Internal Cyber Defence Consultant

Change your job, change your workplace, change your future. Ricoh Europe is continuing its investment in modern, intelligence‑driven cybersecurity capabilities. As part of this evolution, we are looking for an Internal Cyber Defence Consultant to strengthen our defensive posture, lead the maturity of our Blue Team capability, and ensure Ricoh remains resilient against an ever‑evolving threat landscape.

This is a high‑impact individual contributor role with virtual leadership responsibilities and working closely with security, technology and business teams across Europe.

About the Role

The Internal Cyber Defence Consultant will be responsible for shaping and maturing Ricoh’s defensive security operations. This includes overseeing detection engineering, incident response, threat hunting, and vulnerability management. You will guide the virtual Blue Team, set the direction for defensive strategy, and ensure security controls, processes, and technologies deliver protection across Ricoh’s systems, networks and data.

Operating in a complex and fast‑paced environment, you will be accountable for the design and continual improvement of detection and response capabilities, while ensuring alignment with industry standards, regulatory requirements and Ricoh’s risk appetite. This role blends technical expertise, leadership, analysis and communication, requiring someone who can influence without direct authority and act decisively when incidents occur.

What you will be doing

• Blue Team Leadership & Operations
  • Leading and coordinating the virtual Blue Team, including SOC analysts, incident responders, threat hunters and defensive engineers.
  • Setting strategic direction, improving processes, and supporting skill development across the defensive capability.
  • Acting as a senior escalation point during investigations and major incidents.
  • Designing, implementing and tuning detection rules across SIEM, SOAR, EDR and NDR platforms.
  • Managing log ingestion, telemetry pipelines and data quality to ensure visibility across all environments.
  • Identifying gaps in logging, coverage or monitoring and driving improvements.
  • Managing incident response processes, including playbooks, tabletop exercises and post‑incident reviews.
  • Leading investigations, coordinating cross‑functional teams and ensuring effective containment, eradication and recovery.
  • Embedding lessons learned into future detection, tooling and process enhancements.
• Threat Hunting & Proactive Defence
  • Conducting hypothesis‑driven threat hunts informed by threat intelligence.
  • Identifying stealthy or emerging threats not caught by automated detection.
  • Collaborating with Red Team operators to validate detection gaps and enhance Blue Team response.
• Vulnerability & Exposure Management
  • Overseeing vulnerability management processes and coordinating risk‑based remediation.
  • Working with infrastructure and application teams to prioritise and address high‑risk weaknesses.
  • Reporting remediation progress and exposure trends to senior leadership.
• Governance, Reporting & Culture
  • Ensuring compliance with ISO 27001, GDPR, NIS2 and internal security policies.
  • Providing clear reporting on threat trends, risk indicators, detection maturity and incident metrics.
  • Championing a security‑first culture through guidance, awareness and training initiatives.

What We Are Looking For

• Technical Expertise
  • Strong hands‑on experience across SIEM, SOAR, EDR and NDR technologies – covering the Microsoft suite.
  • Zero Trust experience, ideally with zScaler.
  • Proficiency in detection engineering, alert tuning, log analysis and data correlation.
  • Solid understanding of MITRE ATT&CK, cyber kill chain and threat actor TTPs.
  • Experience conducting or leading incident response and digital forensics investigations.
  • Skilled in threat hunting techniques, anomaly detection and behavioural analytics.
  • Strong knowledge of vulnerability management processes and tooling.
  • Understanding of enterprise networks, cloud environments, endpoints and identity systems.
• Leadership & Interpersonal Skills
  • Experience guiding virtual or multidisciplinary security teams.
  • Strong communicator, comfortable engaging senior stakeholders across technical and non‑technical functions.
  • Able to influence decision‑making, challenge assumptions and advocate for necessary security improvements.
  • Skilled at maintaining calm, clarity and leadership during high‑pressure security incidents.
  • Capable of building trust, fostering collaboration and promoting continuous improvement.
• Business & Strategic Acumen
  • Understanding of Ricoh’s business context, regulatory environment and operational dependencies.
  • Ability to translate technical risk into meaningful business impact.
  • Awareness of sector‑specific risks and organisational priorities.
  • Experience working in or with regulated enterprise environments.

Qualifications & Experience

• Bachelor’s degree in Cybersecurity, Computer Science, IT or related field.
• Relevant certifications such as GCIH, GCIA, GMON or CISP.
• Extensive proven experience in defensive cyber security roles.
• Proven experience in a leadership or senior operational position.
• Hands‑on experience leading major incident investigations in enterprise environments.
• Exposure to red/purple team exercises, detection tuning and threat‑driven defence.

In Return For Your Commitment, You Can Expect

• A competitive salary package.
• Industry leading benefits.
• Ricoh is an exceptional place to work. A place where there is strong emphasis on career development for the right individuals. This is a role where you can excel within a fast-paced environment and succeed within a thriving organisation.
• This is an excellent opportunity to join a global company where you can truly capitalise and build on your own experience.
• At Ricoh, we embrace and respect the collective and unique talents, experience, and perspectives of all people. Together we inspire remarkable innovation. That’s how we live the Ricoh Way.

Ricoh have removed the disclosure of convictions box from their application process offering equal opportunities to all. For all roles, we will judge each individual on their skills and ability before taking into account their history. However some roles are subject to sensitive and restrictive information and, if successful, you may be required to undertake pre-employment vetting checks which include but are not limited to residency check, credit reference check, financial sanctions check and a DBS Check. Further information on Employment Vetting can be accessed by contacting the Ricoh Recruitment Team.