79 Security Operations jobs in London

An opportunity to play your part

- Are you ready to be a key player in Centrica's cyber world? As a Global Security Operations Centre Analyst, you'll play a pivotal role in safeguarding our organisation's digital fortress. Your mission: monitor, detect, and respond to security incidents with lightning speed, while crafting and implementing top-notch security measures to protect our systems and data. You'll collaborate closely with our cyber defence squads, ensuring we stay one step ahead of threats and continuously enhance our security landscape. If you're passionate about cybersecurity and eager to make a real impact, this is the adventure you've been waiting for!nLocation : UK, Windsor (talk to us about flexible working)

The day to day:nMonitor security alerts from various sources like SIEM, EDR, and other tools.nInvestigate and respond to security incidents, ensuring effective containment, remediation, and recovery while considering business requirements.nFollow defined incident response processes and escalate to the Cyber Security Incident Response team when necessary.nDevelop and fine-tune detection rules, create and maintain detection playbooks, and collaborate with threat intelligence to identify new detection opportunities.nUse automation tools and scripting languages (e.g., Python, PowerShell) to streamline repetitive tasks and boost efficiency.nProactively hunt for potential threats within the environment, leveraging threat intelligence and advanced analytics to identify and mitigate risks.nWork closely with other cyber defence teams, including Intelligence, Vulnerability Management, Threat Hunting, and Purple Teams. Effectively communicate findings and recommendations to various stakeholders.nUtilise your technical expertise to analyse telemetry related to incidents and identify appropriate investigation pathways.nIdentify techniques used by attackers and support investigations with relevant intelligence.nRecord actions within an incident in a coherent and concise manner, ensuring all relevant data is secured and presented in the incident record.nAbout YounHands-on experience in a Security Operations Centre (SOC).nDeep understanding of incident response processes and the Cyber Kill Chain.nProficient with Microsoft Azure and AWS cloud technologies.nRelevant certifications such as Microsoft SC-200, AWS Certified Cloud Practitioner, Microsoft AZ-900, GIAC Certified Forensic Analyst (GCFA), and GIAC Certified Incident Handler (GCIH).nSkilled in network and application protocols, and familiar with Windows, Linux, and macOS operating systems and their artifacts.nExperience with security tools and technologies, including EDR solutions, SOAR platforms, and advanced SIEM capabilities.nPreferred experience in scripting or programming languages.nPreferred experience dealing with incidents in various environments, including OT and ICS technologies.nPreferred experience working with wider Cyber Defence teams, such as Intelligence, Vulnerability Management, Threat Hunting, and Purple Teams.nUnderstanding of cyber security legislation and experience with information risk and security-related best practices, policies, standards, and regulations.nWhat's in it for you?nEnjoy a generous market salary, along with fantastic growth opportunities and a vibrant work environment!nPower up your pay with a 15% Employee Energy Allowance, surpassing the government's price cap!nSecure your future with our comprehensive pension plan, designed for peace of mind.nElevate your health with our fully-funded company healthcare plan, prioritizing your well-being.nRecharge with a generous 25-day holiday allowance, plus public holidays, and even purchase up to 5 extra days for extended relaxation!nExperience unparalleled work-life balance with an exceptional selection of flexible benefits, from tech treats and eco-friendly car leases to travel insurance for your adventures!

TPBN1_UKTJn

**Minimum qualifications:**
+ Bachelor's degree or equivalent practical experience.
+ Certification in Certified Ethical Hacker (CEH), Global Information Assurance Certification (GIAC) or Computing Technology Industry Association Security+ (CompTIA Sec+).
+ 2 years of experience in similar SOC related roles, explicitly in responding to and actioning on security incidents.
+ Experience in technical troubleshooting and writing code in one or more programming languages.
+ Eligibility to obtain UK Developed Vetting (DV) security clearance; British Citizenship is required for this role.
**Preferred qualifications:**
+ Certifications in Security+ or similar Cyber Security/Incident Response.
+ Experience responding to security incidents on Kubernetes.
+ Experience analyzing, triaging, and remediating common information security incidents.
+ Understanding of common attacker tactics, tools, and techniques.
+ Excellent problem-solving and investigative skills.
+ Current and active UK Developed Vetting (DV) Security Clearance.
The UK Security Operations (SecOps) team in Google Public Sector delivers, operates and secures private cloud services. We aim to provide the flexibility, reliability, and scalability of public cloud for customers with exceptionally high security requirements that can only be met in a private cloud environment. We deliver and operate these private cloud deployments for the most critical customers, helping scale, secure and maintain the deployment whilst working closely with Google product teams to continually improve our technology.
Security Operations plays a critical role in safeguarding Google's public sector customers by proactively monitoring, detecting, and investigating security incidents around the clock. Operating 24/7, the team ensures comprehensive coverage of environments and swiftly responds to suspicious activity. In this role, you will respond to escalated security incidents and proactively enhance the Security Operations Center (SOC) by building platform efficiencies, conducting threat hunting, and participating in purple team events. You will participate in a rotating on-call schedule outside of core business hours and over the weekend to ensure security incidents can be swiftly resolved.
**Responsibilities:**
+ Respond to security incidents escalated from the front line 24/7 team.
+ Build and develop security efficiencies on the platform to improve the overall security operations center (SOC).
+ Conduct threat hunting activities on the platform and participate in purple team events.
+ Review and develop security operations center dashboards for anomalous activity.
+ Be a subject matter expert (SME) across typical security disciplines, vulnerability, Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM) etc.
Google is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. See also and If you have a need that requires accommodation, please let us know by completing our Accommodations for Applicants form:

About the Role:
Pearson is looking for an experienced Security Operations Center (SOC) analyst. This role is responsible for performing day-to-day security operations, continuous process improvement, detection engineering and project work related to SOC functions.
Responsibilities:
+ Identify, triage and contain security events, using automation and AI capabilities to reduce mean time to containment.
+ Perform in-depth investigation into the underlying root cause of issues.
+ Identify new detection opportunities and refine existing playbooks.
+ Implement and improve security processes and procedures within the SOC.
+ Ability and willingness to engage in a collaborative and high-performing team environment.
+ Maintain awareness and understanding of the current threat landscape. Analyze threat intelligence with an aim to mitigate emerging risks.
Qualifications:
+ Hands on experience and understanding of fundamental security concepts, SOAR, EDR, NDR and SIEM technologies.
+ Hands on experience with one or more Cloud Service Providers (AWS, Azure, GCP, etc).
+ Demonstrate the ability to multitask, adapt and thrive within a fast-paced environment.
+ Have excellent communication skills and stakeholder management.
+ SANS GCIH certification or equivalent.
+ +4 years' experience working in a Security Operations role.
**Who we are:**
At Pearson, our purpose is simple: to help people realize the life they imagine through learning. We believe that every learning opportunity is a chance for a personal breakthrough. We are the world's lifelong learning company. For us, learning isn't just what we do. It's who we are. To learn more: We are Pearson.
Pearson is an Equal Opportunity Employer and a member of E-Verify. Employment decisions are based on qualifications, merit and business need. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, sexual orientation, gender identity, gender expression, age, national origin, protected veteran status, disability status or any other group protected by law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.
If you are an individual with a disability and are unable or limited in your ability to use or access our career site as a result of your disability, you may request reasonable accommodations by emailing
**Job:** Security
**Job Family:** TECHNOLOGY
**Organization:** Corporate Strategy & Technology
**Schedule:** FULL_TIME
**Workplace Type:**
**Req ID:** 20801

In this role you will lead the charge in securing and scaling our infrastructure and CI/CD pipelines for regulated clinical software. Working cross-functionally with engineering, QA, product, and regulatory teams, you’ll design, implement, and monitor secure, traceable DevOps workflows. You enable rapid, compliant delivery of Software as a Medical Device (SaMD) products.

Please note: this role requires in office presence for 3 days a week . Our office is in Farringdon, London. If you can't commit to this, please don't apply.


Responsibilities

• Own SecOps across our stack by managing secure AWS infrastructure, CI/CD pipelines, and developer environments using least-privilege and zero-trust principles.
• Integrate automated security scans (Snyk, Docker, IaC) into all stages of the SDLC.
• Design, implement, and maintain AWS infrastructure as code using Terraform and Ansible
• Deliver threat models and drive remediations across cloud services (EC2, S3, RDS, etc.).
• Build Docker-first workflows with image scanning, tagging, and artifact management.
• Write and own SOPs for secure deployment and incident response aligned to ISO 27001 and IEC 62304.
• Extend observability through CloudWatch/ELK stack dashboards, anomaly detection, and alerting for security and performance monitoring.
• Support Transformation team by resolving any security queries that clients might have in their onboarding & deployment
  

What success looks like:
3 months

• Complete access audits and enforce secure MFA + least-privilege access across AWS, Bitbucket, and key tools
• Identify and remediate top 5 security risks in CI/CD pipelines and cloud architecture
• Fully integrate Snyk into all pipelines with automated alerts and reporting

6 months

• Mature pipelines to support automated tests, security gates, and gated deploys across all services

12 months

• Implement full-stack observability with anomaly alerts and dashboards for security and reliability using the ELK stack

Requirements

Have deep expertise in:

• Cloud Infrastructure (AWS): EC2, S3, RDS, IAM, VPC, CloudWatch, CloudTrail, Lambda, SQS/SNS
• CI/CD Pipelines: Bitbucket Pipelines (or similar), multi-stage pipeline management, gated deployments
• Security Operations: Snyk, IAM policies, threat modeling, zero-trust access, MFA, secrets management
• Implementing and automating compliance requirements (IEC 62304, ISO 27001, HIPAA, MDR)
• Delivering secure software pipelines for Node.js, React, and Docker-based services
• Writing secure deployment ansible playbooks and participating in internal audits or regulatory submissions
• Production workloads supported by Terraform and ansible, hosted on AWS
• Strong networking knowledge, including VPCs, subnets, routing tables, security groups, and NACLs, route53, load balancers

Behaviours required:

• Takes ownership: full accountability for infra, tooling, and controls; sees it through to completion.
• Bias for automation: believes manual work should be temporary, builds repeatable pipelines and workflows.
• Detail obsessed: doesn't miss the small stuff. Every commit, config, and policy matters in regulated software.
• Clear communicator: explains risks, trade-offs, and technical plans to both engineers and non-tech stakeholders.
• Collaborative & pragmatic: works well across disciplines and adapts to real-world constraints.

Benefits

Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities. BCG was the pioneer in business strategy when it was founded in 1963. Today, we help clients with total transformation—inspiring complex change, enabling organizations to grow, building competitive advantage, and driving bottom-line impact.nTo succeed, organizations must blend digital and human capabilities. Our diverse, global teams bring deep industry and functional expertise and a range of perspectives to spark change. BCG delivers solutions through leading-edge management consulting along with technology and design, corporate and digital ventures—and business purpose. We work in a uniquely collaborative model across the firm and throughout all levels of the client organization, generating results that allow our clients to thrive.nWhat You'll Do

Security Continuous Monitoring Oversight

Establish and lead BCG’s first enterprise-wide Cybersecurity Continuous Monitoring (CSCM) program, ensuring continuous visibility into system, endpoint, network, and cloud activity.nDefine and implement governance models, including ownership of monitoring metrics (e.g., MTTD, MTTR, false positive rate, coverage completeness).nStand up monitoring processes and integrate telemetry sources across SIEM, EDR, identity, network, and cloud platforms.nEnsure monitoring outputs are actionable, enriching detection and response activities and informing risk and compliance stakeholders.nTechnical Architecture & Integration

Design and implement a continuous monitoring reference architecture, leveraging SIEM, SOAR, UEBA, and threat intelligence.nEstablish enterprise logging standards covering log coverage, retention, encryption, access, and integrity requirements.nDrive automation of monitoring workflows and correlation logic to reduce dwell time and improve detection accuracy.nCollaborate with threat intelligence teams to ensure real-time enrichment of event data and alignment with MITRE ATT&CK adversary tactics.nProgram & Capability Development

Build the CCM capability from the ground up, defining the operating model, reporting cadence, and engagement with SOC, risk, and compliance.nDevelop and track KPIs, ensuring CCM effectiveness is measurable and communicated to senior stakeholders.nPrioritize creation of top 5–10 operational dashboards and reports that provide critical enterprise visibility.nMature the function from initial operational capability (M1) toward advanced maturity, embedding continuous improvement cycles.nStrategic Leadership

Serve as the founding leader for the CCM function, creating the strategy, roadmap, and tactical build plan.nPartner with enterprise stakeholders across IT, Risk, and Security to align monitoring with business risk tolerance and resilience objectives.nInfluence senior leaders by translating technical telemetry insights into business-relevant intelligence.nBuild, inspire, and retain a high-performing team of analysts and engineers over time, leveraging both full-time staff and contractors.nAdvise senior leadership (via SecOPS) on monitoring-driven insights, risks, and mitigation recommendations.nWhat You'll Bring

Bachelor’s degree (or equivalent). Master’s preferred.n10+ years in cybersecurity operations, with at least 5 years in security monitoring, SOC leadership, or equivalent detection & response functions.nProven track record of building or maturing monitoring capabilities (SIEM, SOAR, telemetry pipelines, UEBA, threat intel integration).nKnowledge of log ingestion, normalization, correlation, and enrichment processes.nFamiliarity with leading monitoring technologies: Splunk, DataDog, Microsoft Defender, CrowdStrike Falcon, Azure/AWS/GCP telemetry, threat intelligence platforms.nExpertise in metrics-driven monitoring: defining, tracking, and reporting MTTD, MTTR, false positive rates, and coverage completeness.nFamiliarity with frameworks like NIST CSF, MITRE ATT&CK, and ISO 27001, with experience applying these to monitoring.nExperience in threat hunting, anomaly detection, and behavioral analytics.nStrong leadership skills: able to recruit, mentor, and develop a high-performing team in a newly established function.nExecutive presence: able to present complex monitoring data and risks to senior leadership in clear, concise business terms.nAdditional info

COMPETENCIES: Director, Cybersecurity Continuous MonitoringnLeads a critical security function with measurable business impact. Establishes foundational capabilities, manages delivery, and develops a growing team to support BCG’s enterprise security posture.nTechnical & Functional ExpertisenDevelops and executes the continuous monitoring strategy, aligned to enterprise security goals and SecOPS direction.nDemonstrates deep technical expertise in telemetry ingestion, SIEM/SOAR integration, log management, and threat intelligence enrichment.nServes as a recognized expert in monitoring and detection, providing guidance to peers and influencing related security domains.nCodifies monitoring practices and standards into repeatable processes and playbooks, reducing reliance on ad hoc approaches.nEvaluates and pilots emerging monitoring technologies; ensures adoption of digital tools to scale efficiency and coverage.nProblem Solving & InsightnFrames monitoring and detection challenges in business-relevant terms (risk, resilience, compliance).nUses data-driven methods (metrics such as MTTD, MTTR, false positives) to identify control gaps and inform improvements.nTranslates complex monitoring outputs into actionable insights for stakeholders across IT, Risk, and Security.nInnovates in detection methodologies, leveraging behavioral analytics, anomaly detection, and adversary simulations.nActs as a problem-solver during incidents, ensuring monitoring outputs guide rapid containment and response.nEffectiveness & Value CreationnLeads the build-out of the CCM function from the ground up, establishing governance, processes, and reporting.nStructures, plans, and executes monitoring programs and initiatives, balancing near-term needs with long-term maturity goals.nDelivers measurable outcomes (visibility, faster detection, reduced dwell time) that directly enhance business resilience.nProactively manages resources, balancing full-time staff and contractors to deliver capability within deadlines.nPrioritizes actions with the highest impact on reducing enterprise cyber risk.nRole ModelnOperates with integrity, safeguarding BCG and client data through responsible monitoring practices.nPromotes a culture of transparency, accountability, and data-driven decision-making in the team.nDemonstrates perseverance and adaptability in building a new function with high visibility and expectations.nCreates an inclusive working environment that values diverse technical and analytical perspectives.nLeads by example, modeling sustainable workload practices even under incident-driven pressure.nCommunication, Presence & InfluencenDevelops and delivers clear dashboards, reports, and executive communications on monitoring outputs.nShapes perspectives by translating technical monitoring metrics into risk- and business-relevant insights.nCommunicates effectively across technical and non-technical audiences, ensuring alignment with IT and business leaders.nLeads conversations in operational reviews, incident post-mortems, and governance forums.nEncourages open dialogue within the team, and fosters credibility with cross-functional partners.nTeaming & CollaborationnBuilds strong partnerships with SOC, Offensive Security, IT Operations, and Security Architecture teams.nDevelops productive relationships across regions and business units to expand telemetry coverage.nWorks collaboratively with compliance, risk, and audit to align monitoring with enterprise governance.nAnticipates and manages conflicts in data ownership, tool coverage, and priorities, resolving them constructively.nPromotes knowledge-sharing across security teams, reducing silos and strengthening collective defense.nPeople Development & LeadershipnDefines the vision and purpose of the CCM function, instilling clarity and purpose for the team.nCoaches and mentors analysts, engineers, and contractors to expand monitoring expertise.nProvides stretch opportunities for team members to develop technical and leadership skills.nBalances empowerment and oversight — ensuring autonomy in monitoring activities while maintaining governance discipline.nLeads quality team meetings, defines clear objectives, and ensures alignment to SecOPS priorities.nProvides frequent developmental feedback, fostering a culture of continuous learning and improvement.nBoston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, disability, protected veteran status, or any other characteristic protected under national, provincial, or local law, where applicable, and those with criminal histories will be considered in a manner consistent with applicable state and local laws. BCG is an E - Verify Employer.

#J-18808-Ljbffrn

**Minimum qualifications:**
+ Bachelor's degree or equivalent practical experience.
+ 5 years of experience in cybersecurity, with an offensive security (e.g., Red Teaming, Penetration Testing, or Adversary Simulation) or threat modeling.
+ Experience in a Security Operations Centre (SOC) or similar environment, with modern threat landscapes and attack techniques.
+ Experience in technical troubleshooting and writing code in one or more programming languages.
+ Experience in threat modeling methodologies (e.g., STRIDE, PASTA, or attack trees) and secure system design principles.
+ Eligibility to obtain UK Developed Vetting (DV) security clearance; British Citizenship is required for this role.
**Preferred qualifications:**
+ Certifications in OSCE3, CRTP/CRTE, GIAC GCSA/Kubernetes-related, OSCP, OSCE, CRTO, CISSP, or GIAC (e.g., GPEN, GCTI, GWAPT).
+ Experience designing or executing Purple Team exercises, combining offensive tactics with defensive feedback to drive continuous improvement.
+ Experience with Kubernetes security, including secure cluster configuration, workload hardening, and threat detection in containerised environments.
+ Experience in building or maturing security culture initiatives, including awareness programs, gamified training, or executive engagement.
+ Experience with security testing tools and frameworks (e.g., MITRE ATT&CK, Cobalt Strike, Metasploit, Burp Suite, or similar).
The UK Security Operations (SecOps) team in Google Public Sector delivers, operates and secures private cloud services. We aim to provide the flexibility, reliability, and scalability of public cloud for customers with exceptionally high security requirements that can only be met in a private cloud environment. We deliver and operate these private cloud deployments for the most critical customers, helping scale, secure and maintain the deployment whilst working closely with Google product teams to continually improve our technology.
As the Proactive Security Lead, you will drive key proactive security initiatives within the Security Operations Center (SOC). You will facilitate comprehensive threat modeling sessions to identify potential vulnerabilities and support the development of effective mitigation strategies. Beyond technical leadership, you will robust security culture across Google Public Sector UK, promoting best practices and awareness at all levels.
**Responsibilities:**
+ Lead Red and Purple Team exercises across the platform, identifying weaknesses and translating findings into actionable improvements.
+ Drive proactive security programs within the Security Operations Centre (SOC) to enhance overall security posture.
+ Facilitate comprehensive threat modeling sessions, identifying potential vulnerabilities and supporting mitigation strategy development.
+ Translate technical security findings into actionable recommendations for relevant stakeholders across the organisation.
+ Advocate a strong security culture across Google Public Sector UK, promoting security awareness and best practices.
Google is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. See also and If you have a need that requires accommodation, please let us know by completing our Accommodations for Applicants form:

**Minimum qualifications:**
+ Bachelor's degree or equivalent experience.
+ Industry-recognized security certifications such as CISSP, CCSP, or relevant cloud-specific security credentials.
+ 5 years of experience in designing and securing multi-cloud environments, including IaaS, PaaS, and SaaS.
+ Experience with IaC tools and automating security controls and processes.
+ Eligibility to obtain UK Developed Vetting (DV) security clearance; British Citizenship is required for this role.
**Preferred qualifications:**
+ Experience leading comprehensive threat modeling exercises and conducting detailed risk assessments to identify and prioritize security vulnerabilities across the platform.
+ Experience securing modern cloud-native architectures, including containerization technologies (e.g., Kubernetes, Docker) and serverless computing.
+ Demonstrated ability to define secure architectural patterns and integrate security practices across the entire software development lifecycle (DevSecOps).
+ Demonstrated ability to articulate complex security concepts to technical and non-technical stakeholders, fostering a collaborative security culture.
+ Proficiency in evaluating, integrating, and optimizing a wide range of security tools and technologies, such as SIEM, WAF, DLP, and CSPM solutions.
The UK Security Operations (SecOps) team in Google Public Sector delivers, operates and secures private cloud services. We aim to provide the flexibility, reliability, and scalability of public cloud for customers with exceptionally high security requirements that can only be met in a private cloud environment. We deliver and operate these private cloud deployments for the most critical customers, helping scale, secure and maintain the deployment whilst working closely with Google product teams to continually improve our technology.
This role is pivotal for proactively securing our platform and applications for Google's public sector customers, moving beyond reactive measures to embed security by design. You'll be responsible for developing and implementing comprehensive security architectures across cloud environments and software solutions. This involves defining secure patterns, standards, and best practices that ensure our infrastructure, applications, and data are resilient against evolving threats. You'll provide architectural leadership for new initiatives, conducting thorough security reviews, and identifying strategic improvements to existing systems. Your work will focus on automating security controls, integrating security into the full development lifecycle (DevSecOps), and ensuring holistic platform compliance with relevant industry standards and regulations.
**Responsibilities:**
+ Architect and implement security solutions for cloud platforms, ensuring secure configurations and compliance.
+ Drive security automation and integrate security practices into CI/CD pipelines (DevSecOps).
+ Identify, assess, and mitigate cloud security risks, and support incident response.
+ Maintain adherence to security standards and conduct regular cloud security audits.
+ Provide expert guidance on cloud security best practices and foster a security-aware culture.
Google is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. See also and If you have a need that requires accommodation, please let us know by completing our Accommodations for Applicants form:

Role: Threat Intelligence Consultant

Location: Manchester/London/Cheltenham (Hybrid)

Thanks for checking out our job opening; we are excited that YOU are interested in learning more about NCC Group.

We are on a mission to make society a safer and more secure place. Our people are the ones who make that possible; a global community of talented individuals working together towards a safer future.

We aim to create an environment where everyone can reach their full potential. We work together, we are brilliantly creative, we embrace difference and we want you to join in our mission, to make the world safer and more secure.

Take a look at our website here to learn more about why we’re one of the leading global Cyber Security and Risk Mitigation business…

The Opportunity:

You will be acting as a team member within the Operational Threat Intelligence team, reporting to the Operational Threat Intelligence Manager, and supported by the Operational TI Team Leads. This role involves analysis of cyber threats, the development of actionable intelligence, and collaboration with various teams. Your support to the wider organisation will be critical in the development of NCC Group’s Threat Intelligence capabilities and the broader service we offer.

Key Accountabilities:

Threat Intelligence collection and analysis : Make use of OSINT and other intelligence sources to collect and then conduct in-depth analysis of cyber threats, including malware, vulnerabilities, and TTPs (Tactics, Techniques, and Procedures). Monitor and analyse emerging threats, industry trends, and geopolitical events to provide timely and relevant intelligence.

Online Exposure Monitoring Service : Support the delivery of the OXM service, conducting triage of alerts and dark web mentions, respond to client queries and support onboarding and profile review sessions with clients.

Intelligence Reporting : Generate comprehensive and actionable intelligence reports for both technical and non-technical stakeholders. Communicate complex technical information in a clear and concise manner to enable informed decision-making.

Collaboration and Information Sharing : Collaborate with internal teams to share threat intelligence. Participate in information-sharing communities to stay abreast of the latest threat landscape.

Use of TI Tools : Make use of threat intelligence platforms and tools to enhance analysis efficiency.

Qualifications and Skills:

• Have a Bachelor’s Degree in Computer Science, Cyber Security, or other suitable subject that is applicable to the role
• Hold CRTIA or be willing to work towards it
• Have an analytical mindset with a keen attention to detail.
• Ability to work effectively under pressure and prioritize tasks in a dynamic environment.
• Continuous learning and adaptability to stay ahead of evolving cyber threats.
• Strong interpersonal skills and the ability to work collaboratively in a cross-functional team.
• Have excellent communications skills, both in terms of written and verbally delivered work.
• Good understanding of cyber threat landscapes, attack vectors, and mitigation strategies.
• Previous experience as a threat intelligence analyst or similar position.
• Knowledge of networking protocols, including TCP/IP, Domain Name System (DNS), subdomains
• Have experience with Threat Intelligence Platforms e.g. MISP

Behaviours:

• Focusing on Clients and Customers: Prioritise customer needs and build strong relationships.
• Working as One NCC: Collaborate effectively with colleagues across the organisation.
• Always Learning: Embrace continuous learning and development.
• Being Inclusive and Respectful: Foster a positive and inclusive work environment.
• Delivering Brilliantly: Strive for excellence in all that you do.

What we offer in return:

• Flexible Working: Balance your work and personal life with our flexible working options.
• Generous Holiday Allowance: Enjoy 25 days of holiday, plus bank holidays, with the option to buy up to 5 additional days of annual leave.

Role: Threat Intelligence Consultant Location: Manchester/London/Cheltenham (Hybrid) Thanks for checking out our job opening; we are excited that YOU are interested in learning more about NCC Group. We are on a mission to make society a safer and more secure place. Our people are the ones who make that possible; a global community of talented individuals working together towards a safer future. We aim to create an environment where everyone can reach their full potential. We work together, we are brilliantly creative, we embrace difference and we want you to join in our mission, to make the world safer and more secure. Take a look at our website here to learn more about why we’re one of the leading global Cyber Security and Risk Mitigation business… The Opportunity: You will be acting as a team member within the Operational Threat Intelligence team, reporting to the Operational Threat Intelligence Manager, and supported by the Operational TI Team Leads. This role involves analysis of cyber threats, the development of actionable intelligence, and collaboration with various teams. Your support to the wider organisation will be critical in the development of NCC Group’s Threat Intelligence capabilities and the broader service we offer. Key Accountabilities: Threat Intelligence collection and analysis : Make use of OSINT and other intelligence sources to collect and then conduct in-depth analysis of cyber threats, including malware, vulnerabilities, and TTPs (Tactics, Techniques, and Procedures). Monitor and analyse emerging threats, industry trends, and geopolitical events to provide timely and relevant intelligence. Online Exposure Monitoring Service : Support the delivery of the OXM service, conducting triage of alerts and dark web mentions, respond to client queries and support onboarding and profile review sessions with clients. Intelligence Reporting : Generate comprehensive and actionable intelligence reports for both technical and non-technical stakeholders. Communicate complex technical information in a clear and concise manner to enable informed decision-making. Collaboration and Information Sharing : Collaborate with internal teams to share threat intelligence. Participate in information-sharing communities to stay abreast of the latest threat landscape. Use of TI Tools : Make use of threat intelligence platforms and tools to enhance analysis efficiency. Qualifications and Skills: Have a Bachelor’s Degree in Computer Science, Cyber Security, or other suitable subject that is applicable to the role Hold CRTIA or be willing to work towards it Have an analytical mindset with a keen attention to detail. Ability to work effectively under pressure and prioritize tasks in a dynamic environment. Continuous learning and adaptability to stay ahead of evolving cyber threats. Strong interpersonal skills and the ability to work collaboratively in a cross-functional team. Have excellent communications skills, both in terms of written and verbally delivered work. Good understanding of cyber threat landscapes, attack vectors, and mitigation strategies. Previous experience as a threat intelligence analyst or similar position. Knowledge of networking protocols, including TCP/IP, Domain Name System (DNS), subdomains Have experience with Threat Intelligence Platforms e.g. MISP Behaviours: Focusing on Clients and Customers: Prioritise customer needs and build strong relationships. Working as One NCC: Collaborate effectively with colleagues across the organisation. Always Learning: Embrace continuous learning and development. Being Inclusive and Respectful: Foster a positive and inclusive work environment. Delivering Brilliantly: Strive for excellence in all that you do. What we offer in return: Flexible Working: Balance your work and personal life with our flexible working options. Generous Holiday Allowance: Enjoy 25 days of holiday, plus bank holidays, with the option to buy up to 5 additional days of annual leave. Medicash & Critical Illness Scheme Financial & Investment Benefits: Enjoy peace of mind with our Pension, Life Assurance, and Share Save Scheme. Community & Volunteering Programmes: Make a difference in your community with our volunteering opportunities. Green Car Scheme: Drive green and save money with our eco-friendly car scheme. Cycle Scheme: Stay fit and healthy with our cycle-to-work scheme. Special Time Off: Take time off for those big moments in life, like getting married/entering into a civil partnership, becoming a grandparent, and welcoming home a new pet. Family Planning: Benefit from our generous maternity and paternity leave, as well as time off and support for those undergoing fertility treatments. About NCC Group The NCC Group family has over 2,200 members located all around the world, providing a trusted advisory service to 15,000 customers. Born in the UK, we have now have offices in North America, Canada, Europe, Asia- Pacific and United Arab Emirates. We are passionate about helping our customers to protect their brand, value and reputation against the ever-evolving threat landscape. We fuel that passion with investment in our people and our business. Our values and code of ethics are at the heart of how we operate – we work together, we are brilliantly creative and we embrace difference. We treat everyone and everything with equal respect. We want to create an environment where all colleagues feel psychologically, emotionally and physically safe to be authentic, sharing their personal experiences to represent the diversity of the world they live in, and have equal opportunity to achieve their best. About your application We review every application received and will get in touch if your skills and experience match what we’re looking for. If you don’t hear back from us within 10 days, please don’t be too disappointed – we may keep your CV on our database for any future vacancies and we would encourage you to keep an eye on our career opportunities as there may be other suitable roles. If you do not want us to retain your details, please email All personal data is held in accordance with the NCC Group Privacy Policy. We are committed to diversity and flexibility in the workplace. If you require any reasonable adjustments to support you during the application process, please tell us at any stage. Please note that this role involves mandatory pre-employment background checks due to the nature of the work NCC Group does. To apply, you must be willing and able to undergo the vetting process. This role being advertised will be subject to BS7858 screening as a mandatory requirement.