Senior Cyber Security Lead

Senior Cyber Security Analyst

Location: Central London (1 day per week onsite)

Salary: c£85,000 + benefits

The Opportunity

We are seeking an experienced Senior Cyber Security Analyst to join a global Cyber Defense function. This is not a traditional SOC analyst position focused purely on alert investigation. Instead, this role requires an individual capable of leading cyber incidents operationally, technically and commercially from end-to-end.

You will act as a senior technical subject matter expert across incident response, detection engineering, cloud security and vulnerability management, while also providing calm, structured leadership during high-pressure situations.

The environment is heavily Microsoft-focused, with particular emphasis on:

• Microsoft Sentinel
• Microsoft Defender XDR
• Azure security and secure-by-design principles
• Detection engineering and automation
• Threat and vulnerability management

You will work closely with global technology and cyber teams to continuously improve monitoring, detection, response and remediation capabilities across hybrid cloud and on-premise environments.

Key Responsibilities

Incident Response & Major Incident Management

• Lead the end-to-end management of cyber security incidents across global environments.
• Take ownership of incident triage, severity assessment and response coordination across P1–P4 incidents.
• Lead incident bridge calls and coordinate technical and business stakeholders throughout the incident lifecycle.
• Assess technical, operational and commercial impact to support effective decision-making under pressure.
• Provide clear, calm and structured communications to both technical teams and senior leadership.
• Drive containment, eradication, recovery and post-incident improvement activities.
• Conduct root cause analysis and ensure lessons learned are embedded into operational processes and controls.
• Develop and maintain incident response procedures, playbooks and documentation aligned to industry best practice.

Detection Engineering & Security Automation

• Configure, optimise and continuously improve Microsoft Sentinel and Microsoft Defender technologies.
• Develop and tune detection logic using KQL to identify emerging threats and attacker behaviours.
• Build and maintain automated SOAR workflows using Logic Apps and related technologies.
• Integrate Microsoft security tooling with third-party technologies and service providers.
• Identify monitoring gaps and improve visibility across cloud and on-premise environments.
• Maintain high-quality technical documentation for detections, automations and operational workflows.

Cloud Security & Secure-by-Design

• Support secure configuration and operational security across Azure and associated cloud services.
• Collaborate with infrastructure and engineering teams to embed secure-by-design principles.
• Evaluate configuration changes and ensure alignment with security standards and controls.
• Support implementation and optimisation of Microsoft Defender security policies across endpoint, identity, cloud and email platforms.
• Contribute to the continuous improvement of cloud security posture across global operations.

Threat & Vulnerability Management

• Support and enhance the vulnerability management programme across infrastructure, cloud and endpoint environments.
• Work with tools such as Microsoft Defender Vulnerability Management and Tenable to identify and prioritise vulnerabilities.
• Translate vulnerability findings into actionable remediation plans with technology stakeholders.
• Leverage cyber threat intelligence to improve detection capabilities and prioritisation decisions.
• Track remediation progress and provide meaningful risk reporting to cyber leadership.

Stakeholder Management & Collaboration

• Partner with Group IT, Regional IT and wider technology teams across multiple geographies.
• Act as a trusted advisor across operational security, incident response and cyber defence activities.
• Balance technical risk with operational realities and business priorities.
• Demonstrate strong stakeholder management and communication skills at all levels of the organisation.
• Contribute to a positive cyber security culture and continuous improvement mindset across the business.

What We’re Looking For

Essential Experience

• Proven experience leading cyber security incidents end-to-end within enterprise environments.
• Strong background in Security Operations, Cyber Defence, Incident Response or Blue Team functions.
• Experience operating within hybrid cloud and on-premise environments.
• Hands-on experience with Microsoft Sentinel, Microsoft Defender XDR and Azure security technologies.
• Experience with detection engineering, threat detection and security automation.
• Exposure to vulnerability management platforms such as Tenable or Microsoft Defender Vulnerability Management.
• Experience managing stakeholder communications during high-severity incidents.
• Strong understanding of attacker tactics, techniques and procedures (TTPs).

Technical Skills

• Strong Microsoft security ecosystem expertise.
• Advanced KQL experience for investigations, detections and reporting.
• Experience building automation workflows using Logic Apps or similar technologies.
• Knowledge of cloud security principles across Azure and ideally AWS or Google Cloud.
• Familiarity with industry frameworks such as NIST and ISO 27001.

Personal Attributes

We are particularly interested in individuals who demonstrate:

• Calmness under pressure
• Strong ownership and accountability
• Excellent communication and stakeholder management skills
• Commercial awareness alongside technical depth
• Gravitas and confidence leading senior incident discussions
• The ability to know when to stop investigating and start managing the wider incident process

To apply for this fantastic opportunity please send your CV