Senior Cyber Security Analyst

We are looking for a Senior Cyber Security Analyst to join our Defensive Operations team on a fixed-term basis. You will work across the full breadth of our defensive security capability - including advanced investigations, incident response, threat hunting, detection engineering, and vulnerability management. This is a hands-on senior role within a hybrid SOC model, where our MDR partner delivers 24/7 Tier 1/2 monitoring and triage, and the internal team focuses on everything beyond including: response, proactive threat operations, and continuous improvement of our security posture, and more

What you will be doing

• Conduct advanced investigations escalated from the MDR SOC and internally identified threats, including root cause analysis, evidence gathering, containment, and remediation across Microsoft Sentinel and Defender XDR.
• Support incident response activities through the full lifecycle - detection, analysis, containment, eradication, recovery, and lessons learned - and contribute to the development of IR playbooks and procedures.
• Contribute to MSSP oversight and quality assurance - reviewing escalation quality, providing feedback, and participating in joint detection tuning sessions.
• Develop and execute threat hunts based on threat intelligence, MITRE ATT&CK gap analysis, and incident learnings, converting findings into detection rules or tuning recommendations.
• Author and deploy detection content (KQL analytics rules) in Microsoft Sentinel, supporting the team's efforts to expand MITRE ATT&CK coverage and reduce detection gaps.
• Support vulnerability management activities, including assessment of identified vulnerabilities, prioritisation, and coordination with the Technology team on remediation.
• Produce operational metrics and MI reporting in support of governance and stakeholder reporting.
• Mentor junior analysts, providing technical guidance on investigations, KQL development, and threat analysis techniques.

Your Skills And Experience

• 5+ years of experience in Security Operations, Incident Response, or a closely related defensive security role.
• Strong proficiency with Microsoft Sentinel (KQL query development, analytics rules, workbooks) and Microsoft Defender XDR.
• Good understanding of attacker techniques, tactics, and procedures (TTPs) and familiarity with the MITRE ATT&CK framework.
• Experience leading or contributing to incident response investigations through the full IR lifecycle.
• Strong KQL skills with the ability to write queries for detection, investigation, and hunting use cases.
• Experience with vulnerability management processes and tools.
• GIAC, CREST, or equivalent security certifications - or demonstrable equivalent experience.
• Strong communication skills with the ability to brief technical and non-technical stakeholders on incident status, risk, and remediation actions.