DefOps Engineer

Our Cyber team are looking for an experienced Def Ops Engineer to join the team.

We are looking for a Senior Cyber Security Analyst to join our Defensive Operations team on a fixed‑term basis. You will work across the full breadth of our defensive security capability – including advanced investigations, incident response, threat hunting, detection engineering, and vulnerability management. This is a hands‑on senior role within a hybrid SOC model, where our MDR partner delivers 24/7 Tier 1/2 monitoring and triage, and the internal team focuses on everything beyond including response, proactive threat operations, and continuous improvement of our security posture, and more.

• Conduct advanced investigations escalated from the MDR SOC and internally identified threats, including root cause analysis, evidence gathering, containment, and remediation across Microsoft Sentinel and Defender XDR.
• Support incident response activities through the full lifecycle – detection, analysis, containment, eradication, recovery, and lessons learned – and contribute to the development of IR playbooks and procedures.
• Contribute to MSSP oversight and quality assurance – reviewing escalation quality, providing feedback, and participating in joint detection tuning sessions.
• Develop and execute threat hunts based on threat intelligence, MITRE ATT&CK gap analysis, and incident learnings, converting findings into detection rules or tuning recommendations.
• Author and deploy detection content (KQL analytics rules) in Microsoft Sentinel, supporting the team's efforts to expand MITRE ATT&CK coverage and reduce detection gaps.
• Support vulnerability management activities, including assessment of identified vulnerabilities, prioritisation, and coordination with the Technology team on remediation.
• Produce operational metrics and MI reporting in support of governance and stakeholder reporting.
• Mentor junior analysts, providing technical guidance on investigations, KQL development, and threat analysis techniques.

• 5+ years of experience in Security Operations, Incident Response, or a closely related defensive security role.
• Strong proficiency with Microsoft Sentinel (KQL query development, analytics rules, workbooks) and Microsoft Defender XDR.
• Good understanding of attacker techniques, tactics, and procedures (TTPs) and familiarity with the MITRE ATT&CK framework.
• Experience leading or contributing to incident response investigations through the full IR lifecycle.
• Strong KQL skills with the ability to write queries for detection, investigation, and hunting use cases.
• Experience with vulnerability management processes and tools.
• GIAC, CREST, or equivalent security certifications – or demonstrable equivalent experience.
• Strong communication skills with the ability to brief technical and non‑technical stakeholders on incident status, risk, and remediation actions.

• Generous Annual Leave Policy: 5 weeks of annual leave, fully available at the start of each year, plus an additional 2 weeks paid leave after 5 years of continuous service.
• Flexible Working:
  Hybrid working policy with additional flexibility around unpaid leave.
• Corporate Responsibility Days: 3 days per year to support social and environmental causes.
• Wellbeing Fund:
  Annual People Fund to support wellbeing activities of your choice.
• Profit Share Scheme:
  Participation in the Baringa Group Profit Share Scheme.

We are proud to be an Equal Opportunity Employer. We believe that creating an environment where everyone feels a sense of belonging is central to our culture and that diversity is paramount to driving creativity, innovation, and value for our clients and for our people.