We re Hiring: Senior Cyber Security Analyst Corsham I m currently looking for a Senior Cyber Security Analyst to join our SOC team at Computer Network Defence Ltd (CND). This is a key hire within our MSSP Security Operations Centre, offering the opportunity to take a lead role in incident analysis, client engagement, and mentoring junior analysts, while shaping how the SOC continues to evolve. The Role As a Senior Cyber Security Analyst, you will support the SOC Team Lead and play a central role in monitoring, triaging, and investigating security events across a range of client environments. You ll be working across SIEM platforms, vulnerability management tools, threat intelligence sources, and network telemetry to deliver effective detection and response. You will also take on client-facing responsibilities, presenting findings, trends, and insights, as well as contributing to reporting and continuous improvement within the SOC. Key Responsibilities Monitor, triage and investigate security alerts across multiple platforms Conduct in-depth incident analysis and support ongoing client investigations Act as deputy to the SOC Team Lead when required Review and assess escalated Tier 2 alerts for urgency and impact Deliver weekly and monthly reporting to clients and stakeholders Communicate security findings and trends directly to clients Support vulnerability management analysis and remediation efforts Lead false-positive reduction and SIEM tuning activities Mentor and support development of Tier 1 and junior analysts Contribute to SOC process improvement and operational efficiency Participate in incident response activities as part of the wider team Lead internal SOC initiatives and projects where required Create and deliver presentations for clients and internal teams What We re Looking For Strong experience within a SOC or cyber security operations environment Proven ability to investigate and analyse complex security incidents Experience with SIEM platforms, threat intelligence, and security tooling Strong stakeholder and client communication skills Ability to mentor and develop junior team members Proactive approach to problem-solving and continuous improvement Good understanding of current cyber threats, tactics and trends Package & Details Location: Isle of Man (relocation package)/Corsham Hours: 37.5 hours per week, plus on-call rota Working pattern: Monday to Friday, 09 00 (early Friday finish at 16:00, workload permitting) Clearance: SC Cleared This is a great opportunity for someone looking to step into a more senior, visible role within a growing SOC, with real influence over both technical delivery and team development.
Jun 11, 2026
Full time
We re Hiring: Senior Cyber Security Analyst Corsham I m currently looking for a Senior Cyber Security Analyst to join our SOC team at Computer Network Defence Ltd (CND). This is a key hire within our MSSP Security Operations Centre, offering the opportunity to take a lead role in incident analysis, client engagement, and mentoring junior analysts, while shaping how the SOC continues to evolve. The Role As a Senior Cyber Security Analyst, you will support the SOC Team Lead and play a central role in monitoring, triaging, and investigating security events across a range of client environments. You ll be working across SIEM platforms, vulnerability management tools, threat intelligence sources, and network telemetry to deliver effective detection and response. You will also take on client-facing responsibilities, presenting findings, trends, and insights, as well as contributing to reporting and continuous improvement within the SOC. Key Responsibilities Monitor, triage and investigate security alerts across multiple platforms Conduct in-depth incident analysis and support ongoing client investigations Act as deputy to the SOC Team Lead when required Review and assess escalated Tier 2 alerts for urgency and impact Deliver weekly and monthly reporting to clients and stakeholders Communicate security findings and trends directly to clients Support vulnerability management analysis and remediation efforts Lead false-positive reduction and SIEM tuning activities Mentor and support development of Tier 1 and junior analysts Contribute to SOC process improvement and operational efficiency Participate in incident response activities as part of the wider team Lead internal SOC initiatives and projects where required Create and deliver presentations for clients and internal teams What We re Looking For Strong experience within a SOC or cyber security operations environment Proven ability to investigate and analyse complex security incidents Experience with SIEM platforms, threat intelligence, and security tooling Strong stakeholder and client communication skills Ability to mentor and develop junior team members Proactive approach to problem-solving and continuous improvement Good understanding of current cyber threats, tactics and trends Package & Details Location: Isle of Man (relocation package)/Corsham Hours: 37.5 hours per week, plus on-call rota Working pattern: Monday to Friday, 09 00 (early Friday finish at 16:00, workload permitting) Clearance: SC Cleared This is a great opportunity for someone looking to step into a more senior, visible role within a growing SOC, with real influence over both technical delivery and team development.
Role: DV-Cleared Cyber Security Analyst / SOC Analyst Salary/Rate: £540-640 per day inside IR35 Location: on site Corsham 5x pw Contract Duration: contract until April 2027 We are currently looking for a Cyber Security Analyst / SOC Analyst for our government client. This Cyber Security Analyst / SOC Analyst role is based fully on site, 5 days per week in Corsham, over 13-hour shifts spanning days and nights, including weekends, 4 on 5 off, then 5 on 4 off. There is no further flexibility with the on-site requirement or office location. Security Clearance: Developed Vetting (DV Clearance) + sole UK national + Sensitive Post Check (which can take 3 months) The contract for this Cyber Security Analyst / SOC Analyst position is until April 2027, with potential to extend, operating inside IR35. This role is inside IR35 - Due to the service of the role, it will now be based on an Umbrella solution. Essential Skills / Experience required: Industry standard SOC Security qualifications (SANS, ISC2, etc.) Proven Tier 2/3 SOC Analyst experience (2 years+) Perform triage of security events ; determine scope, priority and impact, and make recommendations that enable expeditious remediation. Demonstratable experience working with SIEM technology and SIEM engineering (including tool configuration) i.e. ArcSight within an enterprise SOC. Experience in creation of use-cases, analytics and playbooks . An understanding of cloud Conduct real-time management of security incidents from detection to resolution. Technical Knowledge within anti-virus, networking, vulnerability management, encryption, Microsoft technologies, Linux. Knowledge of Information Security standards , legislation and practices, including GDPR & Data Protection Act 2018. Experience in dealing with a wide range of Information Security matters and operating in an ITIL based environment. Strong problem-solving ability, with flexibility to think creatively and adapt to and implement rapidly changing systems and services. Incident management experience and an ability to quickly tailor responses to deal with fast-moving situations. Highly desirable: Degree level qualification; preferably in technical, engineering or computing subject. Lead experience but would take a Tier 2 Analyst. Defence experience Role / Responsibilities: Responsible for supporting information security delivery work, including the development and implementation of Information Security Policies, Standards, processes and guidance. Responsibility for the security of Digital infrastructure by proactively analysing security threats/challenges/risks to the environment, including conducting penetration testing and compliance reviews monitoring of Information Security and information management to ensure compliance including reviewing and monitoring system and network logs for malicious activity or unacceptable use. If you are interested in the above role, please click Apply Now and send a CV for quick review. As a member of the Disability Confident Scheme, Circle and our Client guarantees to interview all candidates who have a disability and who meet all the essential criteria for the vacancy. In cases where we have a high volume of candidates who have a disability who meet all the essential criteria, we will interview the best candidates from within that group. Our client is proud to support the Armed Forces Covenant and as such, they guarantee to interview all veterans, spouses / partners of military personnel who meet all the essential criteria for the vacancy. In cases where they have a high volume of ex-military candidates / military spouses, partners, who meet all of the essential criteria, they will interview the best candidates from within that group. If you qualify, please notify us on igs at circlerecruitment dot com. We will be in touch to discuss your suitability and arrange your guaranteed interview. Should you require reasonable adjustments at any point during the recruitment process, if there is a better way for us to communicate, please do let us know. Circle Recruitment is acting as an Employment Agency in relation to this vacancy. Earn yourself a referral bonus if you refer somebody else who fills the role! We also offer an iPad if you refer a new client to us and we recruit for them. Follow us on Facebook - Circle Recruitment , Twitter and LinkedIn - Circle Recruitment.
Jun 11, 2026
Contractor
Role: DV-Cleared Cyber Security Analyst / SOC Analyst Salary/Rate: £540-640 per day inside IR35 Location: on site Corsham 5x pw Contract Duration: contract until April 2027 We are currently looking for a Cyber Security Analyst / SOC Analyst for our government client. This Cyber Security Analyst / SOC Analyst role is based fully on site, 5 days per week in Corsham, over 13-hour shifts spanning days and nights, including weekends, 4 on 5 off, then 5 on 4 off. There is no further flexibility with the on-site requirement or office location. Security Clearance: Developed Vetting (DV Clearance) + sole UK national + Sensitive Post Check (which can take 3 months) The contract for this Cyber Security Analyst / SOC Analyst position is until April 2027, with potential to extend, operating inside IR35. This role is inside IR35 - Due to the service of the role, it will now be based on an Umbrella solution. Essential Skills / Experience required: Industry standard SOC Security qualifications (SANS, ISC2, etc.) Proven Tier 2/3 SOC Analyst experience (2 years+) Perform triage of security events ; determine scope, priority and impact, and make recommendations that enable expeditious remediation. Demonstratable experience working with SIEM technology and SIEM engineering (including tool configuration) i.e. ArcSight within an enterprise SOC. Experience in creation of use-cases, analytics and playbooks . An understanding of cloud Conduct real-time management of security incidents from detection to resolution. Technical Knowledge within anti-virus, networking, vulnerability management, encryption, Microsoft technologies, Linux. Knowledge of Information Security standards , legislation and practices, including GDPR & Data Protection Act 2018. Experience in dealing with a wide range of Information Security matters and operating in an ITIL based environment. Strong problem-solving ability, with flexibility to think creatively and adapt to and implement rapidly changing systems and services. Incident management experience and an ability to quickly tailor responses to deal with fast-moving situations. Highly desirable: Degree level qualification; preferably in technical, engineering or computing subject. Lead experience but would take a Tier 2 Analyst. Defence experience Role / Responsibilities: Responsible for supporting information security delivery work, including the development and implementation of Information Security Policies, Standards, processes and guidance. Responsibility for the security of Digital infrastructure by proactively analysing security threats/challenges/risks to the environment, including conducting penetration testing and compliance reviews monitoring of Information Security and information management to ensure compliance including reviewing and monitoring system and network logs for malicious activity or unacceptable use. If you are interested in the above role, please click Apply Now and send a CV for quick review. As a member of the Disability Confident Scheme, Circle and our Client guarantees to interview all candidates who have a disability and who meet all the essential criteria for the vacancy. In cases where we have a high volume of candidates who have a disability who meet all the essential criteria, we will interview the best candidates from within that group. Our client is proud to support the Armed Forces Covenant and as such, they guarantee to interview all veterans, spouses / partners of military personnel who meet all the essential criteria for the vacancy. In cases where they have a high volume of ex-military candidates / military spouses, partners, who meet all of the essential criteria, they will interview the best candidates from within that group. If you qualify, please notify us on igs at circlerecruitment dot com. We will be in touch to discuss your suitability and arrange your guaranteed interview. Should you require reasonable adjustments at any point during the recruitment process, if there is a better way for us to communicate, please do let us know. Circle Recruitment is acting as an Employment Agency in relation to this vacancy. Earn yourself a referral bonus if you refer somebody else who fills the role! We also offer an iPad if you refer a new client to us and we recruit for them. Follow us on Facebook - Circle Recruitment , Twitter and LinkedIn - Circle Recruitment.
SOC Analyst (Contract) - SC Cleared Required Location: Cheltenham (Remote - UK Based) Rate: 500 - 685 per day (Umbrella, Inside IR35) Contract Length: 3 Months SC Clearence: Due to the sensitive nature of the work, candidates must hold active UK Government Security Clearance (SC) . The Opportunity We are looking for a SOC Analyst to join a high-performing Security Operations Centre (SOC) team delivering critical cyber defence capabilities within a secure client environment. This is an exciting opportunity to work on impactful projects, collaborating with experienced security professionals while gaining hands-on exposure to real-world cyber threats in a fast-paced, dynamic setting. Key Responsibilities As a SOC Analyst, you will: Monitor, triage, and respond to security alerts and incidents Investigate and analyse potential threats across multiple environments Escalate security events in line with defined processes Support continuous improvement through alert tuning and optimisation recommendations Produce clear and concise incident and performance reports Maintain awareness of the latest cyber threats, vulnerabilities, and attack techniques Collaborate with wider security teams to strengthen detection and response capabilities Skills & Experience Required Prior experience (1-2 years desirable) in a SOC Analyst or similar security role Strong understanding of: Computer networks Operating systems (Windows/Linux) Software, hardware, and general IT infrastructure Awareness of cybersecurity risks across technologies and how to mitigate them Working knowledge of security technologies, including: Network & application firewalls Host Intrusion Prevention Systems (HIPS) Antivirus / endpoint protection tools Relevant academic qualifications or industry training (e.g., Cyber Security, IT Security)
Jun 11, 2026
Contractor
SOC Analyst (Contract) - SC Cleared Required Location: Cheltenham (Remote - UK Based) Rate: 500 - 685 per day (Umbrella, Inside IR35) Contract Length: 3 Months SC Clearence: Due to the sensitive nature of the work, candidates must hold active UK Government Security Clearance (SC) . The Opportunity We are looking for a SOC Analyst to join a high-performing Security Operations Centre (SOC) team delivering critical cyber defence capabilities within a secure client environment. This is an exciting opportunity to work on impactful projects, collaborating with experienced security professionals while gaining hands-on exposure to real-world cyber threats in a fast-paced, dynamic setting. Key Responsibilities As a SOC Analyst, you will: Monitor, triage, and respond to security alerts and incidents Investigate and analyse potential threats across multiple environments Escalate security events in line with defined processes Support continuous improvement through alert tuning and optimisation recommendations Produce clear and concise incident and performance reports Maintain awareness of the latest cyber threats, vulnerabilities, and attack techniques Collaborate with wider security teams to strengthen detection and response capabilities Skills & Experience Required Prior experience (1-2 years desirable) in a SOC Analyst or similar security role Strong understanding of: Computer networks Operating systems (Windows/Linux) Software, hardware, and general IT infrastructure Awareness of cybersecurity risks across technologies and how to mitigate them Working knowledge of security technologies, including: Network & application firewalls Host Intrusion Prevention Systems (HIPS) Antivirus / endpoint protection tools Relevant academic qualifications or industry training (e.g., Cyber Security, IT Security)
Sanderson Government & Defence
Hemel Hempstead, Hertfordshire
L2 SOC Analyst (Perm) - SC/DV Clearable Location : Hemel Hempstead Salary: £40,000 - £58,000 + 20% Shift Allowance Shift Pattern: 4 on, 4 off (12 hour shifts) Clearance: SC Cleared (Must be eligible for DV) Contingency: Must be a sole British National Sanderson G&D are seeking multiple SOC Analysts to join a fast-growing Security Operations Centre, where you'll help defend multiple organisations across a wide range of industries - from critical infrastructure to complex enterprise environments. As part of a SOC team, you'll play a key role in strengthening and maturing services, helping deliver smart, efficient and high-impact security outcomes for clients. What you'll be doing: Monitoring and analysing security alerts and events, conducting initial investigations responding. Escalating complex incidents to Senior Analysts for deeper analysis and resolution. Managing SOC incident queues. Maintaining and improving asset baselines across customer environments. Producing clear, insightful reports for both technical and non-technical audiences. Enhancing detection rules and use cases aligned to MITRE ATT&CK and threat-informed defence. What you'll bring: Hands-on experience with Microsoft Sentinel and Splunk. Knowledge of the MITRE ATT&CK framework. Understanding of Client Server and multi-tier applications, databases, Firewalls, VPNs and endpoint security. Solid networking fundamentals (TCP/IP, LAN/WAN, HTTP, SMTP, FTP, LDAP, etc.). Strong analytical thinking and structured problem-solving. An entry-level cyber security certification (eg Security+, CEH, CPSA) or similar. if you're interested in the above, apply or reach out to (see below) Reasonable Adjustments: Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients. If you need any help or adjustments during the recruitment process for any reason , please let us know when you apply or talk to the recruiters directly so we can support you.
Jun 11, 2026
Full time
L2 SOC Analyst (Perm) - SC/DV Clearable Location : Hemel Hempstead Salary: £40,000 - £58,000 + 20% Shift Allowance Shift Pattern: 4 on, 4 off (12 hour shifts) Clearance: SC Cleared (Must be eligible for DV) Contingency: Must be a sole British National Sanderson G&D are seeking multiple SOC Analysts to join a fast-growing Security Operations Centre, where you'll help defend multiple organisations across a wide range of industries - from critical infrastructure to complex enterprise environments. As part of a SOC team, you'll play a key role in strengthening and maturing services, helping deliver smart, efficient and high-impact security outcomes for clients. What you'll be doing: Monitoring and analysing security alerts and events, conducting initial investigations responding. Escalating complex incidents to Senior Analysts for deeper analysis and resolution. Managing SOC incident queues. Maintaining and improving asset baselines across customer environments. Producing clear, insightful reports for both technical and non-technical audiences. Enhancing detection rules and use cases aligned to MITRE ATT&CK and threat-informed defence. What you'll bring: Hands-on experience with Microsoft Sentinel and Splunk. Knowledge of the MITRE ATT&CK framework. Understanding of Client Server and multi-tier applications, databases, Firewalls, VPNs and endpoint security. Solid networking fundamentals (TCP/IP, LAN/WAN, HTTP, SMTP, FTP, LDAP, etc.). Strong analytical thinking and structured problem-solving. An entry-level cyber security certification (eg Security+, CEH, CPSA) or similar. if you're interested in the above, apply or reach out to (see below) Reasonable Adjustments: Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients. If you need any help or adjustments during the recruitment process for any reason , please let us know when you apply or talk to the recruiters directly so we can support you.
CBSbutler Holdings Limited trading as CBSbutler
Corsham, Wiltshire
Senior SOC Analyst +9 months + +DV cleared role - current active DV clearance is essential +Inside IR35 + 575 - 650 a day +Corsham / Portsmouth We are seeking an experienced Senior SOC Analyst to join a high-performing Cyber Security Operations Centre supporting critical national security environments. This is an opportunity to work at the forefront of cyber defence, leading threat detection, incident response, vulnerability management, and continuous improvement of security monitoring capabilities. As a Senior SOC Analyst, you will play a key role in protecting complex enterprise environments through the management and optimisation of security tooling, threat detection, incident response, and forensic investigations. You will work closely with internal and external stakeholders to enhance SOC capabilities, improve security visibility, and strengthen cyber resilience. Key Responsibilities Maintain and optimise SOC Protect, Detect and Respond tooling. Configure, implement and support new security monitoring technologies. Develop detection rules, correlation logic, automation scripts and response playbooks. Manage vulnerability scanning platforms and contribute to wider SOC strategy. Integrate and onboard standard and non-standard log sources into SIEM platforms. Monitor, investigate and respond to security incidents and emerging threats. Conduct forensic investigations and malware analysis, producing actionable intelligence and Indicators of Compromise (IoCs). Tune and enhance SIEM, SOAR, EDR, DLP, email security and intrusion detection technologies. Analyse attacker tactics, techniques and procedures (TTPs) using frameworks such as MITRE ATT&CK. Produce dashboards, reports and recommendations to improve security posture. Ensure adherence to operational processes, SLAs, KPIs and security policies. Drive continuous improvement across SOC processes, tooling and service delivery. Essential Skills & Experience Current Developed Vetting (DV) Clearance . Strong experience administering and tuning SIEM and SOAR platforms. Hands-on experience with technologies such as Elastic, Trend Micro, Tripwire, Tanium, Clearswift and SolarWinds . Experience in threat hunting, incident response, digital forensics and malware analysis. Strong understanding of Windows and Linux environments. Experience writing and tuning detection signatures, correlation rules and monitoring use cases. Knowledge of log collection, aggregation and analysis technologies including ELK Stack, Syslog and Windows Event Forwarding. Experience with scripting and automation using Python, PowerShell, Bash, Perl or similar. Understanding of network forensics, threat intelligence and cyber threat detection methodologies. Knowledge of ISO 27001:2022 , MITRE ATT&CK , and IT Service Management principles. If you'd like to discuss this Senior SOC Analyst in more detail, please send your updated CV to (url removed) and I will get in touch.
Jun 11, 2026
Contractor
Senior SOC Analyst +9 months + +DV cleared role - current active DV clearance is essential +Inside IR35 + 575 - 650 a day +Corsham / Portsmouth We are seeking an experienced Senior SOC Analyst to join a high-performing Cyber Security Operations Centre supporting critical national security environments. This is an opportunity to work at the forefront of cyber defence, leading threat detection, incident response, vulnerability management, and continuous improvement of security monitoring capabilities. As a Senior SOC Analyst, you will play a key role in protecting complex enterprise environments through the management and optimisation of security tooling, threat detection, incident response, and forensic investigations. You will work closely with internal and external stakeholders to enhance SOC capabilities, improve security visibility, and strengthen cyber resilience. Key Responsibilities Maintain and optimise SOC Protect, Detect and Respond tooling. Configure, implement and support new security monitoring technologies. Develop detection rules, correlation logic, automation scripts and response playbooks. Manage vulnerability scanning platforms and contribute to wider SOC strategy. Integrate and onboard standard and non-standard log sources into SIEM platforms. Monitor, investigate and respond to security incidents and emerging threats. Conduct forensic investigations and malware analysis, producing actionable intelligence and Indicators of Compromise (IoCs). Tune and enhance SIEM, SOAR, EDR, DLP, email security and intrusion detection technologies. Analyse attacker tactics, techniques and procedures (TTPs) using frameworks such as MITRE ATT&CK. Produce dashboards, reports and recommendations to improve security posture. Ensure adherence to operational processes, SLAs, KPIs and security policies. Drive continuous improvement across SOC processes, tooling and service delivery. Essential Skills & Experience Current Developed Vetting (DV) Clearance . Strong experience administering and tuning SIEM and SOAR platforms. Hands-on experience with technologies such as Elastic, Trend Micro, Tripwire, Tanium, Clearswift and SolarWinds . Experience in threat hunting, incident response, digital forensics and malware analysis. Strong understanding of Windows and Linux environments. Experience writing and tuning detection signatures, correlation rules and monitoring use cases. Knowledge of log collection, aggregation and analysis technologies including ELK Stack, Syslog and Windows Event Forwarding. Experience with scripting and automation using Python, PowerShell, Bash, Perl or similar. Understanding of network forensics, threat intelligence and cyber threat detection methodologies. Knowledge of ISO 27001:2022 , MITRE ATT&CK , and IT Service Management principles. If you'd like to discuss this Senior SOC Analyst in more detail, please send your updated CV to (url removed) and I will get in touch.
Security Monitoring & SIEM Analyst Location: Berkshire (Onsite) Salary: 45,000 - 60,000 + excellent benefits & training Security Clearance: Ideally SC Cleared or eligible for SC (UK Nationals only) Company Overview An exciting opportunity to join a global technology organisation with a well-established cyber security capability supporting mission-critical environments. Cyber security is central to the organisation's strategy, with ongoing investment in tooling, threat intelligence, and specialist talent. The security function operates at a mature level, combining Security Operations, threat detection, incident response, and continuous improvement practices to defend against evolving threats. Role Overview As a Security Monitoring & SIEM Analyst, you will play a key role within the Security Operations function, focused on real-time detection, investigation, and response to cyber threats using SIEM and security tooling. This role combines hands-on SIEM analysis, alert triage, investigation, and detection improvement, alongside exposure to incident response and proactive threat detection activities. You will work across multiple data sources to identify suspicious behaviour, analyse events, and support the organisation's cyber defence posture through effective monitoring and rapid response. Key Responsibilities Monitor, analyse, and investigate security alerts across SIEM and security tooling Conduct detailed investigations across log, endpoint, identity, and network telemetry Develop and optimise detection logic and SIEM queries to improve alert fidelity Analyse security events and correlate activity across multiple data sources Support incident response activities, including containment, escalation, and remediation Perform IOC analysis, enrichment, and validation using threat intelligence sources Identify gaps in detection capabilities and contribute to continuous improvement Work closely with infrastructure, SOC, and incident response teams to enhance response capability Produce clear and structured investigation reports and escalation summaries Skills & Experience Required Core SIEM & Detection Skills Strong knowledge of SIEM platforms (e.g. Microsoft Sentinel, Splunk, Elastic) Experience writing and tuning queries using: o Kusto Query Language (KQL) o ES QL / Kibana Query Language o Splunk SPL Understanding of event correlation, alerting, and detection use-case development Technical Foundations Strong knowledge of: o Linux and Windows operating systems o Core networking concepts (TCP/IP, DNS, HTTP/S, firewalls, VPNs) Experience analysing logs across: o Endpoint, identity, network, and cloud environments Threat Detection & Security Tooling Strong knowledge of: o EDR/XDR concepts and workflows o IDS/IPS technologies and signature-based detection Experience working with tools such as: o Microsoft Defender, CrowdStrike, SentinelOne, or similar Threat & Adversary Knowledge Understanding of attacker Tactics, Techniques and Procedures (TTPs) and how they manifest in logs and telemetry Familiarity with MITRE ATT&CK framework Evidence of staying up to date with: o Emerging threats o Adversary tradecraft o Defensive techniques Incident Handling & Investigation Experience handling security incidents through: o Detection and triage o Investigation and analysis o Handover to Incident Response teams Strong understanding of: o Incident management processes o Host-based forensic concepts Ability to apply post-incident review (PIR) learnings to improve detection and response Desirable Experience Experience within a SOC or cyber defence environment Exposure to threat hunting or detection engineering Experience in high-security or regulated environments Certifications (Beneficial) Microsoft SC-200 (Security Operations Analyst) GIAC / SANS certifications (GCIH, GCIA, GCED, etc.) CREST (CPIA, CRIA, CCTIA, CCBTP) Other recognised cyber security certifications Why Join? Work within a mature Security Operations environment Exposure to advanced SIEM tooling and large-scale environments Strong investment in training, certifications, and progression Opportunity to develop into: o Senior SIEM Analyst o Detection Engineer o Threat Hunter About Adecco Adecco is acting as an Employment Agency. We are proud to be an equal opportunities employer. We are on the client's supplier list for this role.
Jun 10, 2026
Full time
Security Monitoring & SIEM Analyst Location: Berkshire (Onsite) Salary: 45,000 - 60,000 + excellent benefits & training Security Clearance: Ideally SC Cleared or eligible for SC (UK Nationals only) Company Overview An exciting opportunity to join a global technology organisation with a well-established cyber security capability supporting mission-critical environments. Cyber security is central to the organisation's strategy, with ongoing investment in tooling, threat intelligence, and specialist talent. The security function operates at a mature level, combining Security Operations, threat detection, incident response, and continuous improvement practices to defend against evolving threats. Role Overview As a Security Monitoring & SIEM Analyst, you will play a key role within the Security Operations function, focused on real-time detection, investigation, and response to cyber threats using SIEM and security tooling. This role combines hands-on SIEM analysis, alert triage, investigation, and detection improvement, alongside exposure to incident response and proactive threat detection activities. You will work across multiple data sources to identify suspicious behaviour, analyse events, and support the organisation's cyber defence posture through effective monitoring and rapid response. Key Responsibilities Monitor, analyse, and investigate security alerts across SIEM and security tooling Conduct detailed investigations across log, endpoint, identity, and network telemetry Develop and optimise detection logic and SIEM queries to improve alert fidelity Analyse security events and correlate activity across multiple data sources Support incident response activities, including containment, escalation, and remediation Perform IOC analysis, enrichment, and validation using threat intelligence sources Identify gaps in detection capabilities and contribute to continuous improvement Work closely with infrastructure, SOC, and incident response teams to enhance response capability Produce clear and structured investigation reports and escalation summaries Skills & Experience Required Core SIEM & Detection Skills Strong knowledge of SIEM platforms (e.g. Microsoft Sentinel, Splunk, Elastic) Experience writing and tuning queries using: o Kusto Query Language (KQL) o ES QL / Kibana Query Language o Splunk SPL Understanding of event correlation, alerting, and detection use-case development Technical Foundations Strong knowledge of: o Linux and Windows operating systems o Core networking concepts (TCP/IP, DNS, HTTP/S, firewalls, VPNs) Experience analysing logs across: o Endpoint, identity, network, and cloud environments Threat Detection & Security Tooling Strong knowledge of: o EDR/XDR concepts and workflows o IDS/IPS technologies and signature-based detection Experience working with tools such as: o Microsoft Defender, CrowdStrike, SentinelOne, or similar Threat & Adversary Knowledge Understanding of attacker Tactics, Techniques and Procedures (TTPs) and how they manifest in logs and telemetry Familiarity with MITRE ATT&CK framework Evidence of staying up to date with: o Emerging threats o Adversary tradecraft o Defensive techniques Incident Handling & Investigation Experience handling security incidents through: o Detection and triage o Investigation and analysis o Handover to Incident Response teams Strong understanding of: o Incident management processes o Host-based forensic concepts Ability to apply post-incident review (PIR) learnings to improve detection and response Desirable Experience Experience within a SOC or cyber defence environment Exposure to threat hunting or detection engineering Experience in high-security or regulated environments Certifications (Beneficial) Microsoft SC-200 (Security Operations Analyst) GIAC / SANS certifications (GCIH, GCIA, GCED, etc.) CREST (CPIA, CRIA, CCTIA, CCBTP) Other recognised cyber security certifications Why Join? Work within a mature Security Operations environment Exposure to advanced SIEM tooling and large-scale environments Strong investment in training, certifications, and progression Opportunity to develop into: o Senior SIEM Analyst o Detection Engineer o Threat Hunter About Adecco Adecco is acting as an Employment Agency. We are proud to be an equal opportunities employer. We are on the client's supplier list for this role.
Job Title: DV Cleared Cyber Security Operations - Senior Analyst Location: Corsham 5 days Duration: Until 31/12/2026 Rate: Up to 850 per day via an approved umbrella company Must be willing and eligible to go through the DV clearance process Are you an experienced cyber security professional with a passion for protecting critical assets? Our client, a reputable organisation, is hiring for a Senior Analyst to join their Cyber Security Operations team. This is a fantastic opportunity to work within a dynamic environment, supporting the delivery of essential security controls aligned with the NIST Cyber Security Framework. What you'll be doing: Maintain and optimise SOC PROTECT, DETECT, and RESPOND toolsets, including SIEM, SOAR, and vulnerability scanning tools. Support the development, configuration, and automation of security tooling to enhance threat detection and incident response. Conduct forensic analysis, malware reverse engineering, and develop IOCs and detection signatures. Manage and integrate logs from various sources, ensuring full visibility and compliance. Analyse attacker TTPs and manage threat intelligence, including incident assessment and reporting. Collaborate with stakeholders to ensure operational effectiveness and continuous process improvement. Maintain knowledge of current cyber threats and emerging trends. What you'll bring: Proven hands-on experience with SIEM and SOAR platforms such as Trend, Elastic, or SolarWinds. Strong understanding of Windows and Linux OS, log collection, and threat detection techniques. Ability to create and modify detection rules, automate scripts, and correlate data from multiple sources. Knowledge of malware analysis, threat intelligence, and forensic techniques. Current DV clearance is essential. Skills in Python, PowerShell, BASH, or similar scripting languages. Familiarity with ISO 27001, MITRE ATT&CK, and ITIL frameworks. Desired skills: Certifications like CompTIA Security+, CySA+, PenTest+, or MCSE. Experience with network forensics and intrusion detection systems. Join a forward-thinking team where your expertise will make a real impact. If you're ready to take on a challenging role in cyber security, apply now to support our client's mission to stay ahead of evolving threats. If you receive suspicious outreach claiming to be from us, please contact us via the ManpowerGroup website.
Jun 10, 2026
Contractor
Job Title: DV Cleared Cyber Security Operations - Senior Analyst Location: Corsham 5 days Duration: Until 31/12/2026 Rate: Up to 850 per day via an approved umbrella company Must be willing and eligible to go through the DV clearance process Are you an experienced cyber security professional with a passion for protecting critical assets? Our client, a reputable organisation, is hiring for a Senior Analyst to join their Cyber Security Operations team. This is a fantastic opportunity to work within a dynamic environment, supporting the delivery of essential security controls aligned with the NIST Cyber Security Framework. What you'll be doing: Maintain and optimise SOC PROTECT, DETECT, and RESPOND toolsets, including SIEM, SOAR, and vulnerability scanning tools. Support the development, configuration, and automation of security tooling to enhance threat detection and incident response. Conduct forensic analysis, malware reverse engineering, and develop IOCs and detection signatures. Manage and integrate logs from various sources, ensuring full visibility and compliance. Analyse attacker TTPs and manage threat intelligence, including incident assessment and reporting. Collaborate with stakeholders to ensure operational effectiveness and continuous process improvement. Maintain knowledge of current cyber threats and emerging trends. What you'll bring: Proven hands-on experience with SIEM and SOAR platforms such as Trend, Elastic, or SolarWinds. Strong understanding of Windows and Linux OS, log collection, and threat detection techniques. Ability to create and modify detection rules, automate scripts, and correlate data from multiple sources. Knowledge of malware analysis, threat intelligence, and forensic techniques. Current DV clearance is essential. Skills in Python, PowerShell, BASH, or similar scripting languages. Familiarity with ISO 27001, MITRE ATT&CK, and ITIL frameworks. Desired skills: Certifications like CompTIA Security+, CySA+, PenTest+, or MCSE. Experience with network forensics and intrusion detection systems. Join a forward-thinking team where your expertise will make a real impact. If you're ready to take on a challenging role in cyber security, apply now to support our client's mission to stay ahead of evolving threats. If you receive suspicious outreach claiming to be from us, please contact us via the ManpowerGroup website.
DevOps Engineer SC cleared Permanent Flexible AWS Terraform SC Cleared At Peregrine, we re always seeking Specialist Talent that have the ideal mix of skills, experience, and attitude, to place with our vast array of clients. From Business Analysts in large government organisations to Software Developers in the private sector we are always in search of the best talent to place, now. The role: We are seeking an SC cleared DevOps Engineer to work as a forward deployed engineer, embedded within the Cyber Capability Unit. The role will support the design, build and deployment of AI powered solutions that strengthen cyber security and fraud prevention capabilities. You will work closely with engineers, product owners and stakeholders to understand operational needs, develop prototypes and deploy secure, reliable solutions within approved platforms and environments. This role directly supports the Cyber Resilience Centre s mission and contributes to the wider security strategy by delivering practical, governed AI solutions that provide measurable operational value. Responsibilities: Cloud and Platform Integration Design and deploy solutions in AWS cloud environments Use infrastructure as code to ensure repeatable and compliant deployments Ensure all solutions meet organisational governance, security and compliance standards CI/CD and Automation Configure, manage and maintain GitLab CI pipelines Automate testing, build and deployment of infrastructure, applications and services Promote best practice DevOps ways of working across environments Testing and Quality Implement unit, integration and performance testing for all components Ensure solutions are reliable, reproducible and stable across releases Support continuous improvement of testing practices Monitoring and Incident Response Implement observability and monitoring tooling Track system performance and detect anomalies Support incident response, troubleshooting and root cause analysis in live environments Collaboration and Delivery Work closely with engineers, analysts and stakeholders Translate requirements into working technical solutions Support deployment, handover and ongoing optimisation of delivered capabilities Skills & Experience: Active SC clearance Strong experience deploying and operating solutions in AWS Infrastructure as code using Terraform CI/CD pipeline development using GitLab CI Experience with monitoring, logging and alerting tools Understanding of secure DevOps practices in regulated environments Experience working with large data stores or big data platforms Desirable skills: Experience supporting AI or data driven platforms Knowledge of cyber security or fraud prevention domains Experience working within government or critical national infrastructure environments About Peregrine We build workforces that deliver tech and change programmes at leading UK organisations. By combining data science from Peregrine Intelligence, our industry-accredited Peregrine Academy, and market-leading attraction and diversity initiatives, we bridge capability gaps at all levels in public and private sector organisations. We work closely with our clients to understand their challenges and deliver flexible, long-term solutions that make a real difference. When you join Peregrine, you become part of a team that s focused on growth, both yours, our clients , and the sectors we support. You ll also get access to a full range of benefits alongside your salary. How Specialist Talent Works As a permanent employee at Peregrine, you ll be part of our Specialist Talent team. That means you ll work on-site or remotely with our clients, supporting them on complex, high-impact projects in Data, Digital and Business Transformation. You ll get the variety and challenge of consultancy work, with the stability and support of a permanent role. You re not a contractor - you re a valued member of our team, with access to all the same benefits, learning opportunities, and community. Find out more: peregrine.global or check out our LinkedIn page: peregrin e- resourcing
Jun 05, 2026
Full time
DevOps Engineer SC cleared Permanent Flexible AWS Terraform SC Cleared At Peregrine, we re always seeking Specialist Talent that have the ideal mix of skills, experience, and attitude, to place with our vast array of clients. From Business Analysts in large government organisations to Software Developers in the private sector we are always in search of the best talent to place, now. The role: We are seeking an SC cleared DevOps Engineer to work as a forward deployed engineer, embedded within the Cyber Capability Unit. The role will support the design, build and deployment of AI powered solutions that strengthen cyber security and fraud prevention capabilities. You will work closely with engineers, product owners and stakeholders to understand operational needs, develop prototypes and deploy secure, reliable solutions within approved platforms and environments. This role directly supports the Cyber Resilience Centre s mission and contributes to the wider security strategy by delivering practical, governed AI solutions that provide measurable operational value. Responsibilities: Cloud and Platform Integration Design and deploy solutions in AWS cloud environments Use infrastructure as code to ensure repeatable and compliant deployments Ensure all solutions meet organisational governance, security and compliance standards CI/CD and Automation Configure, manage and maintain GitLab CI pipelines Automate testing, build and deployment of infrastructure, applications and services Promote best practice DevOps ways of working across environments Testing and Quality Implement unit, integration and performance testing for all components Ensure solutions are reliable, reproducible and stable across releases Support continuous improvement of testing practices Monitoring and Incident Response Implement observability and monitoring tooling Track system performance and detect anomalies Support incident response, troubleshooting and root cause analysis in live environments Collaboration and Delivery Work closely with engineers, analysts and stakeholders Translate requirements into working technical solutions Support deployment, handover and ongoing optimisation of delivered capabilities Skills & Experience: Active SC clearance Strong experience deploying and operating solutions in AWS Infrastructure as code using Terraform CI/CD pipeline development using GitLab CI Experience with monitoring, logging and alerting tools Understanding of secure DevOps practices in regulated environments Experience working with large data stores or big data platforms Desirable skills: Experience supporting AI or data driven platforms Knowledge of cyber security or fraud prevention domains Experience working within government or critical national infrastructure environments About Peregrine We build workforces that deliver tech and change programmes at leading UK organisations. By combining data science from Peregrine Intelligence, our industry-accredited Peregrine Academy, and market-leading attraction and diversity initiatives, we bridge capability gaps at all levels in public and private sector organisations. We work closely with our clients to understand their challenges and deliver flexible, long-term solutions that make a real difference. When you join Peregrine, you become part of a team that s focused on growth, both yours, our clients , and the sectors we support. You ll also get access to a full range of benefits alongside your salary. How Specialist Talent Works As a permanent employee at Peregrine, you ll be part of our Specialist Talent team. That means you ll work on-site or remotely with our clients, supporting them on complex, high-impact projects in Data, Digital and Business Transformation. You ll get the variety and challenge of consultancy work, with the stability and support of a permanent role. You re not a contractor - you re a valued member of our team, with access to all the same benefits, learning opportunities, and community. Find out more: peregrine.global or check out our LinkedIn page: peregrin e- resourcing
SIEM Analyst / Cyber Threat Detection Analyst - SANS/GIAC Cyber Threat Detection Analyst Location: Wokingham, Berkshire (On-site) Salary: Competitive (dependent on experience) + excellent benefits & training Security Clearance: Ideally SC Cleared or eligible for SC Role Overview As a SIEM Analyst Cyber Threat Detection, you will play a hands-on role within an advanced cyber defence function, focused on proactive threat hunting, adversary behaviour analysis, and high-fidelity threat detection across enterprise environments. This role goes beyond reactive alert handling. You will actively hunt for malicious activity using telemetry, SIEM data, and threat intelligence, develop hypotheses based on MITRE ATT&CK Tactics, Techniques, and Procedures (TTPs), and support incident management and response activities when threats are identified. We are open to experienced SOC Analysts where threat hunting, investigations, and proactive detection have formed a significant part of their role, and who are looking to further develop in a more hunting-led environment. This position is well suited to analysts who enjoy thinking like an attacker, have worked alongside or supported red team or purple team activities, and want to deepen their expertise in threat detection and detection engineering. Skills & Experience We're Seeking Experience in threat hunting, cyber threat detection, SOC, blue team, or cyber defence environments, with ideally around five years hands on experience. Strong hands-on experience using SIEM platforms, including: Microsoft Sentinel (KQL) Splunk (SPL) Elastic Security/Kibana (KQL, ESQL) Practical and operational understanding of MITRE ATT&CK, attacker techniques, and adversary tradecraft Experience working with Indicators of Compromise (IOCs) and threat intelligence feeds Solid experience across the security event life cycle, including detection, investigation, and incident management Hands-on experience with EDR/XDR technologies such as Microsoft Defender, CrowdStrike, SentinelOne, or Carbon Black Strong knowledge of networking fundamentals (TCP/IP, DNS, HTTP/S, Firewalls, VPNs, Proxy technologies) Experience analysing telemetry from Windows, Linux, identity, endpoint, and network sources Strong analytical mindset with the ability to clearly communicate findings, impact, and risk Key Responsibilities Conduct proactive threat hunting activities across log, endpoint, and network telemetry to identify suspicious, stealthy, or previously unknown threats Develop and execute hunt hypotheses aligned to MITRE ATT&CK TTPs, adversary behaviours, and emerging threat intelligence Write, refine, and optimise SIEM queries using KQL, SPL, Elastic/ESQL, and Kibana Query Language Perform IOC analysis, enrichment, and validation, integrating internal and external threat intelligence sources Lead investigations from initial detection through scoping, root cause analysis, and impact assessment Support incident management and incident response activities, including containment, remediation, escalation, and lessons learned Collaborate closely with SOC teams, incident responders, red teams, and purple teams to validate detections and improve defensive coverage Contribute to detection logic improvements, use-case development, and continuous enhancement of hunting methodologies Produce clear investigation write-ups, timelines, and recommendations for technical and non-technical stakeholders Security Certifications (Highly Beneficial) SANS/GIAC certifications, including but not limited to: GCIH - Incident Handler GCIA - Intrusion Analyst GCED - Enterprise Defender GCTI - Cyber Threat Intelligence GMON - Continuous Monitoring GDAT - Defending Advanced Threats GCAT - Advanced Threat Intelligence OSCP or equivalent offensive security qualifications Crest certifications, such as: Crest Practitioner Intrusion Analyst (CPIA) Crest Registered Intrusion Analyst (CRIA) Crest Certified Threat Intelligence Analyst (CCTIA) Crest Certified Blue Team Professional (CCBTP) Microsoft SC-200 or related detection and response certifications Other recognised cyber security or threat intelligence credentials
Jun 05, 2026
Full time
SIEM Analyst / Cyber Threat Detection Analyst - SANS/GIAC Cyber Threat Detection Analyst Location: Wokingham, Berkshire (On-site) Salary: Competitive (dependent on experience) + excellent benefits & training Security Clearance: Ideally SC Cleared or eligible for SC Role Overview As a SIEM Analyst Cyber Threat Detection, you will play a hands-on role within an advanced cyber defence function, focused on proactive threat hunting, adversary behaviour analysis, and high-fidelity threat detection across enterprise environments. This role goes beyond reactive alert handling. You will actively hunt for malicious activity using telemetry, SIEM data, and threat intelligence, develop hypotheses based on MITRE ATT&CK Tactics, Techniques, and Procedures (TTPs), and support incident management and response activities when threats are identified. We are open to experienced SOC Analysts where threat hunting, investigations, and proactive detection have formed a significant part of their role, and who are looking to further develop in a more hunting-led environment. This position is well suited to analysts who enjoy thinking like an attacker, have worked alongside or supported red team or purple team activities, and want to deepen their expertise in threat detection and detection engineering. Skills & Experience We're Seeking Experience in threat hunting, cyber threat detection, SOC, blue team, or cyber defence environments, with ideally around five years hands on experience. Strong hands-on experience using SIEM platforms, including: Microsoft Sentinel (KQL) Splunk (SPL) Elastic Security/Kibana (KQL, ESQL) Practical and operational understanding of MITRE ATT&CK, attacker techniques, and adversary tradecraft Experience working with Indicators of Compromise (IOCs) and threat intelligence feeds Solid experience across the security event life cycle, including detection, investigation, and incident management Hands-on experience with EDR/XDR technologies such as Microsoft Defender, CrowdStrike, SentinelOne, or Carbon Black Strong knowledge of networking fundamentals (TCP/IP, DNS, HTTP/S, Firewalls, VPNs, Proxy technologies) Experience analysing telemetry from Windows, Linux, identity, endpoint, and network sources Strong analytical mindset with the ability to clearly communicate findings, impact, and risk Key Responsibilities Conduct proactive threat hunting activities across log, endpoint, and network telemetry to identify suspicious, stealthy, or previously unknown threats Develop and execute hunt hypotheses aligned to MITRE ATT&CK TTPs, adversary behaviours, and emerging threat intelligence Write, refine, and optimise SIEM queries using KQL, SPL, Elastic/ESQL, and Kibana Query Language Perform IOC analysis, enrichment, and validation, integrating internal and external threat intelligence sources Lead investigations from initial detection through scoping, root cause analysis, and impact assessment Support incident management and incident response activities, including containment, remediation, escalation, and lessons learned Collaborate closely with SOC teams, incident responders, red teams, and purple teams to validate detections and improve defensive coverage Contribute to detection logic improvements, use-case development, and continuous enhancement of hunting methodologies Produce clear investigation write-ups, timelines, and recommendations for technical and non-technical stakeholders Security Certifications (Highly Beneficial) SANS/GIAC certifications, including but not limited to: GCIH - Incident Handler GCIA - Intrusion Analyst GCED - Enterprise Defender GCTI - Cyber Threat Intelligence GMON - Continuous Monitoring GDAT - Defending Advanced Threats GCAT - Advanced Threat Intelligence OSCP or equivalent offensive security qualifications Crest certifications, such as: Crest Practitioner Intrusion Analyst (CPIA) Crest Registered Intrusion Analyst (CRIA) Crest Certified Threat Intelligence Analyst (CCTIA) Crest Certified Blue Team Professional (CCBTP) Microsoft SC-200 or related detection and response certifications Other recognised cyber security or threat intelligence credentials
Cyber Threat Detection / SIEM Analyst - SANS/GIAC Cyber Threat Detection Analyst Location: Wokingham, Berkshire (On-site) Salary: Competitive (dependent on experience) + excellent benefits & training Security Clearance: Ideally SC Cleared or eligible for SC Role Overview As a Cyber Threat Detection Analyst, you will play a hands-on role within an advanced cyber defence function, focused on proactive threat hunting, adversary behaviour analysis, and high-fidelity threat detection across enterprise environments. This role goes beyond reactive alert handling. You will actively hunt for malicious activity using telemetry, SIEM data, and threat intelligence, develop hypotheses based on MITRE ATT&CK Tactics, Techniques, and Procedures (TTPs), and support incident management and response activities when threats are identified. We are open to experienced SOC Analysts where threat hunting, investigations, and proactive detection have formed a significant part of their role, and who are looking to further develop in a more hunting-led environment. This position is well suited to analysts who enjoy thinking like an attacker, have worked alongside or supported red team or purple team activities, and want to deepen their expertise in threat detection and detection engineering. Skills & Experience We're Seeking Experience in threat hunting, cyber threat detection, SOC, blue team, or cyber defence environments, with ideally around five years hands on experience. Strong hands-on experience using SIEM platforms, including: Microsoft Sentinel (KQL) Splunk (SPL) Elastic Security/Kibana (KQL, ESQL) Practical and operational understanding of MITRE ATT&CK, attacker techniques, and adversary tradecraft Experience working with Indicators of Compromise (IOCs) and threat intelligence feeds Solid experience across the security event life cycle, including detection, investigation, and incident management Hands-on experience with EDR/XDR technologies such as Microsoft Defender, CrowdStrike, SentinelOne, or Carbon Black Strong knowledge of networking fundamentals (TCP/IP, DNS, HTTP/S, Firewalls, VPNs, Proxy technologies) Experience analysing telemetry from Windows, Linux, identity, endpoint, and network sources Strong analytical mindset with the ability to clearly communicate findings, impact, and risk Key Responsibilities Conduct proactive threat hunting activities across log, endpoint, and network telemetry to identify suspicious, stealthy, or previously unknown threats Develop and execute hunt hypotheses aligned to MITRE ATT&CK TTPs, adversary behaviours, and emerging threat intelligence Write, refine, and optimise SIEM queries using KQL, SPL, Elastic/ESQL, and Kibana Query Language Perform IOC analysis, enrichment, and validation, integrating internal and external threat intelligence sources Lead investigations from initial detection through scoping, root cause analysis, and impact assessment Support incident management and incident response activities, including containment, remediation, escalation, and lessons learned Collaborate closely with SOC teams, incident responders, red teams, and purple teams to validate detections and improve defensive coverage Contribute to detection logic improvements, use-case development, and continuous enhancement of hunting methodologies Produce clear investigation write-ups, timelines, and recommendations for technical and non-technical stakeholders Security Certifications (Highly Beneficial) SANS/GIAC certifications, including but not limited to: GCIH - Incident Handler GCIA - Intrusion Analyst GCED - Enterprise Defender GCTI - Cyber Threat Intelligence GMON - Continuous Monitoring GDAT - Defending Advanced Threats GCAT - Advanced Threat Intelligence OSCP or equivalent offensive security qualifications Crest certifications, such as: Crest Practitioner Intrusion Analyst (CPIA) Crest Registered Intrusion Analyst (CRIA) Crest Certified Threat Intelligence Analyst (CCTIA) Crest Certified Blue Team Professional (CCBTP) Microsoft SC-200 or related detection and response certifications Other recognised cyber security or threat intelligence credentials
Jun 05, 2026
Full time
Cyber Threat Detection / SIEM Analyst - SANS/GIAC Cyber Threat Detection Analyst Location: Wokingham, Berkshire (On-site) Salary: Competitive (dependent on experience) + excellent benefits & training Security Clearance: Ideally SC Cleared or eligible for SC Role Overview As a Cyber Threat Detection Analyst, you will play a hands-on role within an advanced cyber defence function, focused on proactive threat hunting, adversary behaviour analysis, and high-fidelity threat detection across enterprise environments. This role goes beyond reactive alert handling. You will actively hunt for malicious activity using telemetry, SIEM data, and threat intelligence, develop hypotheses based on MITRE ATT&CK Tactics, Techniques, and Procedures (TTPs), and support incident management and response activities when threats are identified. We are open to experienced SOC Analysts where threat hunting, investigations, and proactive detection have formed a significant part of their role, and who are looking to further develop in a more hunting-led environment. This position is well suited to analysts who enjoy thinking like an attacker, have worked alongside or supported red team or purple team activities, and want to deepen their expertise in threat detection and detection engineering. Skills & Experience We're Seeking Experience in threat hunting, cyber threat detection, SOC, blue team, or cyber defence environments, with ideally around five years hands on experience. Strong hands-on experience using SIEM platforms, including: Microsoft Sentinel (KQL) Splunk (SPL) Elastic Security/Kibana (KQL, ESQL) Practical and operational understanding of MITRE ATT&CK, attacker techniques, and adversary tradecraft Experience working with Indicators of Compromise (IOCs) and threat intelligence feeds Solid experience across the security event life cycle, including detection, investigation, and incident management Hands-on experience with EDR/XDR technologies such as Microsoft Defender, CrowdStrike, SentinelOne, or Carbon Black Strong knowledge of networking fundamentals (TCP/IP, DNS, HTTP/S, Firewalls, VPNs, Proxy technologies) Experience analysing telemetry from Windows, Linux, identity, endpoint, and network sources Strong analytical mindset with the ability to clearly communicate findings, impact, and risk Key Responsibilities Conduct proactive threat hunting activities across log, endpoint, and network telemetry to identify suspicious, stealthy, or previously unknown threats Develop and execute hunt hypotheses aligned to MITRE ATT&CK TTPs, adversary behaviours, and emerging threat intelligence Write, refine, and optimise SIEM queries using KQL, SPL, Elastic/ESQL, and Kibana Query Language Perform IOC analysis, enrichment, and validation, integrating internal and external threat intelligence sources Lead investigations from initial detection through scoping, root cause analysis, and impact assessment Support incident management and incident response activities, including containment, remediation, escalation, and lessons learned Collaborate closely with SOC teams, incident responders, red teams, and purple teams to validate detections and improve defensive coverage Contribute to detection logic improvements, use-case development, and continuous enhancement of hunting methodologies Produce clear investigation write-ups, timelines, and recommendations for technical and non-technical stakeholders Security Certifications (Highly Beneficial) SANS/GIAC certifications, including but not limited to: GCIH - Incident Handler GCIA - Intrusion Analyst GCED - Enterprise Defender GCTI - Cyber Threat Intelligence GMON - Continuous Monitoring GDAT - Defending Advanced Threats GCAT - Advanced Threat Intelligence OSCP or equivalent offensive security qualifications Crest certifications, such as: Crest Practitioner Intrusion Analyst (CPIA) Crest Registered Intrusion Analyst (CRIA) Crest Certified Threat Intelligence Analyst (CCTIA) Crest Certified Blue Team Professional (CCBTP) Microsoft SC-200 or related detection and response certifications Other recognised cyber security or threat intelligence credentials
CBSbutler Holdings Limited trading as CBSbutler
Portsmouth, Hampshire
Senior SOC Analyst +9 months + +DV cleared role - current active DV clearance is essential +Inside IR35 + 575 - 630 a day +Corsham / Portsmouth Key Skills: ISO27001 DV Cleareance SIEM/SOAR - Elastic, Trend Micro, Tripwire, Tanium, Clearswift and SolarWinds . We are seeking an experienced Senior SOC Analyst to join a high-performing Cyber Security Operations Centre supporting critical national security environments. This is an opportunity to work at the forefront of cyber defence, leading threat detection, incident response, vulnerability management, and continuous improvement of security monitoring capabilities. As a Senior SOC Analyst, you will play a key role in protecting complex enterprise environments through the management and optimisation of security tooling, threat detection, incident response, and forensic investigations. You will work closely with internal and external stakeholders to enhance SOC capabilities, improve security visibility, and strengthen cyber resilience. Key Responsibilities Maintain and optimise SOC Protect, Detect and Respond tooling. Configure, implement and support new security monitoring technologies. Develop detection rules, correlation logic, automation scripts and response playbooks. Manage vulnerability scanning platforms and contribute to wider SOC strategy. Integrate and onboard standard and non-standard log sources into SIEM platforms. Monitor, investigate and respond to security incidents and emerging threats. Conduct forensic investigations and malware analysis, producing actionable intelligence and Indicators of Compromise (IoCs). Tune and enhance SIEM, SOAR, EDR, DLP, email security and intrusion detection technologies. Analyse attacker tactics, techniques and procedures (TTPs) using frameworks such as MITRE ATT&CK. Produce dashboards, reports and recommendations to improve security posture. Ensure adherence to operational processes, SLAs, KPIs and security policies. Drive continuous improvement across SOC processes, tooling and service delivery. Essential Skills & Experience Current Developed Vetting (DV) Clearance . Strong experience administering and tuning SIEM and SOAR platforms. Hands-on experience with technologies such as Elastic, Trend Micro, Tripwire, Tanium, Clearswift and SolarWinds . Experience in threat hunting, incident response, digital forensics and malware analysis. Strong understanding of Windows and Linux environments. Experience writing and tuning detection signatures, correlation rules and monitoring use cases. Knowledge of log collection, aggregation and analysis technologies including ELK Stack, Syslog and Windows Event Forwarding. Experience with scripting and automation using Python, PowerShell, Bash, Perl or similar. Understanding of network forensics, threat intelligence and cyber threat detection methodologies. Knowledge of ISO 27001:2022 , MITRE ATT&CK , and IT Service Management principles.
Jun 05, 2026
Contractor
Senior SOC Analyst +9 months + +DV cleared role - current active DV clearance is essential +Inside IR35 + 575 - 630 a day +Corsham / Portsmouth Key Skills: ISO27001 DV Cleareance SIEM/SOAR - Elastic, Trend Micro, Tripwire, Tanium, Clearswift and SolarWinds . We are seeking an experienced Senior SOC Analyst to join a high-performing Cyber Security Operations Centre supporting critical national security environments. This is an opportunity to work at the forefront of cyber defence, leading threat detection, incident response, vulnerability management, and continuous improvement of security monitoring capabilities. As a Senior SOC Analyst, you will play a key role in protecting complex enterprise environments through the management and optimisation of security tooling, threat detection, incident response, and forensic investigations. You will work closely with internal and external stakeholders to enhance SOC capabilities, improve security visibility, and strengthen cyber resilience. Key Responsibilities Maintain and optimise SOC Protect, Detect and Respond tooling. Configure, implement and support new security monitoring technologies. Develop detection rules, correlation logic, automation scripts and response playbooks. Manage vulnerability scanning platforms and contribute to wider SOC strategy. Integrate and onboard standard and non-standard log sources into SIEM platforms. Monitor, investigate and respond to security incidents and emerging threats. Conduct forensic investigations and malware analysis, producing actionable intelligence and Indicators of Compromise (IoCs). Tune and enhance SIEM, SOAR, EDR, DLP, email security and intrusion detection technologies. Analyse attacker tactics, techniques and procedures (TTPs) using frameworks such as MITRE ATT&CK. Produce dashboards, reports and recommendations to improve security posture. Ensure adherence to operational processes, SLAs, KPIs and security policies. Drive continuous improvement across SOC processes, tooling and service delivery. Essential Skills & Experience Current Developed Vetting (DV) Clearance . Strong experience administering and tuning SIEM and SOAR platforms. Hands-on experience with technologies such as Elastic, Trend Micro, Tripwire, Tanium, Clearswift and SolarWinds . Experience in threat hunting, incident response, digital forensics and malware analysis. Strong understanding of Windows and Linux environments. Experience writing and tuning detection signatures, correlation rules and monitoring use cases. Knowledge of log collection, aggregation and analysis technologies including ELK Stack, Syslog and Windows Event Forwarding. Experience with scripting and automation using Python, PowerShell, Bash, Perl or similar. Understanding of network forensics, threat intelligence and cyber threat detection methodologies. Knowledge of ISO 27001:2022 , MITRE ATT&CK , and IT Service Management principles.
We are currently recruiting for Senior Cyber Security Analysts and Associate Security Analysts - both working a 3-month contract for our client 3 days per week on-site in London. As a senior security analyst with responsibility for incident response, you will: lead the investigation of security alerts to understand the nature and extent of possible cyber incidents lead the forensic analysis of systems, files, network traffic and cloud environments lead the technical response to cyber incidents by identifying and implementing (or coordinating the implementation of) containment, eradication and recovery actions support the wider coordination of cyber incidents review previous incidents to identify lessons and actions identify and deliver opportunities for continual improvement of the incident response capability work closely alongside other Cyber Defence functions, supporting the continual improvement of wider capabilities develop and update internal plans, playbooks and knowledge base articles act as an escalation point for, and provide coaching and mentoring to, security analysts be responsible for leadership and line management of security analysts Cyber incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join. We're interested in people who have: significant experience investigating and responding to cyber incidents significant experience using security tools (eg, EDR, SIEM) to support the investigation and response to cyber incidents experience managing and coordinating the response to cyber incidents experience coaching and mentoring junior staff an in-depth understanding of the tools, techniques and procedures used by threat actors excellent analytical and problem solving skills excellent verbal and written communication skills It's desirable, but not essential, that you have: experience with Splunk experience working in an Agile environment experience with cloud environments such as AWS As an associate security analyst you will: triage and investigate cyber security alerts and reports from users use a variety of techniques to analyse systems, files, network traffic and cloud environments and understand the nature and extent of possible cyber incidents support the technical response to cyber incidents by identifying and implementing (or supporting the implementation of) containment, eradication and recovery actions support the coordination of cyber incidents contribute to post-incident reviews to identify lessons and actions identify opportunities for, and support the delivery of, continual improvements to the incident investigation and response capability work closely alongside other Cyber Defence functions, supporting the continual improvement of wider capabilities contribute to internal plans, playbooks and knowledge base articles act as an escalation point for, and provide coaching and mentoring to, apprentice security analysts be responsible for line management of apprentice security analysts Cyber incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join We're interested in people who have: experience investigating and responding to cyber incidents experience using security tools (eg, EDR, SIEM) to support the investigation and response to cyber incidents Experience with SIEM tools (experience of Splunk preferred but experience of Microsoft Sentinel or an equivalent SIEM tool is acceptable) an understanding of the tools, techniques and procedures commonly used by threat actors good analytical and problem-solving skills good verbal and written communication skills It's desirable, but not essential, that you have: experience with Splunk experience working in an Agile environment experience with cloud environments such as AWS If you feel you have the skills and experience needed for this role; please do apply now.
Oct 06, 2025
Contractor
We are currently recruiting for Senior Cyber Security Analysts and Associate Security Analysts - both working a 3-month contract for our client 3 days per week on-site in London. As a senior security analyst with responsibility for incident response, you will: lead the investigation of security alerts to understand the nature and extent of possible cyber incidents lead the forensic analysis of systems, files, network traffic and cloud environments lead the technical response to cyber incidents by identifying and implementing (or coordinating the implementation of) containment, eradication and recovery actions support the wider coordination of cyber incidents review previous incidents to identify lessons and actions identify and deliver opportunities for continual improvement of the incident response capability work closely alongside other Cyber Defence functions, supporting the continual improvement of wider capabilities develop and update internal plans, playbooks and knowledge base articles act as an escalation point for, and provide coaching and mentoring to, security analysts be responsible for leadership and line management of security analysts Cyber incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join. We're interested in people who have: significant experience investigating and responding to cyber incidents significant experience using security tools (eg, EDR, SIEM) to support the investigation and response to cyber incidents experience managing and coordinating the response to cyber incidents experience coaching and mentoring junior staff an in-depth understanding of the tools, techniques and procedures used by threat actors excellent analytical and problem solving skills excellent verbal and written communication skills It's desirable, but not essential, that you have: experience with Splunk experience working in an Agile environment experience with cloud environments such as AWS As an associate security analyst you will: triage and investigate cyber security alerts and reports from users use a variety of techniques to analyse systems, files, network traffic and cloud environments and understand the nature and extent of possible cyber incidents support the technical response to cyber incidents by identifying and implementing (or supporting the implementation of) containment, eradication and recovery actions support the coordination of cyber incidents contribute to post-incident reviews to identify lessons and actions identify opportunities for, and support the delivery of, continual improvements to the incident investigation and response capability work closely alongside other Cyber Defence functions, supporting the continual improvement of wider capabilities contribute to internal plans, playbooks and knowledge base articles act as an escalation point for, and provide coaching and mentoring to, apprentice security analysts be responsible for line management of apprentice security analysts Cyber incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join We're interested in people who have: experience investigating and responding to cyber incidents experience using security tools (eg, EDR, SIEM) to support the investigation and response to cyber incidents Experience with SIEM tools (experience of Splunk preferred but experience of Microsoft Sentinel or an equivalent SIEM tool is acceptable) an understanding of the tools, techniques and procedures commonly used by threat actors good analytical and problem-solving skills good verbal and written communication skills It's desirable, but not essential, that you have: experience with Splunk experience working in an Agile environment experience with cloud environments such as AWS If you feel you have the skills and experience needed for this role; please do apply now.
Security Analyst/Detection Engineer Location: Corsham, 60% on site Duration: 20/02/2026 MUST BE PAYE THROUGH UMBRELLA We are heading up a recruitment drive for a global consultancy that require an SC or DV cleared Security Analyst/Detection Engineer to join them on a major defence project that's based in Corsham. Role description: Good Security analyst skills, knowledge of working in a MOD SOC environment beneficial, knowledge of MOD environment and culture. Ability to operate standard SOC tools (SIEM), incident investigation, detection engineering Embedded with an existing Customer SOC, Capgemini supply a level of cyber expertise and corporate experience, assisting the customer in regular SOC activities, as well as proposing new processes and bringing 'best practice' to the workplace. Must be a sole British National. Hybrid working: The position is office based, with a local agreement with the customer that allows for a limited amount of Working from Home, based around your role, your needs, and those of the business. The current agreement requires 60% attendance in the office. If you are successfully offered this position, you will go through a series of pre-employment checks, including: identity, nationality (single or dual) or immigration status, employment history going back 3 continuous years, and unspent criminal record check (known as Disclosure and Barring Service) Your role Conduct reactive monitoring of MOD networks to deliver a layered, agile cyber defence capability across all security domains. Manage and triage alerts; conduct impact assessments and develop mitigating strategies to be briefed up the chain of command. Improve and comply all extant cyber security policies, procedures and orders, review and amend when required. Maintain and share knowledge of current cyber issues, vulnerabilities and exploits through research, technical reports and briefs You can bring your whole self to work. At Capgemini, striving for equity, diversity and inclusion is part of everyday life, and will be part of your working reality. We have built an inclusive and welcoming environment, for everyone. Your skills and experience Experienced Tier 2 SOC analyst Knowledge of Data networks Knowledge & experience with SIEM tool sets and security management tools. Desirable Security Qualifications (CompTIA S+/N+/CySA+, AWS, MS, SANS, CISSP etc.) Ideally have some experience with UK MOD Your security clearance
Oct 06, 2025
Contractor
Security Analyst/Detection Engineer Location: Corsham, 60% on site Duration: 20/02/2026 MUST BE PAYE THROUGH UMBRELLA We are heading up a recruitment drive for a global consultancy that require an SC or DV cleared Security Analyst/Detection Engineer to join them on a major defence project that's based in Corsham. Role description: Good Security analyst skills, knowledge of working in a MOD SOC environment beneficial, knowledge of MOD environment and culture. Ability to operate standard SOC tools (SIEM), incident investigation, detection engineering Embedded with an existing Customer SOC, Capgemini supply a level of cyber expertise and corporate experience, assisting the customer in regular SOC activities, as well as proposing new processes and bringing 'best practice' to the workplace. Must be a sole British National. Hybrid working: The position is office based, with a local agreement with the customer that allows for a limited amount of Working from Home, based around your role, your needs, and those of the business. The current agreement requires 60% attendance in the office. If you are successfully offered this position, you will go through a series of pre-employment checks, including: identity, nationality (single or dual) or immigration status, employment history going back 3 continuous years, and unspent criminal record check (known as Disclosure and Barring Service) Your role Conduct reactive monitoring of MOD networks to deliver a layered, agile cyber defence capability across all security domains. Manage and triage alerts; conduct impact assessments and develop mitigating strategies to be briefed up the chain of command. Improve and comply all extant cyber security policies, procedures and orders, review and amend when required. Maintain and share knowledge of current cyber issues, vulnerabilities and exploits through research, technical reports and briefs You can bring your whole self to work. At Capgemini, striving for equity, diversity and inclusion is part of everyday life, and will be part of your working reality. We have built an inclusive and welcoming environment, for everyone. Your skills and experience Experienced Tier 2 SOC analyst Knowledge of Data networks Knowledge & experience with SIEM tool sets and security management tools. Desirable Security Qualifications (CompTIA S+/N+/CySA+, AWS, MS, SANS, CISSP etc.) Ideally have some experience with UK MOD Your security clearance
LA International Computer Consultants Ltd
Corsham, Wiltshire
*SC CLEARED* Security Analyst/Detection Engineer 4 Month contract initially Based: Remote/Corsham - Max 3 days p/w onsite Rate: £500 - £537 p/d (via Umbrella company) We have a great opportunity with a world leading organisation where you will be provided with all of the support and development to succeed. A progressive organisation where you can really make a difference. We have a great opportunity for a Security Analyst/Detection Engineer to join the team for an initial 4 month contract. The ideal candidate will have good Security analyst skills, knowledge of working in a SOC environment beneficial, knowledge of defence environment and culture. You will have the ability to operate standard SOC tools (SIEM), incident investigation, detection engineering Embedded with an existing Customer SOC. Key Responsibilities: * Conduct reactive monitoring of the networks to deliver a layered, agile cyber defence capability across all security domains. * Manage and triage alerts; conduct impact assessments and develop mitigating strategies to be briefed up the chain of command. * Improve and comply all extant cyber security policies, procedures and orders, review and amend when required. * Maintain and share knowledge of current cyber issues, vulnerabilities and exploits through research, technical reports and briefs Key Skills & Experience: * Experienced Tier 2 SOC analyst * Knowledge of Data networks * Knowledge & experience with SIEM tool sets and security management tools. Desirable Security Qualifications: * CompTIA S+/N+/CySA+, AWS, MS, SANS, CISSP etc. * Ideally have some experience with UK defence or military space. This is an excellent opportunity on a great project of work, If you are looking for your next exciting opportunity, apply now for your CV to reach me directly, we will respond as soon as possible. Due to the nature and urgency of this post, candidates holding or who have held high level security clearance in the past are most welcome to apply. Please note successful applicants will be required to be security cleared prior to appointment which can take up to a minimum 10 weeks. LA International is a HMG approved ICT Recruitment and Project Solutions Consultancy, operating globally from the largest single site in the UK as an IT Consultancy or as an Employment Business & Agency depending upon the precise nature of the work, for security cleared jobs or non-clearance vacancies, LA International welcome applications from all sections of the community and from people with diverse experience and backgrounds. Award Winning LA International, winner of the Recruiter Awards for Excellence, Best IT Recruitment Company, Best Public Sector Recruitment Company and overall Gold Award winner, has now secured the most prestigious business award that any business can receive, The Queens Award for Enterprise: International Trade, for the second consecutive period.
Oct 06, 2025
Contractor
*SC CLEARED* Security Analyst/Detection Engineer 4 Month contract initially Based: Remote/Corsham - Max 3 days p/w onsite Rate: £500 - £537 p/d (via Umbrella company) We have a great opportunity with a world leading organisation where you will be provided with all of the support and development to succeed. A progressive organisation where you can really make a difference. We have a great opportunity for a Security Analyst/Detection Engineer to join the team for an initial 4 month contract. The ideal candidate will have good Security analyst skills, knowledge of working in a SOC environment beneficial, knowledge of defence environment and culture. You will have the ability to operate standard SOC tools (SIEM), incident investigation, detection engineering Embedded with an existing Customer SOC. Key Responsibilities: * Conduct reactive monitoring of the networks to deliver a layered, agile cyber defence capability across all security domains. * Manage and triage alerts; conduct impact assessments and develop mitigating strategies to be briefed up the chain of command. * Improve and comply all extant cyber security policies, procedures and orders, review and amend when required. * Maintain and share knowledge of current cyber issues, vulnerabilities and exploits through research, technical reports and briefs Key Skills & Experience: * Experienced Tier 2 SOC analyst * Knowledge of Data networks * Knowledge & experience with SIEM tool sets and security management tools. Desirable Security Qualifications: * CompTIA S+/N+/CySA+, AWS, MS, SANS, CISSP etc. * Ideally have some experience with UK defence or military space. This is an excellent opportunity on a great project of work, If you are looking for your next exciting opportunity, apply now for your CV to reach me directly, we will respond as soon as possible. Due to the nature and urgency of this post, candidates holding or who have held high level security clearance in the past are most welcome to apply. Please note successful applicants will be required to be security cleared prior to appointment which can take up to a minimum 10 weeks. LA International is a HMG approved ICT Recruitment and Project Solutions Consultancy, operating globally from the largest single site in the UK as an IT Consultancy or as an Employment Business & Agency depending upon the precise nature of the work, for security cleared jobs or non-clearance vacancies, LA International welcome applications from all sections of the community and from people with diverse experience and backgrounds. Award Winning LA International, winner of the Recruiter Awards for Excellence, Best IT Recruitment Company, Best Public Sector Recruitment Company and overall Gold Award winner, has now secured the most prestigious business award that any business can receive, The Queens Award for Enterprise: International Trade, for the second consecutive period.
*Senior Cyber Security Analyst - £600-800pd (experience dependent) INSIDE IR35 - 3 month initial contract - London (3 days per week onsite)* Please note: Due to the nature of the role, we are ideally looking for candidates to hold an active SC clearance. We are looking for a SC Cleared Senior Cyber Security Analyst with SPLUNK experience to join our central government client on an initial 3-month contract. You must have experience investigating and responding to cyber incidents, co-ordinating incident response in a large organisation. We have both a Senior and mid-level role available. Main responsibilities: As a senior security analyst with responsibility for incident response, you will: Lead the investigation of security alerts to understand the nature and extent of possible cyber incidents Lead the forensic analysis of systems, files, network traffic and cloud environment Lead the technical response to cyber incidents by identifying and implementing (or coordinating the implementation of) containment, eradication and recovery actions Support the wider coordination of cyber incidents Review previous incidents to identify lessons and actions Identify and deliver opportunities for continual improvement of the incident response capability Work closely alongside other Cyber Defence functions, supporting the continual improvement of wider capabilities Develop and update internal plans, playbooks and knowledge base articles Act as an escalation point for, and provide coaching and mentoring to, security analysts Be responsible for leadership and line management of security analysts Cyber incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join. Essential skills and experience: SPLUNK EDR (Endpoint Detection and Response) Significant experience investigating and responding to cyber incidents Significant experience using security tools (eg, EDR, SIEM) to support the investigation and response to cyber incidents Experience managing and coordinating the response to cyber incidents Experience coaching and mentoring junior staff An in-depth understanding of the tools, techniques and procedures used by threat actors Damia Group Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept our Data Protection Policy which can be found on our website. Please note that no terminology in this advert is intended to discriminate on the grounds of a person's gender, marital status, race, religion, colour, age, disability or sexual orientation. Every candidate will be assessed only in accordance with their merits, qualifications and ability to perform the duties of the job. Damia Group is acting as an Employment Business in relation to this vacancy and in accordance to Conduct Regulations 2003.
Oct 03, 2025
Contractor
*Senior Cyber Security Analyst - £600-800pd (experience dependent) INSIDE IR35 - 3 month initial contract - London (3 days per week onsite)* Please note: Due to the nature of the role, we are ideally looking for candidates to hold an active SC clearance. We are looking for a SC Cleared Senior Cyber Security Analyst with SPLUNK experience to join our central government client on an initial 3-month contract. You must have experience investigating and responding to cyber incidents, co-ordinating incident response in a large organisation. We have both a Senior and mid-level role available. Main responsibilities: As a senior security analyst with responsibility for incident response, you will: Lead the investigation of security alerts to understand the nature and extent of possible cyber incidents Lead the forensic analysis of systems, files, network traffic and cloud environment Lead the technical response to cyber incidents by identifying and implementing (or coordinating the implementation of) containment, eradication and recovery actions Support the wider coordination of cyber incidents Review previous incidents to identify lessons and actions Identify and deliver opportunities for continual improvement of the incident response capability Work closely alongside other Cyber Defence functions, supporting the continual improvement of wider capabilities Develop and update internal plans, playbooks and knowledge base articles Act as an escalation point for, and provide coaching and mentoring to, security analysts Be responsible for leadership and line management of security analysts Cyber incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join. Essential skills and experience: SPLUNK EDR (Endpoint Detection and Response) Significant experience investigating and responding to cyber incidents Significant experience using security tools (eg, EDR, SIEM) to support the investigation and response to cyber incidents Experience managing and coordinating the response to cyber incidents Experience coaching and mentoring junior staff An in-depth understanding of the tools, techniques and procedures used by threat actors Damia Group Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept our Data Protection Policy which can be found on our website. Please note that no terminology in this advert is intended to discriminate on the grounds of a person's gender, marital status, race, religion, colour, age, disability or sexual orientation. Every candidate will be assessed only in accordance with their merits, qualifications and ability to perform the duties of the job. Damia Group is acting as an Employment Business in relation to this vacancy and in accordance to Conduct Regulations 2003.
We are seeking an experienced SC cleared Associate Security Analyst to join our team. You will support the cybersecurity operations, incident investigation, and response efforts within a dynamic environment. Your responsibilities will include investigating security alerts, analysing threats, supporting incident response activities, and contributing to ongoing improvements in security processes Key Responsibilities: Triage and investigate cybersecurity alerts and user reports Analyze systems, files, network traffic, and cloud environments to determine the nature and extent of cyber incidents Support technical response activities including containment, eradication, and recovery Assist in coordinating cyber incident responses Contribute to post-incident reviews and identify lessons learned Support continual improvement initiatives for incident investigation and response capabilities Collaborate with Cyber Defence teams to enhance overall security posture Contribute to internal plans, playbooks, and knowledge base documentation Line management of apprentice security analysts Experience & Skills Required: 2-3 years' experience in cyber security incident investigation and response Strong knowledge of cyber security threats and attack techniques Hands-on experience with security tools such as EDR, SIEM (Splunk preferred, Microsoft Sentinel or equivalent acceptable) Understanding of threat actor tactics, techniques, and procedures Good analytical, problem-solving, and troubleshooting skills Hands-on experience with Splunk Experience working within an Agile environment Familiarity with cloud platforms such as AWS Please note active SC clearance is required for this role Minorities, women, LGBTQ+ candidates, and individuals with disabilities are encouraged to apply. Interviews will take place next week, so please apply immediately to be considered for this contract role.
Oct 03, 2025
Contractor
We are seeking an experienced SC cleared Associate Security Analyst to join our team. You will support the cybersecurity operations, incident investigation, and response efforts within a dynamic environment. Your responsibilities will include investigating security alerts, analysing threats, supporting incident response activities, and contributing to ongoing improvements in security processes Key Responsibilities: Triage and investigate cybersecurity alerts and user reports Analyze systems, files, network traffic, and cloud environments to determine the nature and extent of cyber incidents Support technical response activities including containment, eradication, and recovery Assist in coordinating cyber incident responses Contribute to post-incident reviews and identify lessons learned Support continual improvement initiatives for incident investigation and response capabilities Collaborate with Cyber Defence teams to enhance overall security posture Contribute to internal plans, playbooks, and knowledge base documentation Line management of apprentice security analysts Experience & Skills Required: 2-3 years' experience in cyber security incident investigation and response Strong knowledge of cyber security threats and attack techniques Hands-on experience with security tools such as EDR, SIEM (Splunk preferred, Microsoft Sentinel or equivalent acceptable) Understanding of threat actor tactics, techniques, and procedures Good analytical, problem-solving, and troubleshooting skills Hands-on experience with Splunk Experience working within an Agile environment Familiarity with cloud platforms such as AWS Please note active SC clearance is required for this role Minorities, women, LGBTQ+ candidates, and individuals with disabilities are encouraged to apply. Interviews will take place next week, so please apply immediately to be considered for this contract role.
Senior Cyber Security Analyst - Government, Splunk, EDR, Defence, AWS, Hybrid, London, SC Clearance, £800 pd We are seeking an experienced SC cleared Senior Cyber Security Analyst to lead incident response efforts within a dynamic cyber defence team. The ideal candidate will have a strong background in investigating, managing, and responding to cyber threats, with a focus on incident containment and forensic analysis. Key Responsibilities: Lead investigations into security alerts to determine the nature and scope of potential cyber incidents Conduct forensic analysis across systems, network traffic, files, and cloud environments Manage technical responses, including containment, eradication, and recovery actions Support the coordination and management of cyber incident responses Review incidents post-event to identify lessons learned and areas for improvement Develop and maintain incident response plans, playbooks, and knowledge resources Lead and line-manage security team members Experience & Skills Needed: Extensive experience investigating and responding to cyber incidents Proficiency with security tools such as EDR and SIEM platforms Proven track record of managing and coordinating incident response activities Experience in mentoring and coaching junior staff Strong understanding of threat actor techniques, tools, and tactics Excellent analytical, problem-solving, and communication skills Experience with Splunk or similar log management tools Familiarity with Agile working practices Knowledge of cloud platforms such as AWS If you possess the relevant experience and are ready to lead critical cyber defence initiatives, we encourage you to apply. Minorities, women, LGBTQ+ candidates, and individuals with disabilities are encouraged to apply. Interviews will take place next week, so please apply immediately to be considered for this contract role.
Oct 03, 2025
Contractor
Senior Cyber Security Analyst - Government, Splunk, EDR, Defence, AWS, Hybrid, London, SC Clearance, £800 pd We are seeking an experienced SC cleared Senior Cyber Security Analyst to lead incident response efforts within a dynamic cyber defence team. The ideal candidate will have a strong background in investigating, managing, and responding to cyber threats, with a focus on incident containment and forensic analysis. Key Responsibilities: Lead investigations into security alerts to determine the nature and scope of potential cyber incidents Conduct forensic analysis across systems, network traffic, files, and cloud environments Manage technical responses, including containment, eradication, and recovery actions Support the coordination and management of cyber incident responses Review incidents post-event to identify lessons learned and areas for improvement Develop and maintain incident response plans, playbooks, and knowledge resources Lead and line-manage security team members Experience & Skills Needed: Extensive experience investigating and responding to cyber incidents Proficiency with security tools such as EDR and SIEM platforms Proven track record of managing and coordinating incident response activities Experience in mentoring and coaching junior staff Strong understanding of threat actor techniques, tools, and tactics Excellent analytical, problem-solving, and communication skills Experience with Splunk or similar log management tools Familiarity with Agile working practices Knowledge of cloud platforms such as AWS If you possess the relevant experience and are ready to lead critical cyber defence initiatives, we encourage you to apply. Minorities, women, LGBTQ+ candidates, and individuals with disabilities are encouraged to apply. Interviews will take place next week, so please apply immediately to be considered for this contract role.
Job Title: Cyber Security Incident Response Specialist Location: London, Wokingham, or Warwick (2 days per week onsite - hybrid working) Contract Duration: 6months + initially, with high potential for extension (long-term programme) Clearance: SC required or eligible THIS PROJECT IS INSIDE IR35 Project Overview: We are looking for an experienced Cyber Security Incident Response Specialist to join a high-impact security programme supporting the resilience of UK critical national infrastructure (CNI) . You'll join a team responsible for responding to cyber threats across both cyber and physical domains - helping to manage the full incident life cycle, improve response maturity, and develop scalable IR documentation and exercises. This is a specialist role for someone with real-world IR experience and the ability to assess, escalate, and coordinate technical and business responses. Key Responsibilities: Lead or support incident response (IR) activities across the full life cycle: detection, triage, containment, eradication, recovery, and lessons learned Develop and maintain IR playbooks, plans, and post-incident reports Support post-incident reviews , including root cause analysis (RCA) and lessons learned sessions Design and deliver incident response exercises (eg tabletop simulations) Act as a subject matter expert (SME) for incident response processes and frameworks Collaborate with SOC teams, technical SMEs, and non-technical stakeholders Communicate IR outcomes effectively via reports, presentations, and briefings Build working relationships across internal security functions and external CNI/regulatory stakeholders Mandatory Requirements (Must-Have): Strong, recent experience in cybersecurity incident response Ability to make informed decisions during incidents (triage, escalate, communicate) Experience working in Critical National Infrastructure (CNI) sectors - eg utilities, energy, telco, banking, health, defence, or transport Working knowledge of NIST, MITRE ATT&CK , or equivalent frameworks Proven ability to communicate IR findings to technical and non-technical audiences Experience contributing to or owning IR playbooks, SOPs, or RCA documentation Must hold current SC clearance or have been previously cleared within the last 12-18 months Desirable Skills (Nice-to-Have): Experience within the energy or utilities sector Exposure to OT/ICS environments (eg SCADA, PLCs, DCS) Experience delivering or supporting tabletop IR exercises Familiarity with tools like Microsoft Sentinel, Defender, Splunk, QRadar, Tenable, CrowdStrike, etc. Industry certifications such as CISSP, GCFA, GEIR, CCIM, CISM, CEH , or equivalent What We're Not Looking For: Junior SOC analysts (L1/L2 triage only) Generalist cyber roles without deep IR exposure Candidates without experience in CNI or enterprise-scale IR
Oct 01, 2025
Contractor
Job Title: Cyber Security Incident Response Specialist Location: London, Wokingham, or Warwick (2 days per week onsite - hybrid working) Contract Duration: 6months + initially, with high potential for extension (long-term programme) Clearance: SC required or eligible THIS PROJECT IS INSIDE IR35 Project Overview: We are looking for an experienced Cyber Security Incident Response Specialist to join a high-impact security programme supporting the resilience of UK critical national infrastructure (CNI) . You'll join a team responsible for responding to cyber threats across both cyber and physical domains - helping to manage the full incident life cycle, improve response maturity, and develop scalable IR documentation and exercises. This is a specialist role for someone with real-world IR experience and the ability to assess, escalate, and coordinate technical and business responses. Key Responsibilities: Lead or support incident response (IR) activities across the full life cycle: detection, triage, containment, eradication, recovery, and lessons learned Develop and maintain IR playbooks, plans, and post-incident reports Support post-incident reviews , including root cause analysis (RCA) and lessons learned sessions Design and deliver incident response exercises (eg tabletop simulations) Act as a subject matter expert (SME) for incident response processes and frameworks Collaborate with SOC teams, technical SMEs, and non-technical stakeholders Communicate IR outcomes effectively via reports, presentations, and briefings Build working relationships across internal security functions and external CNI/regulatory stakeholders Mandatory Requirements (Must-Have): Strong, recent experience in cybersecurity incident response Ability to make informed decisions during incidents (triage, escalate, communicate) Experience working in Critical National Infrastructure (CNI) sectors - eg utilities, energy, telco, banking, health, defence, or transport Working knowledge of NIST, MITRE ATT&CK , or equivalent frameworks Proven ability to communicate IR findings to technical and non-technical audiences Experience contributing to or owning IR playbooks, SOPs, or RCA documentation Must hold current SC clearance or have been previously cleared within the last 12-18 months Desirable Skills (Nice-to-Have): Experience within the energy or utilities sector Exposure to OT/ICS environments (eg SCADA, PLCs, DCS) Experience delivering or supporting tabletop IR exercises Familiarity with tools like Microsoft Sentinel, Defender, Splunk, QRadar, Tenable, CrowdStrike, etc. Industry certifications such as CISSP, GCFA, GEIR, CCIM, CISM, CEH , or equivalent What We're Not Looking For: Junior SOC analysts (L1/L2 triage only) Generalist cyber roles without deep IR exposure Candidates without experience in CNI or enterprise-scale IR
