Salary: £45,000 - 60,000 per year Requirements: We require strong knowledge of SIEM platforms such as Microsoft Sentinel, Splunk, or Elastic. We require experience writing and tuning queries using Kusto Query Language (KQL), ES|QL or Kibana Query Language, and Splunk SPL. We require an understanding of event correlation, alerting, and detection use-case development. We require strong knowledge of Linux and Windows operating systems. We require strong knowledge of core networking concepts, including TCP/IP, DNS, HTTP/S, firewalls, and VPNs. We require experience analysing logs across endpoint, identity, network, and cloud environments. We require strong knowledge of EDR/XDR concepts and workflows. We require knowledge of IDS/IPS technologies and signature-based detection. We require experience working with tools such as Microsoft Defender, CrowdStrike, SentinelOne, or similar. We require understanding of attacker Tactics, Techniques and Procedures (TTPs) and how they appear in logs and telemetry. We require familiarity with the MITRE ATT&CK framework. We require evidence of staying up to date with emerging threats, adversary tradecraft, and defensive techniques. We require experience handling security incidents through detection and triage, investigation and analysis, and handover to Incident Response teams. We require a strong understanding of incident management processes. We require knowledge of host-based forensic concepts. We require the ability to apply post-incident review learnings to improve detection and response. We prefer experience within a SOC or cyber defence environment. We prefer exposure to threat hunting or detection engineering. We prefer experience in high-security or regulated environments. We prefer relevant cyber security certifications such as Microsoft SC-200, GIAC/SANS, CREST, or other recognised qualifications. We require UK nationality and either current SC clearance or eligibility for SC clearance. Responsibilities: We monitor, analyse, and investigate security alerts across SIEM and security tooling. We conduct detailed investigations across log, endpoint, identity, and network telemetry. We develop and optimise detection logic and SIEM queries to improve alert fidelity. We analyse security events and correlate activity across multiple data sources. We support incident response activities, including containment, escalation, and remediation. We perform IOC analysis, enrichment, and validation using threat intelligence sources. We identify gaps in detection capabilities and contribute to continuous improvement. We work closely with infrastructure, SOC, and incident response teams to enhance response capability. We produce clear and structured investigation reports and escalation summaries. Technologies: Cloud HTTP Support Kibana Linux Network Security Splunk TCP/IP Windows More: We are a global technology organisation with a well-established cyber security capability supporting mission-critical environments. Cyber security is central to our strategy, and we continue to invest in tooling, threat intelligence, and specialist talent. Our security function operates at a mature level, combining Security Operations, threat detection, incident response, and continuous improvement practices to defend against evolving threats. This is an onsite role based in Berkshire, offering a salary of £45,000 to £60,000 plus excellent benefits and training. We provide strong investment in professional development, certifications, and progression, with opportunities to grow into Senior SIEM Analyst, Detection Engineer, or Threat Hunter roles. last updated 24 week of 2026