Salary: £65,000 - 90,000 per year Requirements: We are looking for around five years of hands-on experience in threat hunting, cyber threat detection, SOC, blue team, or cyber defence environments. We need strong hands-on experience with SIEM platforms, including Microsoft Sentinel (KQL), Splunk (SPL), and Elastic Security/Kibana (KQL, ESQL). We require practical knowledge of MITRE ATT&CK, attacker techniques, and adversary tradecraft. We value experience working with indicators of compromise and threat intelligence feeds. We need solid experience across the security event lifecycle, including detection, investigation, and incident management. We require hands-on experience with EDR/XDR technologies such as Microsoft Defender, CrowdStrike, SentinelOne, or Carbon Black. We need strong knowledge of networking fundamentals, including TCP/IP, DNS, HTTP/S, firewalls, VPNs, and proxy technologies. We require experience analysing telemetry from Windows, Linux, identity, endpoint, and network sources. We need strong analytical skills and the ability to communicate findings, impact, and risk clearly. We strongly prefer SANS/GIAC certifications such as GCIH, GCIA, GCED, GCTI, GMON, GDAT, or GCAT. We value OSCP or equivalent offensive security qualifications. We value Crest certifications such as CPIA, CRIA, CCTIA, or CCBTP. We value Microsoft SC-200 or related detection and response certifications. We welcome other recognised cyber security or threat intelligence credentials. We ideally prefer candidates who are SC Cleared or eligible for SC. Responsibilities: We conduct proactive threat hunting across log, endpoint, and network telemetry to identify suspicious, stealthy, or previously unknown threats. We develop and execute hunt hypotheses aligned to MITRE ATT&CK TTPs, adversary behaviours, and emerging threat intelligence. We write, refine, and optimise SIEM queries using KQL, SPL, Elastic/ESQL, and Kibana Query Language. We perform IOC analysis, enrichment, and validation using internal and external threat intelligence sources. We lead investigations from initial detection through scoping, root cause analysis, and impact assessment. We support incident management and incident response activities, including containment, remediation, escalation, and lessons learned. We collaborate closely with SOC teams, incident responders, red teams, and purple teams to validate detections and improve defensive coverage. We contribute to detection logic improvements, use-case development, and continuous enhancement of hunting methodologies. We produce clear investigation write-ups, timelines, and recommendations for both technical and non-technical stakeholders. We take a hands-on role within an advanced cyber defence function focused on proactive threat detection and adversary behaviour analysis. Technologies: HTTP Support Kibana Linux Network Security Splunk TCP/IP Windows More: We are hiring a Cyber Threat Detection Analyst / SIEM Analyst to join our advanced cyber defence function in Wokingham, Berkshire, with the role based on-site. This is a hands-on position focused on proactive threat hunting, adversary behaviour analysis, and high-fidelity threat detection across enterprise environments. We offer a competitive salary dependent on experience, along with excellent benefits and training. The role is well suited to experienced SOC analysts who want to move into a more hunting-led environment and deepen their expertise in detection engineering, incident response, and collaboration with red and purple team activities. Ideally, we are looking for candidates who are SC Cleared or eligible for SC. last updated 21 week of 2026