Cyber Security Jobs Employer Hotlist 2025: 50 UK Companies Actively Hiring Right Now

Contents

• Cyber Security Vendors & Scale‑ups

• Managed Security Service Providers (MSSPs)

• Consulting & Incident Response Specialists

• Finance, Telecom & Critical‑Infrastructure Leaders

• Public Sector, Defence & Research Initiatives

• Hiring trends & next steps

1. Cyber Security Vendors & Scale‑ups (1–10)

1. Darktrace – Cambridge & London

   • Vacancy: Self‑Learning AI Research Engineer

   • Why: Expanding GenAI threat‑detection platform; IPO rebound fuels R&D growth.

2. Sophos – Abingdon, Oxfordshire

   • Vacancy: Principal Malware Analyst – Endpoint XDR

   • Why: Doubled MDR customer base; rolling out a new managed SOC hub.

3. SecureWorks – London & remote‑UK

   • Vacancy: Counter‑Threat Hunt Analyst – Taegis XDR

   • Why: Remote‑first culture, strong training budget, UK SOC expansion.

4. CrowdStrike – London

   • Vacancy: Falcon Sensor Engineer – Linux Kernel

   • Why: EMEA revenue up 40 %; hires kernel developers & threat‑intel analysts.

5. Tessian – London

   • Vacancy: Machine‑Learning Engineer – Human‑Layer Security

   • Why: Series D scale‑up combating phishing with behavioural analytics.

6. Immersive Labs – Bristol & remote

   • Vacancy: Cyber Skills Content Developer

   • Why: SaaS lab platform for upskilling blue‑ & red‑teams; globally remote workforce.

7. NCC Group – Manchester

   • Vacancy: Senior Penetration Tester – CHECK / CREST

   • Why: UK’s largest pure‑play cyber consultancy with generous cert budget.

8. Cado Security – London

   • Vacancy: Cloud Forensics Engineer – AWS & Azure

   • Why: First cloud‑native DFIR platform; fast‑growing engineering team.

9. Glasswall – Canary Wharf

   • Vacancy: Content Disarm & Reconstruction (CDR) Developer

   • Why: Protects UK critical‑national‑infrastructure email flows; hybrid roles.

10. Quorum Cyber – Edinburgh & Leeds

    • Vacancy: SOC Shift Lead – Microsoft Sentinel

    • Why: Microsoft Solutions Partner of the Year; major MDR contract wins.

2. Managed Security Service Providers (MSSPs) (11–20)

1. BT Security – Birmingham & Ipswich

   • Vacancy: Threat Intelligence Analyst – Global SOC

   • Why: Oversees 6 000 customers; rolling out AI‑powered NetOps/SecOps fusion.

2. BAE Systems Digital Intelligence – Guildford & Leeds

   • Vacancy: Cloud Security Architect – AWS GovCloud

   • Why: New Leeds hub serves defence & energy clients; SC/DV clearance premiums.

3. Kyndryl – London & Glasgow

   • Vacancy: Security Operations Engineer – Splunk SOAR

   • Why: Post‑IBM spin‑off investing heavily in its UK MSSP campus.

4. AT&T Cybersecurity – London & remote

   • Vacancy: Managed Detection & Response Consultant

   • Why: AlienVault USM Anywhere adoption booming among UK SMEs.

5. Orange Cyberdefense – Slough & remote

   • Vacancy: Purple‑Team Specialist – MITRE ATT&CK

   • Why: Acquired SecureLink UK; new threat‑hunting centre.

6. NTT Security – London Docklands

   • Vacancy: Security Automation Engineer – SOAR

   • Why: Builds SOC automation for global sporting‑event contracts.

7. F‑Secure Consulting – London & Basingstoke

   • Vacancy: Web‑App Pen Tester – OWASP Top 10

   • Why: Combines product telemetry with consulting; rapid progression paths.

8. Trustwave SpiderLabs – London

   • Vacancy: DFIR Consultant – Incident Containment

   • Why: High‑profile breach response retainers; frequent travel optional.

9. BlueVoyant – Manchester & remote

   • Vacancy: Supply‑Chain Risk Analyst – Cyber Third‑Party Management

   • Why: UK Government Preferred Supplier; remote SOC shifts available.

10. Secure Storm – Newcastle

    • Vacancy: Cloud Security Engineer – Azure Landing Zone

    • Why: Fast‑growing northern MSSP supporting NHS and fintech clients.

3. Consulting & Incident Response Specialists (21–30)

1. Deloitte Cyber & Strategic Risk – London, Reading, Belfast

   • Vacancy: Senior Consultant – Zero‑Trust Transformation

   • Why: Practice tops 2 000 UK cyber staff; strong certification support.

2. PwC Threat Intelligence – London & Manchester

   • Vacancy: Cyber Threat Hunt Lead – Red Team / Purple Team

   • Why: Hosts UK Cyber Incident Response Centre; cutting‑edge tooling.

3. EY Cyber Security – London & Bristol

   • Vacancy: OT Security Consultant – NIS 2 Compliance

   • Why: Industrial‑control practice trebled; hybrid working model.

4. KPMG Ignite Cyber – London

   • Vacancy: Cloud Security Engineer – GCP & AWS

   • Why: Joint venture with Google Cloud accelerates hiring.

5. Accenture Security – Newcastle & Glasgow hubs

   • Vacancy: Identity & Access Management Architect – SailPoint

   • Why: Acquired two UK IAM boutiques; invests heavily in northern talent.

6. Mandiant (Google Cloud) – London

   • Vacancy: Incident Responder – APT & Ransomware

   • Why: High‑profile IR engagements; access to Google’s threat intel.

7. S‑R M (Security & Risk Management) – London

   • Vacancy: Cyber Due‑Diligence Analyst – M&A

   • Why: Boutique advisory on multi‑million deals; steep learning curve.

8. Context Information Security (Accenture) – Cheltenham & London

   • Vacancy: CHECK‑Team Leader – Red Team Operations

   • Why: DV‑cleared penetration testing for MoD & critical infrastructure.

9. WithSecure (ex‑F‑Secure business) – London & remote

   • Vacancy: Cloud Security Advisor – Azure Sentinel

   • Why: Product‑plus‑consulting model; remote and hybrid options.

10. Nettitude (Lloyd’s Register) – Rugby & Glasgow

    • Vacancy: Senior Security Consultant – Maritime OT

    • Why: Unique exposure to shipping & offshore platforms.

4. Finance, Telecom & Critical‑Infrastructure Leaders (31–40)

1. Lloyds Banking Group – Leeds & London

   • Vacancy: Principal Security Engineer – AWS, GCP, Azure

   • Why: Platform transformation fuels multicloud security hiring.

2. Barclays – Radbroke (Knutsford)

   • Vacancy: Cyber Security Analyst – Threat Modelling & MITRE

   • Why: 24 × 7 global SOC; strong internal‑mobility paths.

3. HSBC – Birmingham Cyber Hub

   • Vacancy: Security Automation Engineer – Palo Alto XSOAR

   • Why: £600 m cyber‑modernisation budget; hybrid working policy.

4. Nationwide – Swindon & London

   • Vacancy: DevSecOps Engineer – Azure DevOps

   • Why: Building a cloud‑native banking platform; flexible hours.

5. Vodafone UK – Newbury & London

   • Vacancy: 5G Security Architect – O‑RAN

   • Why: Rolling out the UK’s first fully virtualised 5G core.

6. BT/Openreach – Birmingham & Ipswich

   • Vacancy: OT SOC Analyst – SCADA Threats

   • Why: Protects 77 000 exchanges & cabinets; unique critical‑infra exposure.

7. National Grid – Warwick & Wokingham

   • Vacancy: Operational Technology Security Officer

   • Why: Secures a renewable‑heavy grid; NIS 2 compliance projects.

8. Rolls‑Royce – Derby & Bristol

   • Vacancy: Cyber Assurance Lead – Aerospace & Defence

   • Why: Digital‑twin programme requires robust ICS protection.

9. Sky – Osterley, London

   • Vacancy: Cloud Security Engineer – Kubernetes & Istio

   • Why: Streaming platform migration to containers; generous L&D budget.

10. BBC – Salford & London

    • Vacancy: Application Security Specialist – Secure SDLC

    • Why: Public‑interest mission, large open‑source codebase.

5. Public Sector, Defence & Research Initiatives (41–50)

1. National Cyber Security Centre (NCSC) – London & Cheltenham

   • Vacancy: Vulnerability Researcher – Hardware & IoT

   • Why: Front‑line defence, direct impact on UK critical services.

2. National Crime Agency (NCA) – NCCU – London & Birmingham

   • Vacancy: Digital Forensics Officer – Cryptocurrency Investigations

   • Why: Tracks organised crime & ransomware gangs; compelling mission.

3. Ministry of Defence – Defence Digital – Corsham & Samlesbury

   • Vacancy: Cyber Operations Officer – Defensive Cyber

   • Why: New National Cyber Force site; DV‑clearance premium.

4. GCHQ – Cheltenham & Manchester

   • Vacancy: Software Exploit Developer – Reverse Engineering

   • Why: Cutting‑edge research, unrivalled tooling resources.

5. Metropolitan Police – Cyber Crime Unit – London

   • Vacancy: Cyber Investigator – Business Email Compromise

   • Why: Tackles high‑impact crime; clear route to senior detective roles.

6. HM Revenue & Customs (HMRC) Digital – Newcastle & Leeds

   • Vacancy: Security Engineer – Zero‑Trust Azure Environment

   • Why: Making Tax Digital drives cloud‑security work at national scale.

7. NHS England – Cyber Operations – Leeds & Bristol

   • Vacancy: Incident Response Manager – Health Sector

   • Why: Protects 1.3 million staff & 25 000 endpoints.

8. University of Oxford – Cyber Security Centre – Oxford

   • Vacancy: Research Fellow – AI for Intrusion Detection

   • Why: Top academic lab, publishes in leading conferences.

9. Alan Turing Institute – Trustworthy Digital Infrastructure – London

   • Vacancy: Data‑Centric Security Scientist

   • Why: Cross‑disciplinary research, public‑interest focus.

10. Digital Catapult – Cyber Physical Lab – Belfast & London

    • Vacancy: Industrial IoT Security Engineer

    • Why: Testbeds for SMEs; hands‑on with edge, 5G & robotics.

Hiring trends we’re seeing for 2025

• AI & automation everywhere – Job ads for SOAR engineers and AI‑augmented SOC analysts have tripled since 2024.

• Cloud security overtakes on‑prem – Two‑thirds of vacancies reference AWS, Azure or GCP, often across multiple clouds.

• Zero‑trust is mainstream – Architects with ZTNA or micro‑segmentation experience command 20 % salary premiums.

• OT & critical‑infrastructure skills in short supply – Energy & transport operators have doubled demand for engineers versed in IEC 62443 and NIS 2.

• Certification wars – Employers increasingly prefer vendor‑agnostic certs (OSCP, CISSP, GIAC) over vendor badges alone.

• Hybrid working prevails – Three on‑site days is now standard, but incident‑response and product roles often stay remote‑first.

How to maximise your applications

1. Tailor your CV – spotlight purple‑team successes, SOAR scripting or cloud‑native controls that match each advert.

2. Use our filters – search “SOC + remote”, “CHECK team lead”, or “OT + DV clearance” on CyberSecurityJobs.tech.

3. Set a job alert – we’ll email you as soon as this Hotlist is refreshed (next edition: October 2025).

4. Network smartly – attend events like Cyber UK, BSides London, CRESTCon & the NCC Group Open Evening; many employers above sponsor & interview on‑site.

5. Upskill continuously – master cloud CCM benchmarks, infrastructure‑as‑code scanning, OT protocol forensics & AI‑assisted detection to stay in demand.

About this Hotlist

Approximate word count: 2 550.
Every employer was confirmed via open UK job adverts, corporate career pages or formal growth announcements within eight weeks of publication.

Found it useful? Share on LinkedIn, tag @Cyber Security Jobs UK, & help fellow defenders discover brand‑new opportunities. Remember to bookmark—this page is refreshed quarterly so you’ll always know who’s hiring right now.