Senior Cyber Security Lead in London

Location: Central London (1 day per week onsite)

Salary: c£85,000 + benefits

The Opportunity

We are seeking an experienced Senior Cyber Security Analyst to join a global Cyber Defense function. This is not a traditional SOC analyst position focused purely on alert investigation. Instead, this role requires an individual capable of leading cyber incidents operationally, technically and commercially from end-to-end. You will act as a senior technical subject matter expert across incident response, detection engineering, cloud security and vulnerability management, while also providing calm, structured leadership during high-pressure situations. The environment is heavily Microsoft-focused, with particular emphasis on:

• Microsoft Sentinel
• Microsoft Defender XDR
• Azure security and secure-by-design principles
• Detection engineering and automation
• Threat and vulnerability management

You will work closely with global technology and cyber teams to continuously improve monitoring, detection, response and remediation capabilities across hybrid cloud and on-premise environments.

Key Responsibilities

• Incident Response & Major Incident Management
  • Lead the end-to-end management of cyber security incidents across global environments.
  • Take ownership of incident triage, severity assessment and response coordination across P1–P4 incidents.
  • Lead incident bridge calls and coordinate technical and business stakeholders throughout the incident lifecycle.
  • Assess technical, operational and commercial impact to support effective decision-making under pressure.
  • Provide clear, calm and structured communications to both technical teams and senior leadership.
  • Drive containment, eradication, recovery and post-incident improvement activities.
  • Conduct root cause analysis and ensure lessons learned are embedded into operational processes and controls.
  • Develop and maintain incident response procedures, playbooks and documentation aligned to industry best practice.
• Detection Engineering & Security Automation
  • Configure, optimise and continuously improve Microsoft Sentinel and Microsoft Defender technologies.
  • Develop and tune detection logic using KQL to identify emerging threats and attacker behaviours.
  • Build and maintain automated SOAR workflows using Logic Apps and related technologies.
  • Integrate Microsoft security tooling with third-party technologies and service providers.
  • Identify monitoring gaps and improve visibility across cloud and on-premise environments.
  • Maintain high-quality technical documentation for detections, automations and operational workflows.
• Cloud Security & Secure-by-Design
  • Support secure configuration and operational security across Azure and associated cloud services.
  • Collaborate with infrastructure and engineering teams to embed secure-by-design principles.
  • Evaluate configuration changes and ensure alignment with security standards and controls.
  • Support implementation and optimisation of Microsoft Defender security policies across endpoint, identity, cloud and email platforms.
  • Contribute to the continuous improvement of cloud security posture across global operations.
• Threat & Vulnerability Management
  • Support and enhance the vulnerability management programme across infrastructure, cloud and endpoint environments.
  • Work with tools such as Microsoft Defender Vulnerability Management and Tenable to identify and prioritise vulnerabilities.
  • Translate vulnerability findings into actionable remediation plans with technology stakeholders.
  • Leverage cyber threat intelligence to improve detection capabilities and prioritisation decisions.
  • Track remediation progress and provide meaningful risk reporting to cyber leadership.
• Stakeholder Management & Collaboration
  • Partner with Group IT, Regional IT and wider technology teams across multiple geographies.
  • Act as a trusted advisor across operational security, incident response and cyber defence activities.
  • Balance technical risk with operational realities and business priorities.
  • Demonstrate strong stakeholder management and communication skills at all levels of the organisation.
  • Contribute to a positive cyber security culture and continuous improvement mindset across the business.

What We’re Looking For

Essential Experience

• Proven experience leading cyber security incidents end-to-end within enterprise environments.
• Strong background in Security Operations, Cyber Defence, Incident Response or Blue Team functions.
• Experience operating within hybrid cloud and on-premise environments.
• Hands-on experience with Microsoft Sentinel, Microsoft Defender XDR and Azure security technologies.
• Experience with detection engineering, threat detection and security automation.
• Exposure to vulnerability management platforms such as Tenable or Microsoft Defender Vulnerability Management.
• Experience managing stakeholder communications during high-severity incidents.
• Strong understanding of attacker tactics, techniques and procedures (TTPs).

Technical Skills

• Strong Microsoft security ecosystem expertise.
• Advanced KQL experience for investigations, detections and reporting.
• Experience building automation workflows using Logic Apps or similar technologies.
• Knowledge of cloud security principles across Azure and ideally AWS or Google Cloud.
• Familiarity with industry frameworks such as NIST and ISO 27001.

Personal Attributes

• Calmness under pressure
• Strong ownership and accountability
• Excellent communication and stakeholder management skills
• Commercial awareness alongside technical depth
• Gravitas and confidence leading senior incident discussions
• The ability to know when to stop investigating and start managing the wider incident process

To apply for this fantastic opportunity please send your CV.