Salary: £45,000 - 70,000 per year Requirements: Experience in threat hunting, cyber threat detection, SOC, blue team, or cyber defence environments, with ideally around five years hands-on experience. Strong hands-on experience using SIEM platforms, including Microsoft Sentinel (KQL), Splunk (SPL), and Elastic Security/Kibana (KQL, ESQL). Practical and operational understanding of MITRE ATT&CK, attacker techniques, and adversary tradecraft. Experience working with Indicators of Compromise (IOCs) and threat intelligence feeds. Solid experience across the security event lifecycle, including detection, investigation, and incident management. Hands-on experience with EDR/XDR technologies such as Microsoft Defender, CrowdStrike, SentinelOne, or Carbon Black. Strong knowledge of networking fundamentals (TCP/IP, DNS, HTTP/S, Firewalls, VPNs, Proxy technologies). Experience analyzing telemetry from Windows, Linux, identity, endpoint, and network sources. Strong analytical mindset with the ability to clearly communicate findings, impact, and risk. Responsibilities: Conduct proactive threat hunting activities across log, endpoint, and network telemetry to identify suspicious, stealthy, or previously unknown threats. Develop and execute hunt hypotheses aligned to MITRE ATT&CK TTPs, adversary behaviours, and emerging threat intelligence. Write, refine, and optimise SIEM queries using KQL, SPL, Elastic/ESQL, and Kibana Query Language. Perform IOC analysis, enrichment, and validation, integrating internal and external threat intelligence sources. Lead investigations from initial detection through scoping, root cause analysis, and impact assessment. Support incident management and incident response activities, including containment, remediation, escalation, and lessons learned. Collaborate closely with SOC teams, incident responders, red teams, and purple teams to validate detections and improve defensive coverage. Contribute to detection logic improvements, use-case development, and continuous enhancement of hunting methodologies. Produce clear investigation write-ups, timelines, and recommendations for technical and non-technical stakeholders. Technologies: HTTP Support Kibana Linux Network Security Splunk TCP/IP Windows More: We are seeking a Cyber Threat Detection Analyst to join our advanced cyber defence team located in Wokingham, Berkshire. This position offers a competitive salary dependent on experience, along with excellent benefits and training. In this role, you will focus on proactive threat hunting, adversary behaviour analysis, and high-fidelity threat detection in enterprise environments. We value candidates with strong analytical skills and a passion for thinking like an attacker while collaborating with various teams to enhance our cyber defence capabilities. last updated 17 week of 2026