Senior Security Operations Specialist

The Senior Operational Security Specialist will own and operate protective and detective security controls across endpoint, network, identity and data security domains, converting multiple best-efforts operational security activities into sustainable, auditable and scalable services.

This is an IC role and doesn't involve direct management of a team. You will report to the CISO. Candidates with strong hands-on experience and demonstrable technical capability will be considered regardless of formal qualification. You will need:

  • Significant hands-on experience in an operational information security or security engineering role.
  • Demonstrable experience managing EDR/AV, SIEM/XDR platforms, and network security controls including firewalls, WAF and segmentation.
  • Practical experience with identity and access management including MFA, PAM/PIM and access review processes.
  • Experience with the enterprise security solutions suites (Endpoint, Cloud, XDR, Identity, etc) and Purview/DLP.
  • Working knowledge of PAM tooling.
  • Experience in a regulated financial services environment preferred but not essential; working knowledge of ISO 27001, NIST CSF, DORA or NYDFS Part 500 beneficial.

Detection & Response

  • Triage and analyse security alerts from across the tooling estate, coordinating with the SOC to ensure timely detection and response.
  • Lead threat hunting activities using XDR telemetry and threat intelligence to proactively identify attacker activity.
  • Own and maintain the XDR platform including rule management, integrations and telemetry quality.
  • Investigate security incidents, anomalous activity and SOC escalations, producing clear findings and recommendations.
  • Develop and maintain incident response runbooks covering key threat scenarios and response procedures.
  • Own ransomware readiness and business resilience testing activities, including backup validation and playbook maintenance.
  • Manage security automation and SOAR playbook development to improve detection and response efficiency.
  • Provide operational interface with the SOC, supporting SLA management and technical escalation.

Operational Reporting

  • Produce clear, accurate and timely reporting covering endpoint health, network control status, DLP alert volumes, IAM control health and incident metrics.
  • Contribute security operations data and metrics to the CISO reporting pack.
Apply Now
Apply Now

Job Details

Company
La Fosse
Location
London Area, United Kingdom
Posted