Cyber Security Threat Hunter

The role of Cyber Security Incident Responder is crucial in ensuring the security posture of an organisation. The Security Operations Centre (SOC) team works closely with the Network Operation team to detect, analyse, and respond to cybersecurity incidents.

This role involves working with skilled IT Security staff to respond to cyber security threats in near real-time. A strong understanding of IT networks, security standards, authentication protocols, and security-related hardware and software within the organisation is vital.

The Cyber Security Incident Responder will be responsible for administering and optimising Microsoft Defender for Endpoint and Defender for Cloud configurations to ensure consistent security baselines across on-premises and cloud environments.

They will also implement and maintain Microsoft Purview configuration policies to support data governance, compliance, and information protection strategies.

• Administer and optimize Microsoft Defender for Endpoint and Defender for Cloud configurations.
• Implement and maintain Microsoft Purview configuration policies.
• Collaborate with IT, legal, compliance, and other key stakeholders to align configuration management practices with organisational policies and regulatory requirements.
• Coordinate with stakeholders to conduct investigations of cyber incidents, reverse engineer malware, identify attack vectors, and provide accurate incident accountability.
• Conduct regular reviews of Defender and Purview configurations to identify misconfigurations, enforce best practices, and mitigate security risks.
• Engage in intelligence-driven investigative analysis; define and coordinate cyber incident response testing to assess capabilities and breach preparedness.
• Create and maintain forensic and incident management policies governing incident handling.
• Conduct research on the latest threats and advancements in defending against unauthorized access to information.
• Perform threat hunting within corporate environments to detect historic or active malicious/unauthorised activity.
• Publish official reports and executive summaries for all major cyber incidents.
• Identify and implement appropriate controls within the SIEM and other security solutions to prevent and detect security incidents.
• Develop innovative monitoring and detection solutions using tools and advanced scripting.
• Engage with internal and external parties to share information to improve processes and security posture.
• Carry out detailed forensic analysis during major incident responses.
• Support the wider analyst team with deeper analysis of complex security events and incidents.

• Passionate and professional security mindset
• Strong customer service skills to follow up with clients and handle escalations
• Ability to ensure confidentiality and discretion in performing sensitive tasks
• Understanding of cyber-attack techniques, vulnerabilities, and countermeasures
• Technical knowledge of Information Technology and Cyber Security standards
• Expert knowledge of SIEM platforms, IT forensics, and real-time endpoint inspection tools
• Previous experience in handling incident response and forensic analysis
• Understanding of MITRE ATT&CK framework
• Experience simulating active exploits and detections
• Strong understanding of SIEM and UEBA
• Proficiency in scripting languages such as Python and PowerShell
• Working knowledge of cloud technologies
• Familiarity with forensics tools such as EnCase, Sleuth Kit, Redline & FTK Imager
• 3–4 years of experience in information security
• 2+ years of incident handling experience
• 1+ year of forensic experience
• Bachelor's Degree or equivalent preferred
• English: fluent

We are committed to creating an inclusive and supportive work environment. If you require any reasonable adjustments during the application or interview process, please let us know, and we will work with you to meet your needs.

Our organisation values diversity and equal opportunities.