: You will monitor security tools, including Security Information and Event Management (SIEM) systems, to detect suspicious activity. You will be the first to see potential threats and will need to be efficient and professional response against defined processes. Incident Triage: You will analyse alerts and logs to determine if an event is a genuine security incident or a false positive. You will need to be methodical and follow established procedures to classify and prioritize incidents. Initial Incident Response: For confirmed incidents, youll perform initial containment actions, such as isolating affected systems, and escalate the incident to a Level 2 or 3 analyst for deeper investigation. Reporting and Documentation: You'll create detailed tickets and reports for all detected incidents, documenting your findings and the steps you took. This is crucial for tracking incidents and for future analysis. Tool Management: You will assist in the maintenance and optimization of security tools, ensuring they are working correctly and effectively. Please apply on line in the first instance SmartSourcing are a Disability Confident Employer and we promote, celebrate and value diversity, we are committed to promoting equality and inclusion for all.
Security Operations Centre/SOC Team Lead £58,252 - £68,586 per annum 28.97% Employer pension contribution and more great benefits Relaxed hybrid and flexible working environment Location: Glasgow or Edinburgh About the Role Hays' Cyber practice have partnered exclusively with Registers of Scotland (RoS) on the search for a Technical Team Lead within their internal Security Operations Centre. This role will have you leading a team of analysts and working alongside security engineers to develop and automate threat detection and response playbooks, as well as security architects and the wider IT function. The ideal candidate will have the technical expertise to work on day-to-day operations within a busy SOC, but also will have led SOC teams from a line-management, pastoral leadership, and ITSM perspective, ranging from SIEM use case tuning, to employee appraisals, KPI's and reporting metrics. About the Organisation Registers of Scotland (RoS) manages 21 land, property and other legal registers which are a critical asset for the Scottish economy. They aim to provide the best public service for Scotland and are on a mission to make some of the oldest public land registers in the world into some of the most modern. Registers of Scotland (RoS) is also an award-winning organisation recognised for its technology and innovation and is a world-leading pioneer in land and property registration. Their full-stack teams design, architect, and build all our registration products in-house, and they work to create digital solutions for the people of Scotland. You will get an opportunity to nurture your creativity and develop with RoS through access to the latest data, software engineering and product delivery techniques. Key Responsibilities Provide day-to-day line management, coaching, and development of SOC analysts and engineers. Lead the configuration, tuning, and maintenance of core SOC capabilities including log aggregation, alerting, correlation, threat detection, and response tooling. Define, track, and report SOC performance metrics and KPIs, ensuring operational efficiency and alignment with organisation objectives. Manage and mentor SOC team members, setting clear performance objectives, monitoring KPIs, analysing metrics, and driving continuous improvement through coaching, training, and performance reviews. Collaborate with cyber engineers to develop and automate detection logic and incident response playbooks. Work with Technical Product Manager and Security Architect to ensure SOC capabilities align with enterprise security architecture and strategy. Ensure SOC processes are integrated with ITSM systems for effective incident, change, and problem management. Develop and maintain scenario-based runbooks and technical procedures for incident response. Engage with project teams to provide security assurance for new and existing services. Drive continuous improvement in SOC operations, tooling, and team capability. What We're Looking For Proven experience in a Security Operations Centre or operational security environment. Demonstrable experience managing or leading a technical team or function in an enterprise setting. Strong background in operating and maintaining SOC capabilities such as log management, alerting, threat detection, and incident response tooling. Experience in incident response, including leading technical investigations and developing response frameworks. Proficiency in integrating and operationalising cyber threat intelligence. Experience working with ITSM systems to manage and prioritise workloads. Experience reporting on SOC metrics including SLA/OLA performance, MTTD/MTTR, alert accuracy, and outcome-based security improvements. Excellent interpersonal and communication skills, with the ability to work effectively across technical and non-technical teams. Experience developing or implementing vulnerability management tools and processes. Familiarity with cloud security monitoring and hybrid infrastructure environments. Knowledge of relevant security frameworks such as NIST CRF, ISO 27001, NCSC CAF, and MITRE ATT&CK. Experience contributing to or leading SOC maturity assessments or improvement programmes. Package, Benefits and What's in it for you Up to £68,586 inclusive of market supplement Pay progression 28.97% pension (employer contribution) 38 days annual holiday, increasing to 42 days with length of service. Other benefits such as career development opportunities, qualifications, up to a year in parental leave and more Further information For further information relating to RoS, including: Additional details on pay & benefits The Civil Service Code Complaints process Use of AI in the application/recruitment process, Please view our additional information page online Nationality and immigration status In general, only nationals from the following countries (and associations of countries) are eligible for employment in the Civil Service: the United Kingdom, the Republic of Ireland, and the Commonwealth. EU nationals (with settled or pre-settled status), certain EEA nationals, Swiss and Turkish nationals are also eligible for employment. Detailed provisions on determining eligibility on the grounds of nationality and where relevant, immigration status can be reviewed here. gov[.]uk/government/publications/nationality-rules What you need to do now If you're interested in this role, click 'apply now' to send us your CV, or contact us for a confidential discussion. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found on our website.
Jan 09, 2026
Full time
Security Operations Centre/SOC Team Lead £58,252 - £68,586 per annum 28.97% Employer pension contribution and more great benefits Relaxed hybrid and flexible working environment Location: Glasgow or Edinburgh About the Role Hays' Cyber practice have partnered exclusively with Registers of Scotland (RoS) on the search for a Technical Team Lead within their internal Security Operations Centre. This role will have you leading a team of analysts and working alongside security engineers to develop and automate threat detection and response playbooks, as well as security architects and the wider IT function. The ideal candidate will have the technical expertise to work on day-to-day operations within a busy SOC, but also will have led SOC teams from a line-management, pastoral leadership, and ITSM perspective, ranging from SIEM use case tuning, to employee appraisals, KPI's and reporting metrics. About the Organisation Registers of Scotland (RoS) manages 21 land, property and other legal registers which are a critical asset for the Scottish economy. They aim to provide the best public service for Scotland and are on a mission to make some of the oldest public land registers in the world into some of the most modern. Registers of Scotland (RoS) is also an award-winning organisation recognised for its technology and innovation and is a world-leading pioneer in land and property registration. Their full-stack teams design, architect, and build all our registration products in-house, and they work to create digital solutions for the people of Scotland. You will get an opportunity to nurture your creativity and develop with RoS through access to the latest data, software engineering and product delivery techniques. Key Responsibilities Provide day-to-day line management, coaching, and development of SOC analysts and engineers. Lead the configuration, tuning, and maintenance of core SOC capabilities including log aggregation, alerting, correlation, threat detection, and response tooling. Define, track, and report SOC performance metrics and KPIs, ensuring operational efficiency and alignment with organisation objectives. Manage and mentor SOC team members, setting clear performance objectives, monitoring KPIs, analysing metrics, and driving continuous improvement through coaching, training, and performance reviews. Collaborate with cyber engineers to develop and automate detection logic and incident response playbooks. Work with Technical Product Manager and Security Architect to ensure SOC capabilities align with enterprise security architecture and strategy. Ensure SOC processes are integrated with ITSM systems for effective incident, change, and problem management. Develop and maintain scenario-based runbooks and technical procedures for incident response. Engage with project teams to provide security assurance for new and existing services. Drive continuous improvement in SOC operations, tooling, and team capability. What We're Looking For Proven experience in a Security Operations Centre or operational security environment. Demonstrable experience managing or leading a technical team or function in an enterprise setting. Strong background in operating and maintaining SOC capabilities such as log management, alerting, threat detection, and incident response tooling. Experience in incident response, including leading technical investigations and developing response frameworks. Proficiency in integrating and operationalising cyber threat intelligence. Experience working with ITSM systems to manage and prioritise workloads. Experience reporting on SOC metrics including SLA/OLA performance, MTTD/MTTR, alert accuracy, and outcome-based security improvements. Excellent interpersonal and communication skills, with the ability to work effectively across technical and non-technical teams. Experience developing or implementing vulnerability management tools and processes. Familiarity with cloud security monitoring and hybrid infrastructure environments. Knowledge of relevant security frameworks such as NIST CRF, ISO 27001, NCSC CAF, and MITRE ATT&CK. Experience contributing to or leading SOC maturity assessments or improvement programmes. Package, Benefits and What's in it for you Up to £68,586 inclusive of market supplement Pay progression 28.97% pension (employer contribution) 38 days annual holiday, increasing to 42 days with length of service. Other benefits such as career development opportunities, qualifications, up to a year in parental leave and more Further information For further information relating to RoS, including: Additional details on pay & benefits The Civil Service Code Complaints process Use of AI in the application/recruitment process, Please view our additional information page online Nationality and immigration status In general, only nationals from the following countries (and associations of countries) are eligible for employment in the Civil Service: the United Kingdom, the Republic of Ireland, and the Commonwealth. EU nationals (with settled or pre-settled status), certain EEA nationals, Swiss and Turkish nationals are also eligible for employment. Detailed provisions on determining eligibility on the grounds of nationality and where relevant, immigration status can be reviewed here. gov[.]uk/government/publications/nationality-rules What you need to do now If you're interested in this role, click 'apply now' to send us your CV, or contact us for a confidential discussion. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found on our website.
ROLE TITLE: SOC Analyst - SC Cleared LOCATION: flexible (can be predominantly remote) The ideal candidate must have active SC clearance We are actively looking to secure an SOC Analyst to join Experis. Experis Consultancy is a Global entity with a well-established team with over 1000 consultants on assignment across 20 clients globally. Our UK operation is growing and has very aggressive plans for expansion over the coming years. We form part of the Manpower group of companies that turn over $20 billion a year collectively. Experis UK have partnerships with major clients across the UK spanning multiple industries; our approach is a very personal one, with both our clients and our own employees. We are passionate about training, technology and career development. Skills required: Microsoft Certified: Security Operations Analyst Associate Certification (SC200) is a mandatory requirement for role fulfilment Experience working with SIEM technologies and security tooling An understanding of IT Infrastructure and Networking An understanding of vulnerability and threat management An understanding of the incident response life cycle T The ability to work in a close team and independently The ability to be adaptable to a high pace changeable workload An interest in security and threat management Nice to have skills A SOC Analyst will be responsible for providing Protective Monitoring Services across a range of Secure Customers. They will be responsible for the day to day monitoring using various SIEM Tools (Qradar, Sentinel & LogRhythm). Some of the responsibilities that come along with this role include the following: Security Analytics Incident investigation, triage and escalation Threat monitoring and response Trend reporting Rule tuning and continual service improvement The role involves working alongside other team members including SOC engineers and Service Managers. Benefits Include: Contributory pension scheme Employee Assistance Program Medical and Dental cover 22 days holiday + bank holidays Maternity Pay/Shared Parental leave and paternity leave Sick pay Suitable Candidates should submit CVs in the first instance.
Jan 09, 2026
Full time
ROLE TITLE: SOC Analyst - SC Cleared LOCATION: flexible (can be predominantly remote) The ideal candidate must have active SC clearance We are actively looking to secure an SOC Analyst to join Experis. Experis Consultancy is a Global entity with a well-established team with over 1000 consultants on assignment across 20 clients globally. Our UK operation is growing and has very aggressive plans for expansion over the coming years. We form part of the Manpower group of companies that turn over $20 billion a year collectively. Experis UK have partnerships with major clients across the UK spanning multiple industries; our approach is a very personal one, with both our clients and our own employees. We are passionate about training, technology and career development. Skills required: Microsoft Certified: Security Operations Analyst Associate Certification (SC200) is a mandatory requirement for role fulfilment Experience working with SIEM technologies and security tooling An understanding of IT Infrastructure and Networking An understanding of vulnerability and threat management An understanding of the incident response life cycle T The ability to work in a close team and independently The ability to be adaptable to a high pace changeable workload An interest in security and threat management Nice to have skills A SOC Analyst will be responsible for providing Protective Monitoring Services across a range of Secure Customers. They will be responsible for the day to day monitoring using various SIEM Tools (Qradar, Sentinel & LogRhythm). Some of the responsibilities that come along with this role include the following: Security Analytics Incident investigation, triage and escalation Threat monitoring and response Trend reporting Rule tuning and continual service improvement The role involves working alongside other team members including SOC engineers and Service Managers. Benefits Include: Contributory pension scheme Employee Assistance Program Medical and Dental cover 22 days holiday + bank holidays Maternity Pay/Shared Parental leave and paternity leave Sick pay Suitable Candidates should submit CVs in the first instance.
The Role: We are working with a global enterprise who has an opening for a SIEM Engineer/Cyber Security Engineer with experience of building rules to detect threats. The successful team will be working with an established team of engineers to build a new SIEM platform. SIEM Solution Development: Collaborate with security analysts and architects to design and implement SIEM solutions using Elasticsearch. Optimize SIEM rules, alerts, and dashboards for efficient threat detection. Collaboration: Collaborate effectively with others to drive forward key security objectives Query Optimization and Performance Tuning: Write efficient Elasticsearch queries to retrieve relevant security events. Monitor and manage the performance of the SIEM infrastructure. Security Engineering: Contribute to security engineering projects, transitions, and transformations. Work closely with security operations and associated security incident response systems Stay informed about emerging threats and security best practices. Skills Required: 3 years + experience working in a Cyber Security Engineer/SIEM Engineer role. Experience setting up access controls, authentication and encryption using Elastic Security features. Knowledge of detection rule development. Including the ability to create, test and optimise detection rules to identify suspicious activities and potential threats. Performance Tuning with Elasticsearch and Logstash including fine-tune query performance using Elasticsearch indices and mappings. Experience of monitoring Logstash pipelines. Experience with Kibana visualization and monitoring. Creating custom visualizations to track data quality metrics and systems performance. Knowledge of offensive testing frameworks advantageous.
Jan 09, 2026
Contractor
The Role: We are working with a global enterprise who has an opening for a SIEM Engineer/Cyber Security Engineer with experience of building rules to detect threats. The successful team will be working with an established team of engineers to build a new SIEM platform. SIEM Solution Development: Collaborate with security analysts and architects to design and implement SIEM solutions using Elasticsearch. Optimize SIEM rules, alerts, and dashboards for efficient threat detection. Collaboration: Collaborate effectively with others to drive forward key security objectives Query Optimization and Performance Tuning: Write efficient Elasticsearch queries to retrieve relevant security events. Monitor and manage the performance of the SIEM infrastructure. Security Engineering: Contribute to security engineering projects, transitions, and transformations. Work closely with security operations and associated security incident response systems Stay informed about emerging threats and security best practices. Skills Required: 3 years + experience working in a Cyber Security Engineer/SIEM Engineer role. Experience setting up access controls, authentication and encryption using Elastic Security features. Knowledge of detection rule development. Including the ability to create, test and optimise detection rules to identify suspicious activities and potential threats. Performance Tuning with Elasticsearch and Logstash including fine-tune query performance using Elasticsearch indices and mappings. Experience of monitoring Logstash pipelines. Experience with Kibana visualization and monitoring. Creating custom visualizations to track data quality metrics and systems performance. Knowledge of offensive testing frameworks advantageous.
Your New Company and Role We're partnering with a leading organisation seeking an experienced Lead SOC Analyst to join their team in Glasgow on a 12-month contract. This is a fantastic opportunity to take a leadership role within a 24/7 Security Operations Centre (SOC), protecting critical systems from cyber threats. As a Level 2 SOC Analyst, you'll not only monitor and respond to incidents but also provide guidance and support to junior team members. Your responsibilities will include: Continuous Monitoring: Oversee SIEM tools (including Splunk) to detect suspicious activity and ensure timely response. Incident Triage: Analyse alerts and logs to confirm genuine incidents and prioritise effectively. Initial Incident Response: Execute containment actions and escalate complex cases to senior analysts. Reporting & Documentation: Maintain detailed records of incidents and actions taken for tracking and analysis. Team Leadership: Provide direction and support to junior analysts during shifts and ensure smooth handovers. Tool Management: Assist in maintaining and optimising security tools for peak performance. What You'll Need to Succeed Strong leadership skills with the ability to guide and mentor junior team members. Excellent problem-solving abilities, attention to detail, and ability to work under pressure. Hands-on experience with Splunk in a SOC environment. Solid understanding of networking (TCP/IP, DNS), operating systems (Windows/Linux), and common cyber-attack techniques. A degree in Computer Science, Cybersecurity, IT, or equivalent experience. Certifications such as CompTIA Security+, CySA+, or similar are highly desirable. What You'll Get in Return Competitive daily rate up to 633. 12-month contract with potential for extension. Opportunity to lead within a high-performing SOC team on mission-critical projects. What you need to do now If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now. If this job isn't quite right for you, but you are looking for a new position, please contact us for a confidential discussion about your career. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)
Jan 08, 2026
Contractor
Your New Company and Role We're partnering with a leading organisation seeking an experienced Lead SOC Analyst to join their team in Glasgow on a 12-month contract. This is a fantastic opportunity to take a leadership role within a 24/7 Security Operations Centre (SOC), protecting critical systems from cyber threats. As a Level 2 SOC Analyst, you'll not only monitor and respond to incidents but also provide guidance and support to junior team members. Your responsibilities will include: Continuous Monitoring: Oversee SIEM tools (including Splunk) to detect suspicious activity and ensure timely response. Incident Triage: Analyse alerts and logs to confirm genuine incidents and prioritise effectively. Initial Incident Response: Execute containment actions and escalate complex cases to senior analysts. Reporting & Documentation: Maintain detailed records of incidents and actions taken for tracking and analysis. Team Leadership: Provide direction and support to junior analysts during shifts and ensure smooth handovers. Tool Management: Assist in maintaining and optimising security tools for peak performance. What You'll Need to Succeed Strong leadership skills with the ability to guide and mentor junior team members. Excellent problem-solving abilities, attention to detail, and ability to work under pressure. Hands-on experience with Splunk in a SOC environment. Solid understanding of networking (TCP/IP, DNS), operating systems (Windows/Linux), and common cyber-attack techniques. A degree in Computer Science, Cybersecurity, IT, or equivalent experience. Certifications such as CompTIA Security+, CySA+, or similar are highly desirable. What You'll Get in Return Competitive daily rate up to 633. 12-month contract with potential for extension. Opportunity to lead within a high-performing SOC team on mission-critical projects. What you need to do now If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now. If this job isn't quite right for you, but you are looking for a new position, please contact us for a confidential discussion about your career. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)
Your New Company and Role We're working with a leading organisation seeking a Senior SOC Analyst to join their team in Glasgow on a 12-month contract. This is an exciting opportunity to be at the forefront of cyber defence, protecting critical systems from evolving threats. As part of a 24/7 Security Operations Centre (SOC) team, you'll monitor systems, detect potential incidents, and initiate the incident response process. Your key responsibilities will include: Continuous Monitoring: Use SIEM tools (including Splunk) to identify suspicious activity and respond efficiently. Incident Triage: Analyse alerts and logs to determine genuine incidents and prioritise accordingly. Initial Incident Response: Perform containment actions and escalate to senior analysts for deeper investigation. Reporting & Documentation: Create detailed incident reports and maintain accurate records. Tool Management: Assist in maintaining and optimising security tools for peak performance. What You'll Need to Succeed Strong problem-solving skills, attention to detail, and ability to work under pressure. Excellent communication skills and a collaborative approach. Hands-on experience with Splunk in a SOC environment. Solid understanding of networking (TCP/IP, DNS), operating systems (Windows/Linux), and common cyber-attack techniques. A degree in Computer Science, Cybersecurity, IT, or equivalent experience. Certifications such as CompTIA Security+, CySA+, or similar are highly desirable. What You'll Get in Return Competitive daily rate up to 573. 12-month contract with potential for extension. Opportunity to work in a high-performing SOC team on mission-critical projects. What you need to do now If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now. If this job isn't quite right for you, but you are looking for a new position, please contact us for a confidential discussion about your career. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)
Jan 08, 2026
Contractor
Your New Company and Role We're working with a leading organisation seeking a Senior SOC Analyst to join their team in Glasgow on a 12-month contract. This is an exciting opportunity to be at the forefront of cyber defence, protecting critical systems from evolving threats. As part of a 24/7 Security Operations Centre (SOC) team, you'll monitor systems, detect potential incidents, and initiate the incident response process. Your key responsibilities will include: Continuous Monitoring: Use SIEM tools (including Splunk) to identify suspicious activity and respond efficiently. Incident Triage: Analyse alerts and logs to determine genuine incidents and prioritise accordingly. Initial Incident Response: Perform containment actions and escalate to senior analysts for deeper investigation. Reporting & Documentation: Create detailed incident reports and maintain accurate records. Tool Management: Assist in maintaining and optimising security tools for peak performance. What You'll Need to Succeed Strong problem-solving skills, attention to detail, and ability to work under pressure. Excellent communication skills and a collaborative approach. Hands-on experience with Splunk in a SOC environment. Solid understanding of networking (TCP/IP, DNS), operating systems (Windows/Linux), and common cyber-attack techniques. A degree in Computer Science, Cybersecurity, IT, or equivalent experience. Certifications such as CompTIA Security+, CySA+, or similar are highly desirable. What You'll Get in Return Competitive daily rate up to 573. 12-month contract with potential for extension. Opportunity to work in a high-performing SOC team on mission-critical projects. What you need to do now If you're interested in this role, click 'apply now' to forward an up-to-date copy of your CV, or call us now. If this job isn't quite right for you, but you are looking for a new position, please contact us for a confidential discussion about your career. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)
Threat Intelligence Analyst - initial 3-6 month contract Portsmouth or London (2 days a week onsite) 500 - 600 a day (inside IR35) We're seeking a highly experienced Threat Intelligence Analyst to lead adversary tracking, threat analysis, and intelligence integration across this large organisation. This is a senior, hands-on role combining strategic threat insight with operational delivery, acting as the primary threat intelligence specialist within the InfoSec function and managing a third-party intelligence provider. This role is ideal for someone who understands the UK threat landscape, particularly critical national infrastructure and public sector risks, and can translate threat intelligence into actionable detection, response, and executive insight. Key Responsibilities Lead threat actor tracking and attribution, focusing on APTs, ransomware, supply chain attacks and UK-relevant campaigns Maintain adversary profiles using MITRE ATT&CK, Diamond Model and sector-specific threat frameworks Correlate internal security telemetry with external intelligence feeds (e.g. MISP, Recorded Future, ISACs, Microsoft TI) Operationalise STIX/TAXII feeds and enrich IOC/IOA pipelines for SOC and Incident Response teams Translate threat intelligence into actionable detections, working with engineers on KQL/SPL queries and proactive threat hunts Produce regular threat reports and briefings for SOC leadership, CISO and senior stakeholders, including board-level risk narratives Manage and oversee a third-party cyber threat intelligence provider, ensuring quality, relevance and value Engage with UK threat-sharing communities and maintain internal threat intelligence documentation and playbooks Required Skills & Experience 5+ years' experience in Threat Intelligence, SOC or Incident Response Strong working knowledge of MITRE ATT&CK and threat actor lifecycle analysis Hands-on experience with threat intelligence platforms such as MISP, Recorded Future, Anomali or similar Strong experience with Microsoft security tooling, ideally Sentinel and Defender Proficiency in KQL and working knowledge of Python for automation and enrichment Experience integrating intelligence into SIEM, EDR/XDR, and cloud security platforms (Microsoft, AWS, CrowdStrike, etc.) Deep understanding of the UK cyber threat landscape, particularly critical national infrastructure and public sector threats Comfortable operating as a sole senior threat intelligence specialist while collaborating across SOC and InfoSec teams Desirable Certifications GIAC Cyber Threat Intelligence (GCTI) CREST Threat Intelligence Analyst GCIH, SC-200, AWS Security Specialty We're looking for someone who can interview in Jan and ideally start within a few weeks so please apply asap
Jan 07, 2026
Contractor
Threat Intelligence Analyst - initial 3-6 month contract Portsmouth or London (2 days a week onsite) 500 - 600 a day (inside IR35) We're seeking a highly experienced Threat Intelligence Analyst to lead adversary tracking, threat analysis, and intelligence integration across this large organisation. This is a senior, hands-on role combining strategic threat insight with operational delivery, acting as the primary threat intelligence specialist within the InfoSec function and managing a third-party intelligence provider. This role is ideal for someone who understands the UK threat landscape, particularly critical national infrastructure and public sector risks, and can translate threat intelligence into actionable detection, response, and executive insight. Key Responsibilities Lead threat actor tracking and attribution, focusing on APTs, ransomware, supply chain attacks and UK-relevant campaigns Maintain adversary profiles using MITRE ATT&CK, Diamond Model and sector-specific threat frameworks Correlate internal security telemetry with external intelligence feeds (e.g. MISP, Recorded Future, ISACs, Microsoft TI) Operationalise STIX/TAXII feeds and enrich IOC/IOA pipelines for SOC and Incident Response teams Translate threat intelligence into actionable detections, working with engineers on KQL/SPL queries and proactive threat hunts Produce regular threat reports and briefings for SOC leadership, CISO and senior stakeholders, including board-level risk narratives Manage and oversee a third-party cyber threat intelligence provider, ensuring quality, relevance and value Engage with UK threat-sharing communities and maintain internal threat intelligence documentation and playbooks Required Skills & Experience 5+ years' experience in Threat Intelligence, SOC or Incident Response Strong working knowledge of MITRE ATT&CK and threat actor lifecycle analysis Hands-on experience with threat intelligence platforms such as MISP, Recorded Future, Anomali or similar Strong experience with Microsoft security tooling, ideally Sentinel and Defender Proficiency in KQL and working knowledge of Python for automation and enrichment Experience integrating intelligence into SIEM, EDR/XDR, and cloud security platforms (Microsoft, AWS, CrowdStrike, etc.) Deep understanding of the UK cyber threat landscape, particularly critical national infrastructure and public sector threats Comfortable operating as a sole senior threat intelligence specialist while collaborating across SOC and InfoSec teams Desirable Certifications GIAC Cyber Threat Intelligence (GCTI) CREST Threat Intelligence Analyst GCIH, SC-200, AWS Security Specialty We're looking for someone who can interview in Jan and ideally start within a few weeks so please apply asap
Security Analyst 3-month contract My Customer is looking for a proactive Security Analyst to join their team and take ownership of monitoring, triaging, and responding to security alerts across their Microsoft security ecosystem. Strong experience troubleshooting and responding to alerts would be the main focus of the role. Strong expertise with Microsoft Defender and Sentinel is needed. Key Skills & Experience from the Security Analyst: Strong experience with Microsoft Sentinel (SIEM) and Microsoft Defender suite (Defender for Endpoint, Identity, Cloud, etc.). Proven track record in security monitoring, incident response, and alert troubleshooting . Working knowledge of SOAR platforms (preferably within Sentinel or similar). Understanding of threat detection, log analysis, and automation within Microsoft s security ecosystem. Experience with Tenable is beneficial Knowledge of Microsoft Purview would be beneficial Key Responsibilities of the Security Analyst: Monitor, investigate, and respond to security alerts and incidents in Microsoft Sentinel and Microsoft Defender . Perform detailed security event analysis and correlation, escalating incidents where necessary. Develop and optimise SOAR (Security Orchestration, Automation and Response) playbooks to enhance incident response and efficiency. Collaborate with wider IT and security teams to improve threat detection, incident handling, and response processes. Apply now to speak with VIQU IT in confidence about the Security Analyst role. Or reach out to Connor Smal via the VIQU IT website. Do you know someone great? We ll thank you with up to £1,000 if your referral is successful (terms apply). For more exciting roles and opportunities like this, please follow us on IT Recruitment.
Jan 06, 2026
Contractor
Security Analyst 3-month contract My Customer is looking for a proactive Security Analyst to join their team and take ownership of monitoring, triaging, and responding to security alerts across their Microsoft security ecosystem. Strong experience troubleshooting and responding to alerts would be the main focus of the role. Strong expertise with Microsoft Defender and Sentinel is needed. Key Skills & Experience from the Security Analyst: Strong experience with Microsoft Sentinel (SIEM) and Microsoft Defender suite (Defender for Endpoint, Identity, Cloud, etc.). Proven track record in security monitoring, incident response, and alert troubleshooting . Working knowledge of SOAR platforms (preferably within Sentinel or similar). Understanding of threat detection, log analysis, and automation within Microsoft s security ecosystem. Experience with Tenable is beneficial Knowledge of Microsoft Purview would be beneficial Key Responsibilities of the Security Analyst: Monitor, investigate, and respond to security alerts and incidents in Microsoft Sentinel and Microsoft Defender . Perform detailed security event analysis and correlation, escalating incidents where necessary. Develop and optimise SOAR (Security Orchestration, Automation and Response) playbooks to enhance incident response and efficiency. Collaborate with wider IT and security teams to improve threat detection, incident handling, and response processes. Apply now to speak with VIQU IT in confidence about the Security Analyst role. Or reach out to Connor Smal via the VIQU IT website. Do you know someone great? We ll thank you with up to £1,000 if your referral is successful (terms apply). For more exciting roles and opportunities like this, please follow us on IT Recruitment.
