Salary: £45,000 - 70,000 per year Requirements: Experience in threat hunting, cyber threat detection, SOC, blue team, or cyber defence environments, with ideally around five years hands-on experience. Strong hands-on experience using SIEM platforms, including: - Microsoft Sentinel (KQL) - Splunk (SPL) - Elastic Security/Kibana (KQL, ESQL) Practical and operational understanding of MITRE ATT&CK, attacker techniques, and adversary tradecraft. Experience working with Indicators of Compromise (IOCs) and threat intelligence feeds. Solid experience across the security event life cycle, including detection, investigation, and incident management. Hands-on experience with EDR/XDR technologies such as Microsoft Defender, CrowdStrike, SentinelOne, or Carbon Black. Strong knowledge of networking fundamentals (TCP/IP, DNS, HTTP/S, Firewalls, VPNs, Proxy technologies). Experience analysing telemetry from Windows, Linux, identity, endpoint, and network sources. Strong analytical mindset with the ability to clearly communicate findings, impact, and risk. Responsibilities: Conduct proactive threat hunting activities across log, endpoint, and network telemetry to identify suspicious, stealthy, or previously unknown threats. Develop and execute hunt hypotheses aligned to MITRE ATT&CK TTPs, adversary behaviours, and emerging threat intelligence. Write, refine, and optimise SIEM queries using KQL, SPL, Elastic/ESQL, and Kibana Query Language. Perform IOC analysis, enrichment, and validation, integrating internal and external threat intelligence sources. Lead investigations from initial detection through scoping, root cause analysis, and impact assessment. Support incident management and incident response activities, including containment, remediation, escalation, and lessons learned. Collaborate closely with SOC teams, incident responders, red teams, and purple teams to validate detections and improve defensive coverage. Contribute to detection logic improvements, use-case development, and continuous enhancement of hunting methodologies. Produce clear investigation write-ups, timelines, and recommendations for technical and non-technical stakeholders. Technologies: HTTP Support Kibana Linux Network Security Splunk TCP/IP Windows More: We are looking for a Cyber Threat Detection Analyst to join our team located in Wokingham, Berkshire. In this role, you will be a key player in our advanced cyber defence function, focused on proactive threat hunting and high-fidelity threat detection. We offer a competitive salary and excellent benefits, providing opportunities for further training and development. Our environment is dynamic and supports continuous growth, and we encourage analysts who enjoy thinking like attackers to apply and deepen their expertise in threat detection. last updated 18 week of 2026