Senior Threat & Response Specialist in Winchester

hackajob is collaborating with Arqiva to connect them with exceptional professionals for this role. Location: Crawley Court, Winchester & Newman Street, London. We operate a flexible, hybrid working environment – requirement to travel to either our Winchester or London office up to twice a week.

Competitive salary 10% bonus. Work Life Smarter – our commitment to a flexible and hybrid working culture. Generous pension scheme starting at 6% rising to 10%. A unique wellbeing programme that looks after the whole you. Access to multiple learning platforms to support your individual development. Active and diverse networks that build community, support wellbeing and advocate for change. A comprehensive set of benefits including discounts on big brands, gymflex memberships and paid volunteering leave.

The Role

The Senior Threat & Response Specialist is uniquely positioned to drive the evolution of our cyber security capability, combining deep operational expertise with advanced, cutting‑edge technologies. Through this role, the specialist plays a pivotal part in shaping an innovative, intelligence‑led security function, one that anticipates threats, automates responses, and sets new standards of excellence across our organisation and the wider industry. Candidates with a strong SIEM engineering background who want to broaden their scope into 3rd‑line SOC investigation and incident response will be particularly well suited to this opportunity. This position provides a unique opportunity to own and shape the role, as we establish best practices and effective ways of working across our organisation. Experience in Cloud Security, especially across Azure, AWS or hybrid environments, will be highly advantageous, enabling you to support Arqiva’s shift toward secure‑by‑design cloud adoption.

You will work within Arqiva’s Information Security Operations Teams, reporting to the Head of Threat and Response, and collaborating closely with the broader Security organisation as well as technical teams across Arqiva. Together, you will help deliver and mature our core Cyber Defence capabilities, including SIEM and Monitoring, Vulnerability Management, Incident Response and Analysis, and Threat Intelligence.

Key Responsibilities

• Lead the engineering, optimisation and continuous improvement of Arqiva’s SIEM platform, ensuring high‑quality detections, effective log ingestion pipelines, and strong operational performance.
• Design, develop and tune advanced detection use cases aligned to evolving attacker behaviours, leveraging threat intelligence and frameworks such as MITRE ATT&CK.
• Support the onboarding and normalisation of new data sources, including cloud telemetry, application logs and platform services, ensuring full visibility across hybrid environments.
• Collaborate with DevOps and platform engineering teams to embed security controls, monitoring and detection within CI/CD pipelines and infrastructure‑as‑code deployments.
• Utilise cloud‑native and third‑party tooling such as Wiz to assess cloud posture, improve asset visibility, enrich threat detection logic, and drive proactive remediation.
• Act as an escalation point for complex 3rdline SOC investigations, providing analytical support.
• Collaborate with suppliers, customers and Arqiva stakeholders, to deliver Threat & Response services, drive improvement and enhance the effectiveness of Arqiva’s Security Capabilities.
• Provide technical analysis and interpretation of Arqiva’s internal and external landscape, advising and supporting the Head of Threat & Response in embedding the incident response and cyber continuity elements of Arqiva’s information security strategy across the organisation.
• Mentor junior Threat & Response colleagues across any of the Threat & Response services.
• Coordinate with stakeholders of varying seniority and technical background as an authoritative representative of the Threat & Response function.

Key Attributes & Experience

• Technical background, mindset and approach.
• Genuine enthusiasm for technology and Cyber Security.
• Adaptability and self-sufficiency.
• Inquisitive and analytical.
• Strong communication, reporting and stakeholder management skills.
• Able to understand technical concepts and scenarios and translate in clear language for non-technical stakeholders and executives.
• Honest, open and genuine in your interactions with others.
• Deep, tooling-agnostic engineering, architectural and operational expertise, across all key Security platforms, such as VM/SIEM/EDR, and able to transfer knowledge between toolsets.
• Knowledge and experience of working within organisations that implement relevant Cyber frameworks and methodologies, such as MITRE ATT&CK, NIST, ISF, ISO27000.
• Relevant industry qualifications, such as SANS, GIAC, CEH, CCNA, AZ-500.
• Extensive experience of performing technical threat analysis and incident response activities against several kinds of attack, including malware, data breach, supply chain compromise and others.
• Experience in the management and handling of Security incidents, including assessment, categorisation and prioritisation and root cause analysis.
• Familiarity with common attack methodologies and methods used by Cyber threat actors during the threat lifecycle.
• Experience interpreting and actioning Threat Intelligence.
• Experience with both on‑prem and AWS and Azure cloud environments and Security solutions.

Please note that the successful candidate will be required to successfully undergo UK Security Clearance and must have been resident within the UK for at least five years.

Our commitment to Diversity & Inclusion

At Arqiva, we’re committed to building a workplace where everyone feels valued, heard and empowered to succeed. We welcome applications from all backgrounds and experiences, and we work hard to remove barriers so every colleague can thrive. If you need any adjustments at any stage of the recruitment process, please reach out to talent@arqiva.com.