Cyber Threat Specialist

Cyber Threat Specialist (Blue Team) - Financial Services - London - Hybrid - Excellent Overall Package

Join a leading financial services client as a Cyber Threat Specialist (Blue Team) and help strengthen a critical Threat Detection & Response function. You will be a key member of the Threat Detection & Response team, focusing on defensive security across complex, business-critical environments. Working closely with engineering, infrastructure and security teams, you will help design, implement and optimise high-fidelity detections, investigate incidents, and contribute to continuous improvement of cyber defences.

Join a leading financial services client as a Cyber Threat Specialist (Blue Team) and help strengthen a critical Threat Detection & Response function. You will be a key member of the Threat Detection & Response team, focusing on defensive security across complex, business-critical environments. Working closely with engineering, infrastructure and security teams, you will help design, implement and optimise high-fidelity detections, investigate incidents, and contribute to continuous improvement of cyber defences.

• Deliver hands-on detection engineering, incident response, threat hunting, security engineering and threat intelligence activities.
• Investigate and respond to security incidents across host, identity, email, SaaS and cloud workloads.
• Use and tune security tooling such as EDR, DLP, SIEM and SOAR to improve detection and response effectiveness.
• Apply frameworks such as MITRE ATT&CK and the cyber kill chain to map, detect and disrupt attacker tradecraft.
• Leverage offensive tooling (Kali, Cobalt Strike, Metasploit, Bloodhound, Mimikatz, etc.) to understand and defend against real-world attack techniques.
• Contribute to secure architectures across networks, operating systems and cloud platforms.

• Minimum of 3 years' hands-on experience in at least two of: detection engineering, incident response, digital forensics, security operations, threat hunting, threat intelligence, with exposure to the others.
• Strong experience with security tooling: EDR, DLP, SIEM, SOAR.
• Solid background in threat investigation and incident response.
• Good understanding of MITRE ATT&CK, cyber kill chain and common attacker tradecraft.
• Familiarity with offensive tools such as Kali, Cobalt Strike, Metasploit, Bloodhound, Mimikatz.
• Strong knowledge of networking and security protocols (TCP/IP, HTTPS, DNS, Firewalls, proxies).
• Experience with Windows and Linux/Unix (Kubernetes exposure a plus).
• Scripting or programming skills in Bash, Python or Power Shell.
• Exposure to CI/CD tools and cloud platforms (eg Ansible Tower, Bitbucket, Pipelines, Azure).
• Understanding of secure network architectures and related technologies.

If you're interested and think you align with this opportunity, please apply with an updated CV.