Senior Cyber Security Analyst

Senior Cyber Security Analyst/Lead

Central London (1 day per week onsite)
c£85,000 + benefits

About the Role

This is a highly visible opportunity to join a growing global Cyber Defence function at an exciting stage of transformation and centralisation. Cyber security remains a core strategic priority for the organisation as it continues to modernise operations and strengthen resilience across a complex international environment.

The successful individual will play a critical role in strengthening operational security capabilities while helping shape the future direction of the team as the wider security function evolves.

This role offers genuine ownership, senior stakeholder exposure and strong progression potential into future lead or management responsibilities over time.

The Opportunity

We are seeking an experienced Senior Cyber Security Analyst/Lead to join a global Cyber Defence function. This is not a traditional SOC analyst position focused purely on alert investigation. Instead, this role requires an individual capable of leading cyber incidents operationally, technically and commercially from end-to-end.

You will act as a senior technical subject matter expert across incident response, detection engineering, cloud security and vulnerability management, while also providing calm, structured leadership during high-pressure situations.

The environment is heavily Microsoft-focused, with particular emphasis on:

  • Microsoft Sentinel
  • Microsoft Defender XDR
  • Azure security and secure-by-design principles
  • Detection engineering and automation
  • Threat and vulnerability management

You will work closely with global technology and cyber teams to continuously improve monitoring, detection, response and remediation capabilities across hybrid cloud and on-premise environments.

Key Responsibilities

Incident Response & Major Incident Management

  • Lead the end-to-end management of cyber security incidents across global environments.
  • Take ownership of incident triage, severity assessment and response coordination across P1-P4 incidents.
  • Lead incident bridge calls and coordinate technical and business stakeholders throughout the incident life cycle.
  • Assess technical, operational and commercial impact to support effective decision-making under pressure.
  • Provide clear, calm and structured communications to both technical teams and senior leadership.
  • Drive containment, eradication, recovery and post-incident improvement activities.
  • Conduct root cause analysis and ensure lessons learned are Embedded into operational processes and controls.
  • Develop and maintain incident response procedures, playbooks and documentation aligned to industry best practice.

Detection Engineering & Security Automation

  • Configure, optimise and continuously improve Microsoft Sentinel and Microsoft Defender technologies.
  • Develop and tune detection logic using KQL to identify emerging threats and attacker behaviours.
  • Build and maintain automated SOAR workflows using Logic Apps and related technologies.
  • Integrate Microsoft security tooling with third-party technologies and service providers.
  • Identify monitoring gaps and improve visibility across cloud and on-premise environments.
  • Maintain high-quality technical documentation for detections, automations and operational workflows.

Cloud Security & Secure-by-Design

  • Support secure configuration and operational security across Azure and associated cloud services.
  • Collaborate with infrastructure and engineering teams to embed secure-by-design principles.
  • Evaluate configuration changes and ensure alignment with security standards and controls.
  • Support implementation and optimisation of Microsoft Defender security policies across endpoint, identity, cloud and email platforms.
  • Contribute to the continuous improvement of cloud security posture across global operations.

Threat & Vulnerability Management

  • Support and enhance the vulnerability management programme across infrastructure, cloud and endpoint environments.
  • Work with tools such as Microsoft Defender Vulnerability Management and Tenable to identify and prioritise vulnerabilities.
  • Translate vulnerability findings into actionable remediation plans with technology stakeholders.
  • Leverage cyber threat intelligence to improve detection capabilities and prioritisation decisions.
  • Track remediation progress and provide meaningful risk reporting to cyber leadership.

Stakeholder Management & Collaboration

  • Partner with Group IT, Regional IT and wider technology teams across multiple geographies.
  • Act as a trusted advisor across operational security, incident response and cyber defence activities.
  • Balance technical risk with operational realities and business priorities.
  • Demonstrate strong stakeholder management and communication skills at all levels of the organisation.
  • Contribute to a positive cyber security culture and continuous improvement mindset across the business.

What We're Looking For

Essential Experience

  • Proven experience leading cyber security incidents end-to-end within enterprise environments.
  • Strong background in Security Operations, Cyber Defence, Incident Response or Blue Team functions.
  • Experience operating within hybrid cloud and on-premise environments.
  • Hands-on experience with Microsoft Sentinel, Microsoft Defender XDR and Azure security technologies.
  • Experience with detection engineering, threat detection and security automation.
  • Exposure to vulnerability management platforms such as Tenable or Microsoft Defender Vulnerability Management.
  • Experience managing stakeholder communications during high-severity incidents.
  • Strong understanding of attacker tactics, techniques and procedures (TTPs).

Technical Skills

  • Strong Microsoft security ecosystem expertise.
  • Advanced KQL experience for investigations, detections and reporting.
  • Experience building automation workflows using Logic Apps or similar technologies.
  • Knowledge of cloud security principles across Azure and ideally AWS or Google Cloud.
  • Familiarity with industry frameworks such as NIST and ISO 27001.

Personal Attributes

We are particularly interested in individuals who demonstrate:

  • Calmness under pressure
  • Strong ownership and accountability
  • Excellent communication and stakeholder management skills
  • Commercial awareness alongside technical depth
  • Gravitas and confidence leading senior incident discussions
  • The ability to know when to stop investigating and start managing the wider incident process

What's on Offer

  • Highly visible role within a growing global cyber security function
  • Genuine ownership and influence across security operations
  • Opportunity to shape and mature cyber defence capabilities globally
  • Strong balance of technical depth and business engagement
  • Clear long-term progression opportunities as the team expands
  • Flexible hybrid working with only 1 day per week onsite in Central London

To apply for this fantastic opportunity please send your CV

Apply Now
Apply Now

Job Details

Company
Tria Recruitment
Location
London, United Kingdom
Hybrid / Remote Options
Employment Type
Permanent
Salary
GBP 85,000 - 90,000 Annual
Posted