Threat Modelling Consultant

Rate – £550 per day Inside IR35

Location – London twice a week on site

Duration – 6 months initial

We are looking to recruit an experienced Threat Modelling Consultant to design and implement comprehensive threat models for 90-100 diverse applications. You will evaluate application-generated logs, develop threat detection strategies and report findings to the Information Security team. This role requires deep expertise in Microsoft Azure security tools, log analytics and automation to enhance the customer’s application anomaly detection capabilities.

Key Responsibilities:

• Develop detailed threat models tailored for a large portfolio of applications with varying threat categories
• Analyse logs generated by applications using Azure Log Analytics and Azure Sentinel to identify anomalies and potential threats
• Design, build and maintain KQL queries
• Implement automated alerting and reporting workflows through Azure Logic Apps with Azure Sentinel
• Collaborate with the Information Security team to ensure actionable insights and timely incident escalation
• Refine and tune threat detection models aligned with client needs
• Provide technical documentation and training as needed to internal teams and stakeholders

Required Skills and Qualifications:

• Proven experience in threat modelling for complex and diverse application environments
• Strong expertise in Azure Sentinel, including configuration, customisation and automation
• Azure Log Analytics, log ingestion and data analysis
• Kusto Query Language (KQL)
• Azure Logic Apps
• Understanding of application security principles, common threat categories and attack vectors.
• Excellent communication skills to document findings and present complex technical information clearly.

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.

Cyber Software Engineer – SC – Perm

• Location(s): Gloucester, Woking and Manchester
• Type: Hybrid
• Salary: £40,000 – £70,000
• Clearance: Must hold an active SC Clearance
• Must be eligible for further clearances (DV)
• Must be a sole british national

Job Description:

The successful applicant will join teams working at the forefront of AI/DS, Cyber, Cloud, DevOps/SRE and Platform Engineering. With long‑term programmes secured across the latest frameworks, this position offers the chance to be part of an exciting growth journey with significant technical depth and variety.

As a Cyber Software Engineer, the successful applicant will contribute to the research, design and development of critical systems in support of National Security missions. They will apply secure coding practices, maintain high standards of software quality and work closely with operating systems at a low level.

Key Requirements

* Strong experience with C or C++
* Familiarity with Python
* Comfortable working with Linux or Windows operating systems
* Knowledge of version control tools and experience in agile delivery environments
* An interest in the Cyber domain
* Understanding of common software design and testing patterns
* Ability to build systems and support continuous integration pipelines

Clearance

Due to the nature of the work, applicants must be eligible to obtain DV clearance. This requires being a British Citizen and having lived in the UK for the past 10 years.

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.

Senior Security Engineer

Rate – £450 – £525 Inside IR35

Location – Bristol (twice a week on site)

Duration – 6 months initial

We are looking for an experienced Senior Security Engineer to join a growing cyber security team, helping to strengthen security controls, monitoring and threat detection capabilities across the organisation’s technology estate.

This role will play a key part in the operation and improvement of core security platforms, working closely with security operations, engineering and infrastructure teams to detect threats, improve visibility and enhance the overall security posture.

Key Responsibilities:

• Implement, configure and optimise core security tooling across the environment
• Enhance threat detection, monitoring and response capabilities
• Investigate security alerts and support incident response activities
• Improve integration and automation between security platforms
• Support vulnerability management and remediation processes
• Provide technical guidance on security controls across infrastructure and cloud environments
• Work closely with wider technology teams to embed security best practices

Key Technology:

• Microsoft Defender for Endpoint
• Microsoft Sentinel
• Claroty Platform
• Tenable Vulnerability Management
• Microsoft Purview

Required Experience:

• Strong experience working in a Security Engineering
• Hands-on experience with Microsoft security tooling, particularly Defender and Sentinel
• Experience with vulnerability management platforms such as Tenable
• Knowledge of OT / ICS security platforms such as Claroty is beneficial
• Experience supporting security monitoring, detection engineering and incident response
• Strong understanding of enterprise infrastructure and cloud security

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.

3x Senior SOC Analyst

• Hemel Hempstead
• Shift work 6am to 6pm / 6pm to 6 am – 2 days on 2 nights on 4 days off
• £400 – £550 per day
• 6 months with likely hood of extension
• Active SC

Role Overview

As a Senior Security Operations Centre (SOC) Analyst you will support the ongoing maturity of SOC and help deliver an efficient and effective service to our wide range of clients. The primary role will be to conduct monitoring and triage of alerts associated with host and network security events for our client’s critical infrastructure.

You will support the SOC through both delivery of client work and adding skills and ideas to the already diverse team.

Apply your expertise and make a significant impact on our long-term success as well as this being is an opportunity to work at the front line of cyber security delivering value to our customer base.

Key Responsibilities

• Monitor, triage, and investigate security incidents on critical client infrastructure.
• Perform in-depth analysis of network traffic, logs, and system events to identify potential security threats and vulnerability
• Provide Incident Response support when required, providing guidance on containment, eradication and recovery activities.
• Maintain and, where appropriate, improve and develop team knowledge of SOC tools, security operations and triage.
• Prepare reports for managed clients to both technical and non-technical audiences and continuously improve their content and presentation.
• Analyse and improve detection rules and use cases in line with Mitre Att&ck and threat-informed defence.
• Work as part of a team to ensure that corporate data and technology platform components are safeguarded from known threats.
• Maintain and update security incident documentation, including incident reports, analysis findings, and recommended mitigation strategies.
• Input into threat intelligence activities when required.
• Represent the SOC within Stakeholders meetings on occasion.
• Engage with the Cyber Security Community of Expertise

Essential Skills

• Proven experience in Security Operations Centre.
• Demonstrable experience of using Microsoft Sentinel and Splunk.
• Knowledge and experience with Mitre Att&ck Framework.
• Strong knowledge of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, and enterprise AntiVirus products.
• Strong understanding of networking principles including TCP/IP, WANs, LANs, and commonly used Internet protocols such as SMTP, HTTP, FTP, POP, LDAP
• Good project management skills, with the ability to balance multiple
  initiatives and priorities simultaneously.
• Strong influencing skills and ability to persuade others, with a broad understanding of all aspects of SOC services
• Strong analytical and problem-solving skills with the ability to assess complex situations, identify risks, and recommend effective solutions.
• Good communication skills, both written and verbal
• Work under general direction within clear framework of accountability and can exercise substantial personal responsibility and autonomy
• Cyber/information security qualification (e.g. CRT, CSTM, OSCP)

Desirable Skills

• Experience of;
  • Static malware analysis and reverse engineering
  • Programming and scripting such as Python, Perl, Bash, PowerShell, C++
  • CREST Practitioner Intrusion Analyst/Blue Teams Level 1 or other SOC related certifications.
  • Experience with SIEM technologies, namely Sentinel and Splunk, with some experience with Qradar appreciated

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.

SOC Analyst/Engineer

• IR35: Inside
• Location: Remote
• Rate: £400 – £450
• Clearance: SC Cleared (Active)

Sanderson G&D are seeking a SOC Analyst with a background in IT Engineering to join an existing project.

Key responsibilities

• Responsible for ensuring the effective and timely triage of all security alerts
• Responsible for maintaining and developing risk-led threat detection capabilities to quickly detect and respond to risky behaviors and event.
• Review and approve new Use Cases and Playbooks created by cybersecurity colleagues

Knowledge and experience

• 5 years or more experience in IT with a particular emphasis on infrastructure and security ideally in a SOC analyst role.
• Extensive and active knowledge and hands on experience of Microsoft Sentinel particularly, incident triage, setting up and maintaining analytical rules, using KQL to hunt across logs, logic apps experience. Creating queries and utilising workbooks
• Excellent understanding and experience of Microsoft Defender components.
• Good knowledge of Active Directory, Windows event logs, network logs and Azure audit logs, Office 365, Cloud Apps and DNS
• Excellent documentation skills particularly around creating and maintaining SOC playbooks.
• Previous experience with collecting and analysing forensic evidence from endpoints and cloud environments

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.

Security Architect – SC Cleared – Inside IR35

• Location: Milton Keynes
• 5 days on-site
• Rate: £550 – £641
  • Inside
• Clearance: SC
• Length Initial 6 months

Role:

• To advise and contribute to the ongoing low-level design and build process of the IT platforms, and the deployment of customer workloads
• To lead on the IT Security aspects when engaging with external stakeholders on cross domain connectivity and data sharing.
• To create/own Tier2 policies & procedures and drive forward implementation & culture change across multiple teams.
• To engage with other secure platforms and environments to align security policies and procedures.
• To assist with customer engagements including technical discovery, design and delivery.
• To act as a key technical interface with the Security Operations Centre and assist with the investigation and resolution of security incidents.

Skills and Experience:

• Strong working knowledge of IT risks, cyber security, and computer operating software
• Advanced understanding of security protocols, cryptography, and security
• Experience implementing multi-factor authentication
• Great communication and interpersonal skills
• Experience implementing security solutions
• Comfortable working on a team
• Understanding of ISO 27001

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.

Contract SOC Analyst / Consultant

Rate – £600 Inside IR35

Location – London (Three times a week on site)

Duration – 6 months

We’re looking for an experienced Contract SOC Analyst to support, uplift and mature an existing SOC function made up of four analysts. This role is ideal for someone who enjoys being hands-on while also leading by example, improving quality and taking pressure off the wider team. You will validate investigations, sense-checking responses and ensure recommendations made to the business are accurate, risk-based and actionable.

What you’ll be doing

• Reviewing, validating and supplementing analyst investigations and responses
• Ensuring alerts, incidents and recommendations are technically sound and business-appropriate
• Taking ownership of more complex or ambiguous security events
• Reducing operational load on the team by improving processes and decision-making
• Identifying opportunities for SOC automation and efficiency improvements
• Help develop analysts through knowledge-sharing, mentoring and guidance
• Acting as a trusted escalation point for SOC related security issues

What we’re looking for

• Strong experience working in a Security Operations Centre (SOC) environment
• Comfortable leading and uplifting a team, without being a formal people manager
• Proven ability to validate findings, challenge assumptions and improve investigation quality
• Experience improving or influencing SOC processes and automation
• Confident communicating risk and recommendations clearly to stakeholders

Tech stack experience

• CrowdStrike (EDR)
• Microsoft Defender
• Splunk or similar SIEM tools
• Qualys (vulnerability management)

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.

Security Architect – SC Cleared – Inside IR35

• Location: London – 1 day on-site
• Length: 12 Months
• Clearance: Active SC Clearance
• IR35: Inside
• Rate: £700 – £800
• Start Date: ASAP (Pending Clearance)

Sanderson G&D are seeking a Security Architect to join an exciting Cyber and Cloud Security programme in the Public Sector.

Essential Skills:

• Proven experience as a Security Architect Strong expertise in designing and implementing secure architectures across applications, platforms, and infrastructure.
• Solid understanding of security architecture patterns, zero trust principles, and Defence-in-depth strategies Experience designing security solutions in cloud environments (AWS, Azure, and/or GCP)
• Strong knowledge of identity and access management (IAM), authentication, authorization, and privileged access Experience with network security, encryption, key management, and secure connectivity Knowledge of application security principles, including secure APIs, data protection, and threat modelling Experience designing for security resilience.

Desirable Skills:

• Hands-on experience with cloud security services and tooling (e.g. AWS Security Hub, Azure Defender, Sentinel)
• Experience with container and Kubernetes security (image scanning, runtime protection, policy enforcement)
• Exposure to regulated or highly secure enterprise environments Security or architecture certifications (e.g. CISSP, CCSP, TOGAF, AWS/Azure Security Specialty) Familiarity with security monitoring, logging, SIEM, and observability tools
• Experience embedding security controls into DevOps and SRE practices

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.

Security Architect – SC Cleared – Outside IR35

• Location: London
• Length: Initial 6 Months
• Type: 1 day a week on-site
• Clearance: Active SC Clearance
• IR35: Outside
• Rate: £500 – £550
• Contingency: Must be able to start within 1-2 weeks

Sanderson G&D are seeking a Security Architect who will provide strategic cyber security advice and guidance to digital product teams, acting as a Close Support Partner to ensure Secure by Design principles are embedded throughout the product development lifecycle. The role focuses on assurance, architecture guidance, and risk-based decision support, enabling secure delivery without owning build or operations.

Key Responsibilities

• Attend regular project and design meetings to understand requirements and delivery milestones.
• Perform initial and iterative threat modelling for new features, integrations, and architectural changes.
• Advise on secure architecture design, including IAM, network segmentation, encryption, and data protection.
• Recommend and review security controls for cloud-native environments.
• Provide guidance on secure coding practices and advisory support for code reviews.
• Support incident response planning and vulnerability management during development.
• Review and advise on third-party integrations, ensuring appropriate technical and contractual safeguards.
• Provide assurance that Secure by Design principles are being consistently applied.

Essential Experience

• Proven experience as a Security Architect or senior cyber security consultant in digital delivery environments.
• Strong Secure by Design, threat modelling, and risk-based security expertise.
• Experience advising product teams in agile, cloud-based delivery contexts.
• Confident engaging with architects, developers, and delivery leads in an advisory capacity.

If you’re interested, apply or reach out to [email protected]

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.

Cyber Security Analyst

Location: Buckinghamshire
Contract: Full-time, permanent
Salary: Up to £50,000 per annum (dependent on skills & experience)
Bonus: Discretionary bonus scheme
Hours: 35 hours per week

We’re looking for an experienced Cyber Security Analyst to join a well-established organisation and play a key role in protecting systems, data and infrastructure from cyber threats.

Key responsibilities include:

• Monitoring systems, networks and alerts for security threats and vulnerabilities

• Investigating, documenting and responding to security incidents

• Supporting cyber security governance, risk management and compliance activities

• Producing clear security reports, metrics and management information

• Working with third-party suppliers and internal stakeholders

• Promoting cyber security awareness across the organisation

About you:

• At least 3 years’ experience in a cyber security role

• Strong knowledge of security frameworks (e.g. ISO 27001, NIST)

• Hands-on experience with tools such as SIEM, firewalls, IDS/IPS, EDR and vulnerability scanning

• Strong analytical skills with the ability to document and communicate clearly

• Experience with cloud technologies (e.g. Microsoft Azure/M365) is desirable

Please apply if interested!

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.