[Up to c. £160k Comp Package | Hybrid Working - 3 Days in Office]

Role Overview

We’re partnering with a large UK financial services organisation focused on long-term savings and retirement solutions, that is undertaking a significant modernisation of its technology and security environment. As part of this programme, the organisation is strengthening its Security Operations capability to improve threat detection, response, and operational automation across its infrastructure and cloud platforms. This role sits within a small, hands-on Security Operations team reporting into the Head of SecOps. The team works closely with an external MSSP that provides 24/7 monitoring support, while internal engineers focus on detection quality, incident response, and improving operational capabilities. The position is intentionally broad - blending elements of detection engineering, alert investigation, threat hunting, and automation - and will play a key role in helping the firm gradually bring more detection and response capability in-house over time...

Key Responsibilities

• Investigate and triage security alerts across monitoring platforms, escalating and resolving incidents where appropriate
• Develop and refine SIEM detection rules, including tuning and building custom detection logic
• Perform proactive threat hunting using internal telemetry and external intelligence sources
• Monitor threat intelligence feeds and translate emerging threats into actionable detection improvements
• Identify opportunities to streamline and automate incident response workflows across the security tooling stack
• Support vulnerability management activities, including identifying issues and assisting with remediation tracking
• Participate in technical incident response investigations when security events occur
• Maintain operational documentation such as detection playbooks, runbooks, and standard operating procedures
• Work closely with internal technology teams to strengthen monitoring coverage and response processes
• Assist in evaluating new security technologies and improving existing operational tooling
• Participate in a structured on-call rotation (approximately one week per month)

What You’ll Bring…

• 5-8 years’ experience in a security operations, incident response, or detection engineering role
• Strong familiarity with security monitoring platforms such as SIEM, SOAR, and threat intelligence tooling
• Experience writing or tuning detection logic, ideally using KQL or similar query languages
• Practical exposure to threat hunting and analysing security alerts or incidents
• Experience building integrations or automation across security tooling
• Experience with the Microsoft security ecosystem and cloud platforms such as Azure or AWS
• Experience operating within cloud or cloud-native environments
• Strong written and verbal communication skills, with the ability to engage technical and non-technical stakeholders
• A proactive mindset with a focus on continuous improvement across operational security processes
• (Preferred) Exposure to technical investigations or forensic-style incident analysis
• (Preferred) Experience working within regulated environments such as financial services or insurance

...