Cyber Threat Detection / SIEM Analyst

Salary: £60,000 - 90,000 per year

Requirements

• Around five years of hands-on experience in threat hunting, cyber threat detection, SOC, blue team, or cyber defence environments.
• Strong hands-on experience with SIEM platforms, including Microsoft Sentinel (KQL), Splunk (SPL), and Elastic Security/Kibana (KQL, ESQL).
• Practical understanding of MITRE ATT&CK, attacker techniques, and adversary tradecraft.
• Experience working with indicators of compromise and threat intelligence feeds.
• Solid experience across the security event lifecycle, including detection, investigation, and incident management.
• Hands-on experience with EDR/XDR technologies such as Microsoft Defender, CrowdStrike, SentinelOne, or Carbon Black.
• Strong knowledge of networking fundamentals, including TCP/IP, DNS, HTTP/S, firewalls, VPNs, and proxy technologies.
• Experience analysing telemetry from Windows, Linux, identity, endpoint, and network sources.
• A strong analytical mindset with the ability to clearly communicate findings, impact, and risk.
• SANS/GIAC certifications are highly beneficial, including GCIH, GCIA, GCED, GCTI, GMON, GDAT, and GCAT.
• Offensive security or threat intelligence credentials such as OSCP or CREST certifications are highly desirable.
• Microsoft SC-200 or related detection and response certifications are also beneficial.

Responsibilities

• Conduct proactive threat hunting across log, endpoint, and network telemetry to identify suspicious, stealthy, or previously unknown threats.
• Develop and execute hunt hypotheses aligned to MITRE ATT&CK tactics, techniques, procedures, adversary behaviours, and emerging threat intelligence.
• Write, refine, and optimise SIEM queries using KQL, SPL, Elastic/ESQL, and Kibana Query Language.
• Perform IOC analysis, enrichment, and validation using internal and external threat intelligence sources.
• Lead investigations from initial detection through scoping, root cause analysis, and impact assessment.
• Support incident management and incident response activities, including containment, remediation, escalation, and lessons learned.
• Collaborate closely with SOC teams, incident responders, red teams, and purple teams to validate detections and improve defensive coverage.
• Contribute to detection logic improvements, use-case development, and continuous enhancement of hunting methodologies.
• Produce clear investigation write-ups, timelines, and recommendations for technical and non-technical stakeholders.

Technologies

• HTTP
• Kibana
• Linux
• Network
• Security
• Splunk
• TCP/IP
• Windows

We are an advanced cyber defence team based on-site in Wokingham, Berkshire, offering a competitive salary dependent on experience, excellent benefits, and training. This is a hands-on cyber threat detection role focused on proactive hunting, adversary behaviour analysis, and high-fidelity detection across enterprise environments. We are open to experienced SOC Analysts who have spent a significant part of their role on investigations, threat hunting, and proactive detection and who are looking to grow in a more hunting-led environment. The role is well suited to analysts who enjoy thinking like an attacker and want to deepen their expertise in threat detection and detection engineering. Security clearance is ideally SC cleared or eligible for SC.