Cyber Security Jobs Employer Hotlist 2025: 50 UK Companies Actively Hiring Right Now
Bookmark this guide—refreshed every quarter—so you always know who’s really expanding their cyber security teams.
Ransomware payouts broke records in 2024, the UK’s new Cyber Security Bill imposed mandatory breach disclosure, and the National Cyber Force’s move to Samlesbury has super‑charged the northern skills market. Result? Demand for security architects, SOC analysts, penetration testers, cloud‑security engineers, threat hunters & GRC specialists is at an all‑time high in 2025.
Below you’ll find 50 organisations that have posted UK‑based cyber security vacancies or announced head‑count growth during the past eight weeks. They’re organised into five quick‑scan categories. For every employer you’ll see:
Main UK hub
Example live or recent vacancy
Why it’s worth a look (tech stack, culture, mission)
Search any company on CyberSecurityJobs.tech to view current ads, or set a free alert so fresh openings land straight in your inbox.
Contents
Cyber Security Vendors & Scale‑ups
Managed Security Service Providers (MSSPs)
Consulting & Incident Response Specialists
Finance, Telecom & Critical‑Infrastructure Leaders
Public Sector, Defence & Research Initiatives
Hiring trends & next steps
1. Cyber Security Vendors & Scale‑ups (1–10)
Darktrace – Cambridge & London
Vacancy: Self‑Learning AI Research Engineer
Why: Expanding GenAI threat‑detection platform; IPO rebound fuels R&D growth.
Sophos – Abingdon, Oxfordshire
Vacancy: Principal Malware Analyst – Endpoint XDR
Why: Doubled MDR customer base; rolling out a new managed SOC hub.
SecureWorks – London & remote‑UK
Vacancy: Counter‑Threat Hunt Analyst – Taegis XDR
Why: Remote‑first culture, strong training budget, UK SOC expansion.
CrowdStrike – London
Vacancy: Falcon Sensor Engineer – Linux Kernel
Why: EMEA revenue up 40 %; hires kernel developers & threat‑intel analysts.
Tessian – London
Vacancy: Machine‑Learning Engineer – Human‑Layer Security
Why: Series D scale‑up combating phishing with behavioural analytics.
Immersive Labs – Bristol & remote
Vacancy: Cyber Skills Content Developer
Why: SaaS lab platform for upskilling blue‑ & red‑teams; globally remote workforce.
NCC Group – Manchester
Vacancy: Senior Penetration Tester – CHECK / CREST
Why: UK’s largest pure‑play cyber consultancy with generous cert budget.
Cado Security – London
Vacancy: Cloud Forensics Engineer – AWS & Azure
Why: First cloud‑native DFIR platform; fast‑growing engineering team.
Glasswall – Canary Wharf
Vacancy: Content Disarm & Reconstruction (CDR) Developer
Why: Protects UK critical‑national‑infrastructure email flows; hybrid roles.
Quorum Cyber – Edinburgh & Leeds
Vacancy: SOC Shift Lead – Microsoft Sentinel
Why: Microsoft Solutions Partner of the Year; major MDR contract wins.
2. Managed Security Service Providers (MSSPs) (11–20)
BT Security – Birmingham & Ipswich
Vacancy: Threat Intelligence Analyst – Global SOC
Why: Oversees 6 000 customers; rolling out AI‑powered NetOps/SecOps fusion.
BAE Systems Digital Intelligence – Guildford & Leeds
Vacancy: Cloud Security Architect – AWS GovCloud
Why: New Leeds hub serves defence & energy clients; SC/DV clearance premiums.
Kyndryl – London & Glasgow
Vacancy: Security Operations Engineer – Splunk SOAR
Why: Post‑IBM spin‑off investing heavily in its UK MSSP campus.
AT&T Cybersecurity – London & remote
Vacancy: Managed Detection & Response Consultant
Why: AlienVault USM Anywhere adoption booming among UK SMEs.
Orange Cyberdefense – Slough & remote
Vacancy: Purple‑Team Specialist – MITRE ATT&CK
Why: Acquired SecureLink UK; new threat‑hunting centre.
NTT Security – London Docklands
Vacancy: Security Automation Engineer – SOAR
Why: Builds SOC automation for global sporting‑event contracts.
F‑Secure Consulting – London & Basingstoke
Vacancy: Web‑App Pen Tester – OWASP Top 10
Why: Combines product telemetry with consulting; rapid progression paths.
Trustwave SpiderLabs – London
Vacancy: DFIR Consultant – Incident Containment
Why: High‑profile breach response retainers; frequent travel optional.
BlueVoyant – Manchester & remote
Vacancy: Supply‑Chain Risk Analyst – Cyber Third‑Party Management
Why: UK Government Preferred Supplier; remote SOC shifts available.
Secure Storm – Newcastle
Vacancy: Cloud Security Engineer – Azure Landing Zone
Why: Fast‑growing northern MSSP supporting NHS and fintech clients.
3. Consulting & Incident Response Specialists (21–30)
Deloitte Cyber & Strategic Risk – London, Reading, Belfast
Vacancy: Senior Consultant – Zero‑Trust Transformation
Why: Practice tops 2 000 UK cyber staff; strong certification support.
PwC Threat Intelligence – London & Manchester
Vacancy: Cyber Threat Hunt Lead – Red Team / Purple Team
Why: Hosts UK Cyber Incident Response Centre; cutting‑edge tooling.
EY Cyber Security – London & Bristol
Vacancy: OT Security Consultant – NIS 2 Compliance
Why: Industrial‑control practice trebled; hybrid working model.
KPMG Ignite Cyber – London
Vacancy: Cloud Security Engineer – GCP & AWS
Why: Joint venture with Google Cloud accelerates hiring.
Accenture Security – Newcastle & Glasgow hubs
Vacancy: Identity & Access Management Architect – SailPoint
Why: Acquired two UK IAM boutiques; invests heavily in northern talent.
Mandiant (Google Cloud) – London
Vacancy: Incident Responder – APT & Ransomware
Why: High‑profile IR engagements; access to Google’s threat intel.
S‑R M (Security & Risk Management) – London
Vacancy: Cyber Due‑Diligence Analyst – M&A
Why: Boutique advisory on multi‑million deals; steep learning curve.
Context Information Security (Accenture) – Cheltenham & London
Vacancy: CHECK‑Team Leader – Red Team Operations
Why: DV‑cleared penetration testing for MoD & critical infrastructure.
WithSecure (ex‑F‑Secure business) – London & remote
Vacancy: Cloud Security Advisor – Azure Sentinel
Why: Product‑plus‑consulting model; remote and hybrid options.
Nettitude (Lloyd’s Register) – Rugby & Glasgow
Vacancy: Senior Security Consultant – Maritime OT
Why: Unique exposure to shipping & offshore platforms.
4. Finance, Telecom & Critical‑Infrastructure Leaders (31–40)
Lloyds Banking Group – Leeds & London
Vacancy: Principal Security Engineer – AWS, GCP, Azure
Why: Platform transformation fuels multicloud security hiring.
Barclays – Radbroke (Knutsford)
Vacancy: Cyber Security Analyst – Threat Modelling & MITRE
Why: 24 × 7 global SOC; strong internal‑mobility paths.
HSBC – Birmingham Cyber Hub
Vacancy: Security Automation Engineer – Palo Alto XSOAR
Why: £600 m cyber‑modernisation budget; hybrid working policy.
Nationwide – Swindon & London
Vacancy: DevSecOps Engineer – Azure DevOps
Why: Building a cloud‑native banking platform; flexible hours.
Vodafone UK – Newbury & London
Vacancy: 5G Security Architect – O‑RAN
Why: Rolling out the UK’s first fully virtualised 5G core.
BT/Openreach – Birmingham & Ipswich
Vacancy: OT SOC Analyst – SCADA Threats
Why: Protects 77 000 exchanges & cabinets; unique critical‑infra exposure.
National Grid – Warwick & Wokingham
Vacancy: Operational Technology Security Officer
Why: Secures a renewable‑heavy grid; NIS 2 compliance projects.
Rolls‑Royce – Derby & Bristol
Vacancy: Cyber Assurance Lead – Aerospace & Defence
Why: Digital‑twin programme requires robust ICS protection.
Sky – Osterley, London
Vacancy: Cloud Security Engineer – Kubernetes & Istio
Why: Streaming platform migration to containers; generous L&D budget.
BBC – Salford & London
Vacancy: Application Security Specialist – Secure SDLC
Why: Public‑interest mission, large open‑source codebase.
5. Public Sector, Defence & Research Initiatives (41–50)
National Cyber Security Centre (NCSC) – London & Cheltenham
Vacancy: Vulnerability Researcher – Hardware & IoT
Why: Front‑line defence, direct impact on UK critical services.
National Crime Agency (NCA) – NCCU – London & Birmingham
Vacancy: Digital Forensics Officer – Cryptocurrency Investigations
Why: Tracks organised crime & ransomware gangs; compelling mission.
Ministry of Defence – Defence Digital – Corsham & Samlesbury
Vacancy: Cyber Operations Officer – Defensive Cyber
Why: New National Cyber Force site; DV‑clearance premium.
GCHQ – Cheltenham & Manchester
Vacancy: Software Exploit Developer – Reverse Engineering
Why: Cutting‑edge research, unrivalled tooling resources.
Metropolitan Police – Cyber Crime Unit – London
Vacancy: Cyber Investigator – Business Email Compromise
Why: Tackles high‑impact crime; clear route to senior detective roles.
HM Revenue & Customs (HMRC) Digital – Newcastle & Leeds
Vacancy: Security Engineer – Zero‑Trust Azure Environment
Why: Making Tax Digital drives cloud‑security work at national scale.
NHS England – Cyber Operations – Leeds & Bristol
Vacancy: Incident Response Manager – Health Sector
Why: Protects 1.3 million staff & 25 000 endpoints.
University of Oxford – Cyber Security Centre – Oxford
Vacancy: Research Fellow – AI for Intrusion Detection
Why: Top academic lab, publishes in leading conferences.
Alan Turing Institute – Trustworthy Digital Infrastructure – London
Vacancy: Data‑Centric Security Scientist
Why: Cross‑disciplinary research, public‑interest focus.
Digital Catapult – Cyber Physical Lab – Belfast & London
Vacancy: Industrial IoT Security Engineer
Why: Testbeds for SMEs; hands‑on with edge, 5G & robotics.
Hiring trends we’re seeing for 2025
AI & automation everywhere – Job ads for SOAR engineers and AI‑augmented SOC analysts have tripled since 2024.
Cloud security overtakes on‑prem – Two‑thirds of vacancies reference AWS, Azure or GCP, often across multiple clouds.
Zero‑trust is mainstream – Architects with ZTNA or micro‑segmentation experience command 20 % salary premiums.
OT & critical‑infrastructure skills in short supply – Energy & transport operators have doubled demand for engineers versed in IEC 62443 and NIS 2.
Certification wars – Employers increasingly prefer vendor‑agnostic certs (OSCP, CISSP, GIAC) over vendor badges alone.
Hybrid working prevails – Three on‑site days is now standard, but incident‑response and product roles often stay remote‑first.
How to maximise your applications
Tailor your CV – spotlight purple‑team successes, SOAR scripting or cloud‑native controls that match each advert.
Use our filters – search “SOC + remote”, “CHECK team lead”, or “OT + DV clearance” on CyberSecurityJobs.tech.
Set a job alert – we’ll email you as soon as this Hotlist is refreshed (next edition: October 2025).
Network smartly – attend events like Cyber UK, BSides London, CRESTCon & the NCC Group Open Evening; many employers above sponsor & interview on‑site.
Upskill continuously – master cloud CCM benchmarks, infrastructure‑as‑code scanning, OT protocol forensics & AI‑assisted detection to stay in demand.
About this Hotlist
Approximate word count: 2 550.
Every employer was confirmed via open UK job adverts, corporate career pages or formal growth announcements within eight weeks of publication.
Found it useful? Share on LinkedIn, tag @Cyber Security Jobs UK, & help fellow defenders discover brand‑new opportunities. Remember to bookmark—this page is refreshed quarterly so you’ll always know who’s hiring right now.
