Who We Are Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities. BCG was the pioneer in business strategy when it was founded in 1963. Today, we help clients with total transformation-inspiring complex change, enabling organizations to grow, building competitive advantage, and driving bottom-line impact. To succeed, organizations must blend digital and human capabilities. Our diverse, global teams bring deep industry and functional expertise and a range of perspectives to spark change. BCG delivers solutions through leading-edge management consulting along with technology and design, corporate and digital ventures-and business purpose. We work in a uniquely collaborative model across the firm and throughout all levels of the client organization, generating results that allow our clients to thrive. What You'll Do Security Continuous Monitoring Oversight Establish and lead BCG's first enterprise-wide Cybersecurity Continuous Monitoring (CSCM) program, ensuring continuous visibility into system, endpoint, network, and cloud activity. Define and implement governance models, including ownership of monitoring metrics (e.g., MTTD, MTTR, false positive rate, coverage completeness). Stand up monitoring processes and integrate telemetry sources across SIEM, EDR, identity, network, and cloud platforms. Ensure monitoring outputs are actionable, enriching detection and response activities and informing risk and compliance stakeholders. Technical Architecture & Integration Design and implement a continuous monitoring reference architecture, leveraging SIEM, SOAR, UEBA, and threat intelligence. Establish enterprise logging standards covering log coverage, retention, encryption, access, and integrity requirements. Drive automation of monitoring workflows and correlation logic to reduce dwell time and improve detection accuracy. Collaborate with threat intelligence teams to ensure real-time enrichment of event data and alignment with MITRE ATT&CK adversary tactics. Program & Capability Development Build the CCM capability from the ground up, defining the operating model, reporting cadence, and engagement with SOC, risk, and compliance. Develop and track KPIs, ensuring CCM effectiveness is measurable and communicated to senior stakeholders. Prioritize creation of top 5-10 operational dashboards and reports that provide critical enterprise visibility. Mature the function from initial operational capability (M1) toward advanced maturity, embedding continuous improvement cycles. STRATEGIC LEADERSHIP Serve as the founding leader for the CCM function, creating the strategy, roadmap, and tactical build plan. Partner with enterprise stakeholders across IT, Risk, and Security to align monitoring with business risk tolerance and resilience objectives. Influence senior leaders by translating technical telemetry insights into business-relevant intelligence. Build, inspire, and retain a high-performing team of analysts and engineers over time, leveraging both full-time staff and contractors. Advise senior leadership (via SecOPS) on monitoring-driven insights, risks, and mitigation recommendations. What You'll Bring Bachelor's degree (or equivalent). Master's preferred. 10+ years in cybersecurity operations, with at least 5 years in security monitoring, SOC leadership, or equivalent detection & response functions. Proven track record of building or maturing monitoring capabilities (SIEM, SOAR, telemetry pipelines, UEBA, threat intel integration). Knowledge of log ingestion, normalization, correlation, and enrichment processes. Familiarity with leading monitoring technologies: Splunk, DataDog, Microsoft Defender, CrowdStrike Falcon, Azure/AWS/GCP telemetry, threat intelligence platforms. Expertise in metrics-driven monitoring: defining, tracking, and reporting MTTD, MTTR, false positive rates, and coverage completeness. Familiarity with frameworks like NIST CSF, MITRE ATT&CK, and ISO 27001, with experience applying these to monitoring. Experience in threat hunting, anomaly detection, and behavioral analytics. Strong leadership skills: able to recruit, mentor, and develop a high-performing team in a newly established function. Executive presence: able to present complex monitoring data and risks to senior leadership in clear, concise business terms. Additional info COMPETENCIES: Director, Cybersecurity Continuous Monitoring Leads a critical security function with measurable business impact. Establishes foundational capabilities, manages delivery, and develops a growing team to support BCG's enterprise security posture. Technical & Functional Expertise Develops and executes the continuous monitoring strategy, aligned to enterprise security goals and SecOPS direction. Demonstrates deep technical expertise in telemetry ingestion, SIEM/SOAR integration, log management, and threat intelligence enrichment. Serves as a recognized expert in monitoring and detection, providing guidance to peers and influencing related security domains. Codifies monitoring practices and standards into repeatable processes and playbooks, reducing reliance on ad hoc approaches. Evaluates and pilots emerging monitoring technologies; ensures adoption of digital tools to scale efficiency and coverage. Problem Solving & Insight Frames monitoring and detection challenges in business-relevant terms (risk, resilience, compliance). Uses data-driven methods (metrics such as MTTD, MTTR, false positives) to identify control gaps and inform improvements. Translates complex monitoring outputs into actionable insights for stakeholders across IT, Risk, and Security. Innovates in detection methodologies, leveraging behavioral analytics, anomaly detection, and adversary simulations. Acts as a problem-solver during incidents, ensuring monitoring outputs guide rapid containment and response. Effectiveness & Value Creation Leads the build-out of the CCM function from the ground up, establishing governance, processes, and reporting. Structures, plans, and executes monitoring programs and initiatives, balancing near-term needs with long-term maturity goals. Delivers measurable outcomes (visibility, faster detection, reduced dwell time) that directly enhance business resilience. Proactively manages resources, balancing full-time staff and contractors to deliver capability within deadlines. Prioritizes actions with the highest impact on reducing enterprise cyber risk. Role Model Operates with integrity, safeguarding BCG and client data through responsible monitoring practices. Promotes a culture of transparency, accountability, and data-driven decision-making in the team. Demonstrates perseverance and adaptability in building a new function with high visibility and expectations. Creates an inclusive working environment that values diverse technical and analytical perspectives. Leads by example, modeling sustainable workload practices even under incident-driven pressure. Communication, Presence & Influence Develops and delivers clear dashboards, reports, and executive communications on monitoring outputs. Shapes perspectives by translating technical monitoring metrics into risk- and business-relevant insights. Communicates effectively across technical and non-technical audiences, ensuring alignment with IT and business leaders. Leads conversations in operational reviews, incident post-mortems, and governance forums. Encourages open dialogue within the team, and fosters credibility with cross-functional partners. Teaming & Collaboration Builds strong partnerships with SOC, Offensive Security, IT Operations, and Security Architecture teams. Develops productive relationships across regions and business units to expand telemetry coverage. Works collaboratively with compliance, risk, and audit to align monitoring with enterprise governance. Anticipates and manages conflicts in data ownership, tool coverage, and priorities, resolving them constructively. Promotes knowledge-sharing across security teams, reducing silos and strengthening collective defense. People Development & Leadership Defines the vision and purpose of the CCM function, instilling clarity and purpose for the team. Coaches and mentors analysts, engineers, and contractors to expand monitoring expertise. Provides stretch opportunities for team members to develop technical and leadership skills. Balances empowerment and oversight - ensuring autonomy in monitoring activities while maintaining governance discipline. Leads quality team meetings, defines clear objectives, and ensures alignment to SecOPS priorities. Provides frequent developmental feedback, fostering a culture of continuous learning and improvement. Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, disability, protected veteran status, or any other characteristic protected under national, provincial, or local law, where applicable, and those with criminal histories will be considered in a manner consistent with applicable state and local laws click apply for full job details
Mar 01, 2026
Full time
Who We Are Boston Consulting Group partners with leaders in business and society to tackle their most important challenges and capture their greatest opportunities. BCG was the pioneer in business strategy when it was founded in 1963. Today, we help clients with total transformation-inspiring complex change, enabling organizations to grow, building competitive advantage, and driving bottom-line impact. To succeed, organizations must blend digital and human capabilities. Our diverse, global teams bring deep industry and functional expertise and a range of perspectives to spark change. BCG delivers solutions through leading-edge management consulting along with technology and design, corporate and digital ventures-and business purpose. We work in a uniquely collaborative model across the firm and throughout all levels of the client organization, generating results that allow our clients to thrive. What You'll Do Security Continuous Monitoring Oversight Establish and lead BCG's first enterprise-wide Cybersecurity Continuous Monitoring (CSCM) program, ensuring continuous visibility into system, endpoint, network, and cloud activity. Define and implement governance models, including ownership of monitoring metrics (e.g., MTTD, MTTR, false positive rate, coverage completeness). Stand up monitoring processes and integrate telemetry sources across SIEM, EDR, identity, network, and cloud platforms. Ensure monitoring outputs are actionable, enriching detection and response activities and informing risk and compliance stakeholders. Technical Architecture & Integration Design and implement a continuous monitoring reference architecture, leveraging SIEM, SOAR, UEBA, and threat intelligence. Establish enterprise logging standards covering log coverage, retention, encryption, access, and integrity requirements. Drive automation of monitoring workflows and correlation logic to reduce dwell time and improve detection accuracy. Collaborate with threat intelligence teams to ensure real-time enrichment of event data and alignment with MITRE ATT&CK adversary tactics. Program & Capability Development Build the CCM capability from the ground up, defining the operating model, reporting cadence, and engagement with SOC, risk, and compliance. Develop and track KPIs, ensuring CCM effectiveness is measurable and communicated to senior stakeholders. Prioritize creation of top 5-10 operational dashboards and reports that provide critical enterprise visibility. Mature the function from initial operational capability (M1) toward advanced maturity, embedding continuous improvement cycles. STRATEGIC LEADERSHIP Serve as the founding leader for the CCM function, creating the strategy, roadmap, and tactical build plan. Partner with enterprise stakeholders across IT, Risk, and Security to align monitoring with business risk tolerance and resilience objectives. Influence senior leaders by translating technical telemetry insights into business-relevant intelligence. Build, inspire, and retain a high-performing team of analysts and engineers over time, leveraging both full-time staff and contractors. Advise senior leadership (via SecOPS) on monitoring-driven insights, risks, and mitigation recommendations. What You'll Bring Bachelor's degree (or equivalent). Master's preferred. 10+ years in cybersecurity operations, with at least 5 years in security monitoring, SOC leadership, or equivalent detection & response functions. Proven track record of building or maturing monitoring capabilities (SIEM, SOAR, telemetry pipelines, UEBA, threat intel integration). Knowledge of log ingestion, normalization, correlation, and enrichment processes. Familiarity with leading monitoring technologies: Splunk, DataDog, Microsoft Defender, CrowdStrike Falcon, Azure/AWS/GCP telemetry, threat intelligence platforms. Expertise in metrics-driven monitoring: defining, tracking, and reporting MTTD, MTTR, false positive rates, and coverage completeness. Familiarity with frameworks like NIST CSF, MITRE ATT&CK, and ISO 27001, with experience applying these to monitoring. Experience in threat hunting, anomaly detection, and behavioral analytics. Strong leadership skills: able to recruit, mentor, and develop a high-performing team in a newly established function. Executive presence: able to present complex monitoring data and risks to senior leadership in clear, concise business terms. Additional info COMPETENCIES: Director, Cybersecurity Continuous Monitoring Leads a critical security function with measurable business impact. Establishes foundational capabilities, manages delivery, and develops a growing team to support BCG's enterprise security posture. Technical & Functional Expertise Develops and executes the continuous monitoring strategy, aligned to enterprise security goals and SecOPS direction. Demonstrates deep technical expertise in telemetry ingestion, SIEM/SOAR integration, log management, and threat intelligence enrichment. Serves as a recognized expert in monitoring and detection, providing guidance to peers and influencing related security domains. Codifies monitoring practices and standards into repeatable processes and playbooks, reducing reliance on ad hoc approaches. Evaluates and pilots emerging monitoring technologies; ensures adoption of digital tools to scale efficiency and coverage. Problem Solving & Insight Frames monitoring and detection challenges in business-relevant terms (risk, resilience, compliance). Uses data-driven methods (metrics such as MTTD, MTTR, false positives) to identify control gaps and inform improvements. Translates complex monitoring outputs into actionable insights for stakeholders across IT, Risk, and Security. Innovates in detection methodologies, leveraging behavioral analytics, anomaly detection, and adversary simulations. Acts as a problem-solver during incidents, ensuring monitoring outputs guide rapid containment and response. Effectiveness & Value Creation Leads the build-out of the CCM function from the ground up, establishing governance, processes, and reporting. Structures, plans, and executes monitoring programs and initiatives, balancing near-term needs with long-term maturity goals. Delivers measurable outcomes (visibility, faster detection, reduced dwell time) that directly enhance business resilience. Proactively manages resources, balancing full-time staff and contractors to deliver capability within deadlines. Prioritizes actions with the highest impact on reducing enterprise cyber risk. Role Model Operates with integrity, safeguarding BCG and client data through responsible monitoring practices. Promotes a culture of transparency, accountability, and data-driven decision-making in the team. Demonstrates perseverance and adaptability in building a new function with high visibility and expectations. Creates an inclusive working environment that values diverse technical and analytical perspectives. Leads by example, modeling sustainable workload practices even under incident-driven pressure. Communication, Presence & Influence Develops and delivers clear dashboards, reports, and executive communications on monitoring outputs. Shapes perspectives by translating technical monitoring metrics into risk- and business-relevant insights. Communicates effectively across technical and non-technical audiences, ensuring alignment with IT and business leaders. Leads conversations in operational reviews, incident post-mortems, and governance forums. Encourages open dialogue within the team, and fosters credibility with cross-functional partners. Teaming & Collaboration Builds strong partnerships with SOC, Offensive Security, IT Operations, and Security Architecture teams. Develops productive relationships across regions and business units to expand telemetry coverage. Works collaboratively with compliance, risk, and audit to align monitoring with enterprise governance. Anticipates and manages conflicts in data ownership, tool coverage, and priorities, resolving them constructively. Promotes knowledge-sharing across security teams, reducing silos and strengthening collective defense. People Development & Leadership Defines the vision and purpose of the CCM function, instilling clarity and purpose for the team. Coaches and mentors analysts, engineers, and contractors to expand monitoring expertise. Provides stretch opportunities for team members to develop technical and leadership skills. Balances empowerment and oversight - ensuring autonomy in monitoring activities while maintaining governance discipline. Leads quality team meetings, defines clear objectives, and ensures alignment to SecOPS priorities. Provides frequent developmental feedback, fostering a culture of continuous learning and improvement. Boston Consulting Group is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, age, religion, sex, sexual orientation, gender identity / expression, national origin, disability, protected veteran status, or any other characteristic protected under national, provincial, or local law, where applicable, and those with criminal histories will be considered in a manner consistent with applicable state and local laws click apply for full job details
Cookie Notice Chief Information Security Officer Title: Chief Information Security Officer Company: Ipsen Pharma (SAS) About Ipsen: Ipsen is a mid-sized global biopharmaceutical company with a focus on transformative medicines in three therapeutic areas: Oncology, Rare Disease and Neuroscience. Supported by nearly 100 years of development experience, with global hubs in the U.S., France and the U.K, we tackle areas of high unmet medical need through research and innovation. Our passionate teams in more than 40 countries are focused on what matters and endeavor every day to bring medicines to patients in 88 countries. We build a workplace that champions human-centric leadership and fosters a culture of collaboration, excellence and impact. At Ipsen, every individual is empowered to be their true selves, grow and thrive alongside the company's success. Join us on our journey towards sustainable growth, creating real impact on patients and society!For more information, visit us at and follow our latest news on and . Job Description: The Chief Information Security Officer (CISO) is a strategic executive responsible for protecting the company's physical, digital, and intellectual assets. In a pharmaceutical context, this includes safeguarding sensitive R&D data, clinical trial information, patient privacy, and proprietary technologies. The CISO leads the development and execution of a comprehensive security strategy encompassing cybersecurity, regulatory compliance, physical security, and internal investigations. This role includes building and managing a multidisciplinary security and investigations team, ensuring alignment with business goals and regulatory requirements. WHAT - Main Responsibilities & Technical Competencies Strategic Leadership Develop and execute a forward-looking security strategy aligned with corporate objectives and industry trends. Advise executive leadership and the board on risk posture, threat landscape, and investment priorities. Lead cross-functional initiatives to embed security into digital transformation, innovation, and operational excellence. Establish KPIs and performance metrics to measure and improve security effectiveness. Cybersecurity & IT Security Oversee the design and implementation of cybersecurity architecture and controls. Ensure protection of IT infrastructure, cloud environments, and sensitive data. Lead incident response, threat intelligence, and vulnerability management programs. Maintain compliance with global standards (e.g., ISO 27001, NIST, GDPR, HIPAA). Governance, Risk & Compliance Develop and enforce enterprise-wide security policies and procedures. In alignment with the business ethics team, ensure compliance with pharmaceutical regulations (e.g., FDA, EMA, GxP). Conduct risk assessments, internal audits, and third-party security evaluations. Report regularly to senior leadership on risk mitigation and compliance status. Investigations & Incident Management Establish and lead an internal investigations function to address security breaches, misconduct, and regulatory violations. Build and manage a team of investigators and analysts with expertise in digital forensics, compliance, and legal coordination. Collaborate with HR, Legal, and external agencies on sensitive investigations and disciplinary actions. Ensure thorough documentation, reporting, and resolution of incidents in line with legal and regulatory standards. Fraud Management Develop and implement a fraud prevention and detection framework across the organization. Lead investigations into suspected fraud, misconduct, and financial irregularities. Collaborate with Finance, Legal, and Compliance to ensure timely resolution and reporting of fraud cases. Maintain a whistleblower program and ensure confidentiality and integrity in handling reports. Monitor fraud trends and proactively adjust controls and training programs. Team Management & Development Build and lead a multidisciplinary security team (cybersecurity, physical security, investigations, risk management). Define roles, responsibilities, and career development paths for team members. Foster a culture of accountability, agility, and continuous learning. Manage vendor relationships and external consultants as needed. Physical & Operational Security Oversee facility security, access control, and surveillance systems. Coordinate with facilities and operations on emergency preparedness and response. Develop and test business continuity and disaster recovery plans. Stakeholder Engagement Partner with various functions & business leaders including Legal, Regulatory Affairs, R&D, and Medical Affairs to align security with business needs. Lead security awareness and training programs across the organization. Represent the company in external forums, industry groups, and regulatory engagements. HOW - Knowledge & Experience Skills: Technical depth in cybersecurity and investigations Leadership and team development Fraud detection and prevention expertise Regulatory and compliance acumen Communication and stakeholder management Crisis and incident responseKnowledge & Experience: 15+ years of experience in security leadership, preferably in pharma or life sciences. Proven track record in strategic planning, investigations, fraud management, and team leadership. Certifications such as CISSP, CISM, CISA, CRISC, or CFE (Certified Fraud Examiner) are highly desirable. Strong understanding of regulatory environments and risk management frameworks.Education / Certifications : Bachelor's or Master's degree in Information Security, Computer Science, or related field.Language(s) : Fluency in English. Knowledge of European language is a plus for global roles.Nous nous engageons à créer un lieu de travail où chacun se sent écouté, valorisé et soutenu, où nous incarnons " The Real Us ". La valeur que nous accordons aux différentes perspectives et expériences motive notre engagement en faveur de l'inclusion et de l'égalité des chances. Lorsque nous intégrons des modes de pensée diversifiés, nous prenons des décisions plus réfléchies et découvrons des solutions plus innovantes. Ensemble, nous nous efforçons de mieux comprendre les communautés que nous servons. Cela signifie que nous voulons également vous aider à donner le meilleur de vous-même lorsque vous postulez à un poste chez nous. Si vous avez besoin d'aménagements ou d'aide pendant le processus de candidature, veuillez en informer l'équipe de recrutement. Ces informations seront traitées avec soin et n'auront aucune incidence sur le résultat de votre candidature. Soyons nous-même Get In TouchIntroduce yourself to our recruiters and we'll get in touch if there's a role that seems like a good match.
Mar 01, 2026
Full time
Cookie Notice Chief Information Security Officer Title: Chief Information Security Officer Company: Ipsen Pharma (SAS) About Ipsen: Ipsen is a mid-sized global biopharmaceutical company with a focus on transformative medicines in three therapeutic areas: Oncology, Rare Disease and Neuroscience. Supported by nearly 100 years of development experience, with global hubs in the U.S., France and the U.K, we tackle areas of high unmet medical need through research and innovation. Our passionate teams in more than 40 countries are focused on what matters and endeavor every day to bring medicines to patients in 88 countries. We build a workplace that champions human-centric leadership and fosters a culture of collaboration, excellence and impact. At Ipsen, every individual is empowered to be their true selves, grow and thrive alongside the company's success. Join us on our journey towards sustainable growth, creating real impact on patients and society!For more information, visit us at and follow our latest news on and . Job Description: The Chief Information Security Officer (CISO) is a strategic executive responsible for protecting the company's physical, digital, and intellectual assets. In a pharmaceutical context, this includes safeguarding sensitive R&D data, clinical trial information, patient privacy, and proprietary technologies. The CISO leads the development and execution of a comprehensive security strategy encompassing cybersecurity, regulatory compliance, physical security, and internal investigations. This role includes building and managing a multidisciplinary security and investigations team, ensuring alignment with business goals and regulatory requirements. WHAT - Main Responsibilities & Technical Competencies Strategic Leadership Develop and execute a forward-looking security strategy aligned with corporate objectives and industry trends. Advise executive leadership and the board on risk posture, threat landscape, and investment priorities. Lead cross-functional initiatives to embed security into digital transformation, innovation, and operational excellence. Establish KPIs and performance metrics to measure and improve security effectiveness. Cybersecurity & IT Security Oversee the design and implementation of cybersecurity architecture and controls. Ensure protection of IT infrastructure, cloud environments, and sensitive data. Lead incident response, threat intelligence, and vulnerability management programs. Maintain compliance with global standards (e.g., ISO 27001, NIST, GDPR, HIPAA). Governance, Risk & Compliance Develop and enforce enterprise-wide security policies and procedures. In alignment with the business ethics team, ensure compliance with pharmaceutical regulations (e.g., FDA, EMA, GxP). Conduct risk assessments, internal audits, and third-party security evaluations. Report regularly to senior leadership on risk mitigation and compliance status. Investigations & Incident Management Establish and lead an internal investigations function to address security breaches, misconduct, and regulatory violations. Build and manage a team of investigators and analysts with expertise in digital forensics, compliance, and legal coordination. Collaborate with HR, Legal, and external agencies on sensitive investigations and disciplinary actions. Ensure thorough documentation, reporting, and resolution of incidents in line with legal and regulatory standards. Fraud Management Develop and implement a fraud prevention and detection framework across the organization. Lead investigations into suspected fraud, misconduct, and financial irregularities. Collaborate with Finance, Legal, and Compliance to ensure timely resolution and reporting of fraud cases. Maintain a whistleblower program and ensure confidentiality and integrity in handling reports. Monitor fraud trends and proactively adjust controls and training programs. Team Management & Development Build and lead a multidisciplinary security team (cybersecurity, physical security, investigations, risk management). Define roles, responsibilities, and career development paths for team members. Foster a culture of accountability, agility, and continuous learning. Manage vendor relationships and external consultants as needed. Physical & Operational Security Oversee facility security, access control, and surveillance systems. Coordinate with facilities and operations on emergency preparedness and response. Develop and test business continuity and disaster recovery plans. Stakeholder Engagement Partner with various functions & business leaders including Legal, Regulatory Affairs, R&D, and Medical Affairs to align security with business needs. Lead security awareness and training programs across the organization. Represent the company in external forums, industry groups, and regulatory engagements. HOW - Knowledge & Experience Skills: Technical depth in cybersecurity and investigations Leadership and team development Fraud detection and prevention expertise Regulatory and compliance acumen Communication and stakeholder management Crisis and incident responseKnowledge & Experience: 15+ years of experience in security leadership, preferably in pharma or life sciences. Proven track record in strategic planning, investigations, fraud management, and team leadership. Certifications such as CISSP, CISM, CISA, CRISC, or CFE (Certified Fraud Examiner) are highly desirable. Strong understanding of regulatory environments and risk management frameworks.Education / Certifications : Bachelor's or Master's degree in Information Security, Computer Science, or related field.Language(s) : Fluency in English. Knowledge of European language is a plus for global roles.Nous nous engageons à créer un lieu de travail où chacun se sent écouté, valorisé et soutenu, où nous incarnons " The Real Us ". La valeur que nous accordons aux différentes perspectives et expériences motive notre engagement en faveur de l'inclusion et de l'égalité des chances. Lorsque nous intégrons des modes de pensée diversifiés, nous prenons des décisions plus réfléchies et découvrons des solutions plus innovantes. Ensemble, nous nous efforçons de mieux comprendre les communautés que nous servons. Cela signifie que nous voulons également vous aider à donner le meilleur de vous-même lorsque vous postulez à un poste chez nous. Si vous avez besoin d'aménagements ou d'aide pendant le processus de candidature, veuillez en informer l'équipe de recrutement. Ces informations seront traitées avec soin et n'auront aucune incidence sur le résultat de votre candidature. Soyons nous-même Get In TouchIntroduce yourself to our recruiters and we'll get in touch if there's a role that seems like a good match.
Cyber Security Analyst Milton Keynes - hybrid (2-3 days in the office, rotating, so must be within commutable distance to MK!) Up to 65,000, 10% annual bonus, on call allowance and excellent benefits plus lots of opportunity to progress! Please note this role involves being on call 1 week in 3. Our client is an impressive, innovative, multiple award-winning, leading IT Managed Service Provider; they believe great people build great companies and invest heavily in staff development, cultivating a culture of innovation, quality, and excellence. We are looking for a skilled and proactive Cyber Security Analyst to join their specialist security team. This role offers the opportunity to work across a diverse range of clients and environments, applying your technical expertise to enhance security operations, tooling, and compliance. You will play a key role in managing incidents, optimising security tools, and mentoring junior analysts, while contributing to the continuous improvement of their security posture. This is a hands-on, operationally focused role that blends technical security responsibilities with governance, risk, and compliance (GRC) elements. As Cyber Security Analyst, you will: Lead cyber incident investigations with SOC and client teams Triage and analyse alerts across email, cloud, and hybrid systems Perform threat hunting and develop detection use cases Manage vulnerability assessments and remediation efforts Maintain and optimise DLP tools and incident response Support forensic readiness and insider risk initiatives Develop and enforce security policies and awareness programs Lead incident response and produce investigation reports Utilise and enhance Microsoft Security Stack (Sentinel, Defender, Purview) Drive Zero Trust implementation Conduct security audits and generate KPI/compliance reports Mentor junior analysts and support their growth What are we looking for? Industry certifications such as Security+, ISC2 CC, Cisco, or equivalent. Progress toward or completion of Microsoft certifications: AZ-900, SC-200, SC-401, SC-500, and ideally SC-100. Strong written and verbal communication skills. Solid understanding of enterprise security operations and tooling. Experience in a technical cyber security role. Hands-on experience with the Microsoft Security Stack and other leading security tools. Familiarity with network and application firewalls. Working knowledge of security frameworks such as ISO27001, NIST, SOC2, and Cyber Essentials Plus. Experience with Privileged Access Management tools (e.g., CyberArk, Entra, SailPoint). Ability to quickly learn and adapt to new security tools and technologies. Please be aware this advert will remain open until the vacancy has been filled. Interviews will take place throughout this period, therefore we encourage you to apply early to avoid disappointment. Tate is acting as an Employment Business in relation to this vacancy. Tate is committed to promoting equal opportunities. To ensure that every candidate has the best experience with us, we encourage you to let us know if there are any adjustments we can make during the application or interview process. Your comfort and accessibility are our priority, and we are here to support you every step of the way. Additionally, we value and respect your individuality, and we invite you to share your preferred pronouns in your application.
Feb 27, 2026
Full time
Cyber Security Analyst Milton Keynes - hybrid (2-3 days in the office, rotating, so must be within commutable distance to MK!) Up to 65,000, 10% annual bonus, on call allowance and excellent benefits plus lots of opportunity to progress! Please note this role involves being on call 1 week in 3. Our client is an impressive, innovative, multiple award-winning, leading IT Managed Service Provider; they believe great people build great companies and invest heavily in staff development, cultivating a culture of innovation, quality, and excellence. We are looking for a skilled and proactive Cyber Security Analyst to join their specialist security team. This role offers the opportunity to work across a diverse range of clients and environments, applying your technical expertise to enhance security operations, tooling, and compliance. You will play a key role in managing incidents, optimising security tools, and mentoring junior analysts, while contributing to the continuous improvement of their security posture. This is a hands-on, operationally focused role that blends technical security responsibilities with governance, risk, and compliance (GRC) elements. As Cyber Security Analyst, you will: Lead cyber incident investigations with SOC and client teams Triage and analyse alerts across email, cloud, and hybrid systems Perform threat hunting and develop detection use cases Manage vulnerability assessments and remediation efforts Maintain and optimise DLP tools and incident response Support forensic readiness and insider risk initiatives Develop and enforce security policies and awareness programs Lead incident response and produce investigation reports Utilise and enhance Microsoft Security Stack (Sentinel, Defender, Purview) Drive Zero Trust implementation Conduct security audits and generate KPI/compliance reports Mentor junior analysts and support their growth What are we looking for? Industry certifications such as Security+, ISC2 CC, Cisco, or equivalent. Progress toward or completion of Microsoft certifications: AZ-900, SC-200, SC-401, SC-500, and ideally SC-100. Strong written and verbal communication skills. Solid understanding of enterprise security operations and tooling. Experience in a technical cyber security role. Hands-on experience with the Microsoft Security Stack and other leading security tools. Familiarity with network and application firewalls. Working knowledge of security frameworks such as ISO27001, NIST, SOC2, and Cyber Essentials Plus. Experience with Privileged Access Management tools (e.g., CyberArk, Entra, SailPoint). Ability to quickly learn and adapt to new security tools and technologies. Please be aware this advert will remain open until the vacancy has been filled. Interviews will take place throughout this period, therefore we encourage you to apply early to avoid disappointment. Tate is acting as an Employment Business in relation to this vacancy. Tate is committed to promoting equal opportunities. To ensure that every candidate has the best experience with us, we encourage you to let us know if there are any adjustments we can make during the application or interview process. Your comfort and accessibility are our priority, and we are here to support you every step of the way. Additionally, we value and respect your individuality, and we invite you to share your preferred pronouns in your application.
We're looking for a hands-on senior security professional to join a growing entertainment agency, acting as an international incident focal point as the function expands globally. This role will focus on triaging, investigating, and closing security events while continuously enhancing detection and response capabilities across a modern, cloud-first environment. Location: London (Ideally 2 days PW but open to flex) Pay rate: £600-650 Inside IR35 Duration: 6 Months initially If you're passionate about Threat Detection, Threat Hunting, and Incident Response, and enjoy working in a fast-paced, collaborative environment - this could be a great fit. Key Responsibilities Lead day-to-day Incident Response activities across a global environment Conduct proactive Threat Hunting using cyber threat intelligence sources Design and implement IR runbooks and playbooks Coordinate technical and business stakeholders during incidents Perform host, cloud, network, memory and log-based investigations and forensics Develop and enhance security monitoring, detection logic and reporting Create dashboards and visualisations to contextualise security data Drive continuous improvement of technical security controls and response processes Mentor junior analysts and support wider SOC capability development Experience Required Security operations background with experience in Incident Response, Threat Hunting or technical investigations Strong experience in cloud-based IR within hybrid environments Ability to develop scripts, tools and methodologies to enhance investigations Strong technical understanding of servers, OS, networks, firewalls and cloud infrastructure Experience building IR workflows and playbooks Confident communicator with the ability to build and maintain relationships Sound like you? Please apply directly for more detail.
Feb 27, 2026
Full time
We're looking for a hands-on senior security professional to join a growing entertainment agency, acting as an international incident focal point as the function expands globally. This role will focus on triaging, investigating, and closing security events while continuously enhancing detection and response capabilities across a modern, cloud-first environment. Location: London (Ideally 2 days PW but open to flex) Pay rate: £600-650 Inside IR35 Duration: 6 Months initially If you're passionate about Threat Detection, Threat Hunting, and Incident Response, and enjoy working in a fast-paced, collaborative environment - this could be a great fit. Key Responsibilities Lead day-to-day Incident Response activities across a global environment Conduct proactive Threat Hunting using cyber threat intelligence sources Design and implement IR runbooks and playbooks Coordinate technical and business stakeholders during incidents Perform host, cloud, network, memory and log-based investigations and forensics Develop and enhance security monitoring, detection logic and reporting Create dashboards and visualisations to contextualise security data Drive continuous improvement of technical security controls and response processes Mentor junior analysts and support wider SOC capability development Experience Required Security operations background with experience in Incident Response, Threat Hunting or technical investigations Strong experience in cloud-based IR within hybrid environments Ability to develop scripts, tools and methodologies to enhance investigations Strong technical understanding of servers, OS, networks, firewalls and cloud infrastructure Experience building IR workflows and playbooks Confident communicator with the ability to build and maintain relationships Sound like you? Please apply directly for more detail.
Overview We're seeking a Senior Security Consultant to support our SOC operations as part of customer delivery team in DNV Cyber's (formerly Nixu) Managed Services. In this customer-facing role, you will be working with the Microsoft Defender and Palo Alto Cortex XDRs, managing customers' environments, designing and deploying security operations infrastructure, and consulting customers on threat detection & response and exposure management. To excel in this role, we expect you to collaborate effectively with teammates, as well as customer technical and non-technical personnel. Responsibilities Operate & optimize: Manage, tune, and maintain Microsoft Defender XDR and Palo Alto Cortex XDR platforms on behalf of customers, including configuration, alerting, and automation. Lead end-to-end security projects: Run end-to-end cyber consulting engagements and technical deployment projects - scoping, execution, reporting, and handover, aligned with customer business goals. Investigate & advise: Conduct periodic security posture reviews, threat hunts, and incident investigations using XDR and other data available. Translate findings into actionable recommendations. Customer engagement & reporting: Meet regularly with customer stakeholders (security teams, IT personnel), present findings, and drive adoption of security best practices. Maintain strong relationships and trust. Support sales & solution design: Participate in bid responses, architect SOC/XDR solutions, and help position DNV's offerings, translating technical capabilities into customer value. Collaborate across teams: Work closely with SOC analysts, security architects, delivery managers, and sales to ensure seamless service delivery. Apply now We're reviewing applications on a rolling basis, so don't wait to submit yours. DNV Cyber At DNV Cyber, we are passionate about cybersecurity and take pride in the way we are impacting the society we live in. We encourage you to excel professionally through knowledge sharing and demanding cases. At DNV Cyber, you'll have 500 colleagues who share an interest in cyber security with you. With us, you will be surrounded by the most talented people in the cybersecurity field. Join us on an exciting adventure of growth, meaningful work, and shaping the future through cybersecurity! Visit our website to get to know more about us! DNV is an Equal Opportunity Employer and gives consideration for employment to qualified applicants without regard to gender, religion, race, national or ethnic origin, cultural background, social group, disability, sexual orientation, gender identity, marital status, age or political opinion. Diversity is fundamental to our culture and we invite you to be part of this diversity. You're a seasoned cybersecurity professional with 3+ years of hands-on experience in technical security services or consulting, ready to deliver impact through customer-focused solutions. You bring Strong working knowledge of managing Microsoft Defender or Palo Alto Cortex XDR. While expertise for both XDR platforms is not required, you must have willingness to learn them both on the job, shadowing colleagues and taking training. Experience in customer-facing security projects, consultations, and reporting. Strong analytical skills - able to interpret XDR data, threat intelligence, customer's business context, and derive security insights. Ability to configure and act within customer environments. Excellent communication skills - comfortable presenting to technical and non-technical audiences. Fluency in Finnish and English (written and spoken). You will stand out if you also have Experience with SIEM, EDR, NDR, or SOAR platforms - or cloud-native security tools (Azure Sentinel, AWS GuardDuty, etc.) Knowledge of hybrid or multi-cloud security architectures (Azure, AWS, GCP). Hands-on experience of leveraging artificial intelligence in your workflows. Relevant trainings and certifications (e.g., SC-200, AZ-500, Palo Alto Networks, GCP certs). Familiarity with security standards and regulations (e.g., ISO 27001, NIS2) Security and compliance with statutory requirements in the countries in which we operate is essential for DNV. Background checks will be conducted on all final candidates as part of the offer process, in accordance with applicable country-specific laws and practices. Please note: A SUPO (Finnish Security and Intelligence Service) security background check will be part of the recruitment process.
Feb 25, 2026
Full time
Overview We're seeking a Senior Security Consultant to support our SOC operations as part of customer delivery team in DNV Cyber's (formerly Nixu) Managed Services. In this customer-facing role, you will be working with the Microsoft Defender and Palo Alto Cortex XDRs, managing customers' environments, designing and deploying security operations infrastructure, and consulting customers on threat detection & response and exposure management. To excel in this role, we expect you to collaborate effectively with teammates, as well as customer technical and non-technical personnel. Responsibilities Operate & optimize: Manage, tune, and maintain Microsoft Defender XDR and Palo Alto Cortex XDR platforms on behalf of customers, including configuration, alerting, and automation. Lead end-to-end security projects: Run end-to-end cyber consulting engagements and technical deployment projects - scoping, execution, reporting, and handover, aligned with customer business goals. Investigate & advise: Conduct periodic security posture reviews, threat hunts, and incident investigations using XDR and other data available. Translate findings into actionable recommendations. Customer engagement & reporting: Meet regularly with customer stakeholders (security teams, IT personnel), present findings, and drive adoption of security best practices. Maintain strong relationships and trust. Support sales & solution design: Participate in bid responses, architect SOC/XDR solutions, and help position DNV's offerings, translating technical capabilities into customer value. Collaborate across teams: Work closely with SOC analysts, security architects, delivery managers, and sales to ensure seamless service delivery. Apply now We're reviewing applications on a rolling basis, so don't wait to submit yours. DNV Cyber At DNV Cyber, we are passionate about cybersecurity and take pride in the way we are impacting the society we live in. We encourage you to excel professionally through knowledge sharing and demanding cases. At DNV Cyber, you'll have 500 colleagues who share an interest in cyber security with you. With us, you will be surrounded by the most talented people in the cybersecurity field. Join us on an exciting adventure of growth, meaningful work, and shaping the future through cybersecurity! Visit our website to get to know more about us! DNV is an Equal Opportunity Employer and gives consideration for employment to qualified applicants without regard to gender, religion, race, national or ethnic origin, cultural background, social group, disability, sexual orientation, gender identity, marital status, age or political opinion. Diversity is fundamental to our culture and we invite you to be part of this diversity. You're a seasoned cybersecurity professional with 3+ years of hands-on experience in technical security services or consulting, ready to deliver impact through customer-focused solutions. You bring Strong working knowledge of managing Microsoft Defender or Palo Alto Cortex XDR. While expertise for both XDR platforms is not required, you must have willingness to learn them both on the job, shadowing colleagues and taking training. Experience in customer-facing security projects, consultations, and reporting. Strong analytical skills - able to interpret XDR data, threat intelligence, customer's business context, and derive security insights. Ability to configure and act within customer environments. Excellent communication skills - comfortable presenting to technical and non-technical audiences. Fluency in Finnish and English (written and spoken). You will stand out if you also have Experience with SIEM, EDR, NDR, or SOAR platforms - or cloud-native security tools (Azure Sentinel, AWS GuardDuty, etc.) Knowledge of hybrid or multi-cloud security architectures (Azure, AWS, GCP). Hands-on experience of leveraging artificial intelligence in your workflows. Relevant trainings and certifications (e.g., SC-200, AZ-500, Palo Alto Networks, GCP certs). Familiarity with security standards and regulations (e.g., ISO 27001, NIS2) Security and compliance with statutory requirements in the countries in which we operate is essential for DNV. Background checks will be conducted on all final candidates as part of the offer process, in accordance with applicable country-specific laws and practices. Please note: A SUPO (Finnish Security and Intelligence Service) security background check will be part of the recruitment process.
World Class Defence Organisation based in Stevenage, Hertfordshire is currently looking to recruit 8x SOC Threat Detection Analyst subcontractors on an initial 6 month contract. This role can start on an SC Security Clearance basis, however DV Clearance will be required down the line. This role would suit someone from a Cyber Security Analyst, SOC Analyst or Threat Detection Analyst background. Hourly Rate: 45ph - 85 per hour. There are 8 positions being recruited across the mid-senior level. Overtime rate of time and a quarter. Contract Duration: 6 Months initially and long-term thereafter. Shift pattern: 28 day Cycle Sat to Tue - Earlies (Apply online only) Wed to Sun - Off Mon to Fri - Lates (Apply online only) Sat to Tue Off Wed to Sun - Nights (Apply online only) (The type of shift rotates along the pattern through, so the start of the next 28 day cycle they start with lates -> Nights -> earlies then next cycle: Nights -> earlies -> lates) 28 days = 4 weeks, 14 days worked per 28 days, 3.5 days worked per week, 3.5 x 8 = 28 hours per week Initially may not be expected to do nights until team grows. SOC Threat Detection Analyst Job Description: An opportunity has arisen in the cyber security operations centre (SOC) within Information Management (IM) for a SOC Threat Detection Analyst. Supporting the Senior SOC analysts in assisting IM meet the challenges and demands of countering the Cyber Threat. The successful applicant will drive a proactive ethos in an ever-changing cyber security environment and provide robust threat detection and analysis within the 24x7 SOC. Responsibilities: To support the SOC Manager in assisting Information Management UK meet the challenges and demands of countering the Cyber Threat. Support for the operational functions of the UK SOC. To work with other UK SOC members, including the UK InfoSec Team and the IM Domains (Customer Support and Infrastructure / Information Systems). It will cover analysis, monitoring, reporting, alerting and investigation activity utilising a wide variety of security platforms including AI/ML and behavioural analytics, SIEM (Security Information Event Management), Network Packet Capture platform, Anti Malicious Code, Threat Detection technologies and platforms across the UK Network Perimeter working with the best standard technologies. The SOC Analyst reports to the SOC Manager. The SOC Analyst conducts a range of analysis and assists the incident response team with investigations that need to be escalated to an embedded member of staff. The SOC Analyst key responsibilities are: Effective Tier 1 to 2 alert triage of security events Monitoring of Cyber Security tools Monitoring the SOC email notification mailboxes Assists with the maintenance of Security technologies Assisting the SOC Solutions Lead with project activity Assist proactive threat hunting in collaboration with the CTI function Assist IR in HR and InfoSec related investigations Ensure the timely triage and remediation of any incident or request tickets raised to the SOC Participate in the activity of adding/removing URLs from the AcceptList and BlockList Attend routine security meetings Conduct activities in line with SOC Maturity and continuous improvement Skillset/experience required (Baseline): A career background in Cyber Security. Security awareness and experience in all areas of IT, primarily Network Security, Infrastructure and the secondary area being Operating Systems & Applications. Knowledge of IT Security standard methodologies. Demonstrable understanding of the OSI Reference Model and the network communication protocols, including but not limited to DNS, HTTP/S, SSL, SMTP, FTP/S, LDAP/S. Demonstrable experience with Security Information Event Monitoring Tools and/or Network Packet Capture tools. Hands on experience with IDS/IPS technologies and threat hunting activities. Strong analytical experience and mind-set. Experience within Defensive Cyber-attack methodologies and frameworks. Understanding of Malware capabilities, attack vectors, propagation and impact. Good communication skills liaising with the business and suppliers. Desirable Skillset/experience (Senior grade): Root cause analysis and leading T2 incident investigations Process / Playbook / Runbook development Working knowledge of detection engineering, false positive improvements Capability to tune SIEM rules or create custom detections Scripted automation experience e.g. Python, SOAR, PowerShell Threat modelling and Hunting methodologies
Feb 24, 2026
Contractor
World Class Defence Organisation based in Stevenage, Hertfordshire is currently looking to recruit 8x SOC Threat Detection Analyst subcontractors on an initial 6 month contract. This role can start on an SC Security Clearance basis, however DV Clearance will be required down the line. This role would suit someone from a Cyber Security Analyst, SOC Analyst or Threat Detection Analyst background. Hourly Rate: 45ph - 85 per hour. There are 8 positions being recruited across the mid-senior level. Overtime rate of time and a quarter. Contract Duration: 6 Months initially and long-term thereafter. Shift pattern: 28 day Cycle Sat to Tue - Earlies (Apply online only) Wed to Sun - Off Mon to Fri - Lates (Apply online only) Sat to Tue Off Wed to Sun - Nights (Apply online only) (The type of shift rotates along the pattern through, so the start of the next 28 day cycle they start with lates -> Nights -> earlies then next cycle: Nights -> earlies -> lates) 28 days = 4 weeks, 14 days worked per 28 days, 3.5 days worked per week, 3.5 x 8 = 28 hours per week Initially may not be expected to do nights until team grows. SOC Threat Detection Analyst Job Description: An opportunity has arisen in the cyber security operations centre (SOC) within Information Management (IM) for a SOC Threat Detection Analyst. Supporting the Senior SOC analysts in assisting IM meet the challenges and demands of countering the Cyber Threat. The successful applicant will drive a proactive ethos in an ever-changing cyber security environment and provide robust threat detection and analysis within the 24x7 SOC. Responsibilities: To support the SOC Manager in assisting Information Management UK meet the challenges and demands of countering the Cyber Threat. Support for the operational functions of the UK SOC. To work with other UK SOC members, including the UK InfoSec Team and the IM Domains (Customer Support and Infrastructure / Information Systems). It will cover analysis, monitoring, reporting, alerting and investigation activity utilising a wide variety of security platforms including AI/ML and behavioural analytics, SIEM (Security Information Event Management), Network Packet Capture platform, Anti Malicious Code, Threat Detection technologies and platforms across the UK Network Perimeter working with the best standard technologies. The SOC Analyst reports to the SOC Manager. The SOC Analyst conducts a range of analysis and assists the incident response team with investigations that need to be escalated to an embedded member of staff. The SOC Analyst key responsibilities are: Effective Tier 1 to 2 alert triage of security events Monitoring of Cyber Security tools Monitoring the SOC email notification mailboxes Assists with the maintenance of Security technologies Assisting the SOC Solutions Lead with project activity Assist proactive threat hunting in collaboration with the CTI function Assist IR in HR and InfoSec related investigations Ensure the timely triage and remediation of any incident or request tickets raised to the SOC Participate in the activity of adding/removing URLs from the AcceptList and BlockList Attend routine security meetings Conduct activities in line with SOC Maturity and continuous improvement Skillset/experience required (Baseline): A career background in Cyber Security. Security awareness and experience in all areas of IT, primarily Network Security, Infrastructure and the secondary area being Operating Systems & Applications. Knowledge of IT Security standard methodologies. Demonstrable understanding of the OSI Reference Model and the network communication protocols, including but not limited to DNS, HTTP/S, SSL, SMTP, FTP/S, LDAP/S. Demonstrable experience with Security Information Event Monitoring Tools and/or Network Packet Capture tools. Hands on experience with IDS/IPS technologies and threat hunting activities. Strong analytical experience and mind-set. Experience within Defensive Cyber-attack methodologies and frameworks. Understanding of Malware capabilities, attack vectors, propagation and impact. Good communication skills liaising with the business and suppliers. Desirable Skillset/experience (Senior grade): Root cause analysis and leading T2 incident investigations Process / Playbook / Runbook development Working knowledge of detection engineering, false positive improvements Capability to tune SIEM rules or create custom detections Scripted automation experience e.g. Python, SOAR, PowerShell Threat modelling and Hunting methodologies
Select how often (in days) to receive an alert: Colt provides network, voice and data centre services to thousands of businesses around the world, allowing them to focus on delivering their business goals instead of the underlying infrastructure. Why we need this role We're looking for a visionary cybersecurity leader to drive the transformation of our global Security Operations Center. Reporting to the Chief Security Officer, you will architect and scale a next generation SOC - advancing incident response, integrating cutting edge threat intelligence, and strengthening the systems that protect and sustain our digital operations. This is an opportunity to build something exceptional and lead a team that redefines how we approach cyber defence and resilience. What you will do Lead, develop, and inspire a high performing team of SOC analysts and engineers. Define and implement cyber defence strategies aligned with business priorities and risk posture. Act as the senior escalation point for complex security incidents and coordinate cross functional responses. Threat and Vulnerability Management Integrate advanced threat intelligence into detection and response workflows to identify emerging threats proactively. Develop an automated, risk based vulnerability management programme to reduce attack surface. Collaborate with intelligence sharing communities to enhance situational awareness. Translate threat intelligence into actionable security measures for stakeholders. Oversee monitoring and analysis of network traffic, IDS alerts, and security logs. Ensure accurate prioritisation and build high fidelity alerting. Lead escalation and resolution efforts across internal and external partners. Build a proactive threat hunting capability and partner with industry experts. Enhance security monitoring tools, processes, and detection logic. Stay ahead of current vulnerabilities, attack techniques, and countermeasures. Ensure thorough documentation of cases, procedures, and investigations. What we're looking for Technical Expertise Deep understanding of security operations, threat intelligence and incident response frameworks. Knowledge of intrusion detection, operating systems (Windows/UNIX), web technologies and telco networks.Hands on experience developing custom detections and leading threat hunting. Familiarity with cloud security operations and automation/orchestration. Telecoms experience is a strong advantage. Leadership Skills Excellent communication skills with the ability to simplify complex concepts. Proven experience leading global teams and making decisions in high ambiguity environments. Strong analytical and problem solving skills for complex security challenges. Ability to build strong, collaborative relationships across a global organisation. A growth mindset - resilient, curious, and solutions oriented. Preferred Experience 8+ years in cybersecurity operations, with at least 3 in a leadership role. Experience integrating threat intelligence into SOC workflows. Certifications such as CISSP, GIAC or equivalent are a plus. What we offer you: Looking to make a mark? At Colt, you'll make a difference. Because around here, we empower people. We don't tell you what to do. Instead, we employ people we trust, who come together across the globe to create intelligent solutions. Our global teams are full of ambitious, driven people, all working together towards one shared purpose: to put the power of the digital universe in the hands of our customers wherever, whenever and however they want. We give our people the opportunity to inspire and lead teams, and work on projects that connect people, cities, businesses, and ideas. We want you to help us change the world, for the better. Diversity and inclusion Inclusion and valuing diversity of thought and experience are at the heart of our culture here at Colt. From day one, you'll be encouraged to be yourself because we believe that's what helps our people to thrive. We welcome people with diverse backgrounds and experiences, regardless of their gender identity or expression, sexual orientation, race, religion, disability, neurodiversity, age, marital status, pregnancy status, or place of birth. Most recently we have: Signed the UN Women Empowerment Principles which guide our Gender Action Plan Trained 60 (and growing) Colties to be Mental Health First Aiders Please speak with a member of our recruitment team if you require adjustments to our recruitment process to support you. For more information about our Inclusion and Diversity agenda, visit our DEI pages. Our benefits support you through all parts of life, for both physical and mental health. Flexible working hours and the option to work from home. Extensive induction program with experienced mentors and buddies. Opportunities for further development and educational opportunities. Global Family Leave Policy. Employee Assistance Program. Internal inclusion & diversity employee networks. A global network When you join Colt you become part of our global network. We are proud of our colleagues and the stories and experience they bring - take a look at 'Our People' site including our Empowered Women in Tech. Job Segment: Operations Manager, Data Center, Cyber Security, Work from Home, Unix, Operations, Technology, Security, Contract
Feb 12, 2026
Full time
Select how often (in days) to receive an alert: Colt provides network, voice and data centre services to thousands of businesses around the world, allowing them to focus on delivering their business goals instead of the underlying infrastructure. Why we need this role We're looking for a visionary cybersecurity leader to drive the transformation of our global Security Operations Center. Reporting to the Chief Security Officer, you will architect and scale a next generation SOC - advancing incident response, integrating cutting edge threat intelligence, and strengthening the systems that protect and sustain our digital operations. This is an opportunity to build something exceptional and lead a team that redefines how we approach cyber defence and resilience. What you will do Lead, develop, and inspire a high performing team of SOC analysts and engineers. Define and implement cyber defence strategies aligned with business priorities and risk posture. Act as the senior escalation point for complex security incidents and coordinate cross functional responses. Threat and Vulnerability Management Integrate advanced threat intelligence into detection and response workflows to identify emerging threats proactively. Develop an automated, risk based vulnerability management programme to reduce attack surface. Collaborate with intelligence sharing communities to enhance situational awareness. Translate threat intelligence into actionable security measures for stakeholders. Oversee monitoring and analysis of network traffic, IDS alerts, and security logs. Ensure accurate prioritisation and build high fidelity alerting. Lead escalation and resolution efforts across internal and external partners. Build a proactive threat hunting capability and partner with industry experts. Enhance security monitoring tools, processes, and detection logic. Stay ahead of current vulnerabilities, attack techniques, and countermeasures. Ensure thorough documentation of cases, procedures, and investigations. What we're looking for Technical Expertise Deep understanding of security operations, threat intelligence and incident response frameworks. Knowledge of intrusion detection, operating systems (Windows/UNIX), web technologies and telco networks.Hands on experience developing custom detections and leading threat hunting. Familiarity with cloud security operations and automation/orchestration. Telecoms experience is a strong advantage. Leadership Skills Excellent communication skills with the ability to simplify complex concepts. Proven experience leading global teams and making decisions in high ambiguity environments. Strong analytical and problem solving skills for complex security challenges. Ability to build strong, collaborative relationships across a global organisation. A growth mindset - resilient, curious, and solutions oriented. Preferred Experience 8+ years in cybersecurity operations, with at least 3 in a leadership role. Experience integrating threat intelligence into SOC workflows. Certifications such as CISSP, GIAC or equivalent are a plus. What we offer you: Looking to make a mark? At Colt, you'll make a difference. Because around here, we empower people. We don't tell you what to do. Instead, we employ people we trust, who come together across the globe to create intelligent solutions. Our global teams are full of ambitious, driven people, all working together towards one shared purpose: to put the power of the digital universe in the hands of our customers wherever, whenever and however they want. We give our people the opportunity to inspire and lead teams, and work on projects that connect people, cities, businesses, and ideas. We want you to help us change the world, for the better. Diversity and inclusion Inclusion and valuing diversity of thought and experience are at the heart of our culture here at Colt. From day one, you'll be encouraged to be yourself because we believe that's what helps our people to thrive. We welcome people with diverse backgrounds and experiences, regardless of their gender identity or expression, sexual orientation, race, religion, disability, neurodiversity, age, marital status, pregnancy status, or place of birth. Most recently we have: Signed the UN Women Empowerment Principles which guide our Gender Action Plan Trained 60 (and growing) Colties to be Mental Health First Aiders Please speak with a member of our recruitment team if you require adjustments to our recruitment process to support you. For more information about our Inclusion and Diversity agenda, visit our DEI pages. Our benefits support you through all parts of life, for both physical and mental health. Flexible working hours and the option to work from home. Extensive induction program with experienced mentors and buddies. Opportunities for further development and educational opportunities. Global Family Leave Policy. Employee Assistance Program. Internal inclusion & diversity employee networks. A global network When you join Colt you become part of our global network. We are proud of our colleagues and the stories and experience they bring - take a look at 'Our People' site including our Empowered Women in Tech. Job Segment: Operations Manager, Data Center, Cyber Security, Work from Home, Unix, Operations, Technology, Security, Contract
The Role We're looking for a Senior Content Engineer to help us research, plan, and create advanced content and virtual labs for our online courses. The ideal candidate has extensive experience in blue team cyber security roles and a strong background in training content development. Technical Skills & Experience To be considered for this opportunity, you must have at least 5 years of relevant cyber security industry experience in roles such as L3/L4 SOC Analyst, Security Engineer, Incident Responder, Threat Hunter or Digital Forensics Investigator. You should also demonstrate: Strong expertise in core blue team areas: incident detection and response, threat intelligence, log analysis, security monitoring, and digital forensics. A deep understanding of networking, computing, and operating systems as they relate to security practices. Familiarity with blue team tooling (e.g., SIEM, EDR, IDS/IPS, forensic tools) and methodologies (e.g., MITRE ATT&CK framework, log analysis, malware analysis). Proven ability to research and adapt to emerging threats and technologies and translate that knowledge into engaging training content. Strong verbal and written English communication skills, essential for conveying complex technical concepts. Job Responsibilities Research, design, and develop defensive cyber security training material with supporting hands-on lab exercises (such as virtual machines and datasets for analysis). Collaborate with the Content Engineering Team to support security training coverage and identify content development opportunities. Experience developing and configuring virtual machines and sample datasets for realistic cybersecurity labs. Provide guidance and support to other Content Engineering Team members in areas of expertise. Take charge of planning and designing portions of the content development roadmap. Collaborate with the Head of Content Engineering to continuously improve the content development process. Analyze industry trends in tooling and techniques and recreate them as teachable content. Strategically plan, review, and schedule content with our blue team content engineering team. Preferred Skills (nice-to-have): Creating challenges for capture the flags (CTFs) Programming experience in any of the following: Python, PHP, Bash, Powershell Experience leading/ coaching/ mentoring others Certifications such as GIAC Certified Incident Handler (GCIH), GIAC Certified Enterprise Defender (GCED), Certified SOC Analyst (CSA), Certified Forensic Analyst (GCFA), CompTIA CySA+, BTL2 Benefits & Perks 100% Remote - In a fully digital world, work from anywhere you want! Flexi Time - Choose your own hours as long as you have at least 4 hours of overlap with the UK timezone (from 8am - 6pm) Tools - a dedicated work laptop + any accessories you need to do your best work. Swag Pack - start your TryHackMe journey with a branded swag bundle! Personal Development - £2,500 training budget to acquire certifications, and more. Company Retreat - an annual company retreat, fully paid for by us! Lunch on us - whether you're a pizza-lover, salad obsessed or a big sushi fan, TryHackMe will cover the cost of your lunch order during our recurring company virtual lunches. Health Insurance - if you're in a country that doesn't have public health care. Enhanced Maternity & Paternity - an enhanced package on top of statutory requirements. 401k / Pension - TryHackMe makes it easy to save money for your retirement. Our Hiring Process Stage 1: Short introduction call (30 mins) Stage 2: Technical Take Home Exercise (part 1 & 2) Stage 3: Interview with our Head of Content Engineering (one hour) Stage 4: Final call with a Co-Founder (30 mins) At this time, we are unable to provide sponsorship.
Feb 07, 2026
Full time
The Role We're looking for a Senior Content Engineer to help us research, plan, and create advanced content and virtual labs for our online courses. The ideal candidate has extensive experience in blue team cyber security roles and a strong background in training content development. Technical Skills & Experience To be considered for this opportunity, you must have at least 5 years of relevant cyber security industry experience in roles such as L3/L4 SOC Analyst, Security Engineer, Incident Responder, Threat Hunter or Digital Forensics Investigator. You should also demonstrate: Strong expertise in core blue team areas: incident detection and response, threat intelligence, log analysis, security monitoring, and digital forensics. A deep understanding of networking, computing, and operating systems as they relate to security practices. Familiarity with blue team tooling (e.g., SIEM, EDR, IDS/IPS, forensic tools) and methodologies (e.g., MITRE ATT&CK framework, log analysis, malware analysis). Proven ability to research and adapt to emerging threats and technologies and translate that knowledge into engaging training content. Strong verbal and written English communication skills, essential for conveying complex technical concepts. Job Responsibilities Research, design, and develop defensive cyber security training material with supporting hands-on lab exercises (such as virtual machines and datasets for analysis). Collaborate with the Content Engineering Team to support security training coverage and identify content development opportunities. Experience developing and configuring virtual machines and sample datasets for realistic cybersecurity labs. Provide guidance and support to other Content Engineering Team members in areas of expertise. Take charge of planning and designing portions of the content development roadmap. Collaborate with the Head of Content Engineering to continuously improve the content development process. Analyze industry trends in tooling and techniques and recreate them as teachable content. Strategically plan, review, and schedule content with our blue team content engineering team. Preferred Skills (nice-to-have): Creating challenges for capture the flags (CTFs) Programming experience in any of the following: Python, PHP, Bash, Powershell Experience leading/ coaching/ mentoring others Certifications such as GIAC Certified Incident Handler (GCIH), GIAC Certified Enterprise Defender (GCED), Certified SOC Analyst (CSA), Certified Forensic Analyst (GCFA), CompTIA CySA+, BTL2 Benefits & Perks 100% Remote - In a fully digital world, work from anywhere you want! Flexi Time - Choose your own hours as long as you have at least 4 hours of overlap with the UK timezone (from 8am - 6pm) Tools - a dedicated work laptop + any accessories you need to do your best work. Swag Pack - start your TryHackMe journey with a branded swag bundle! Personal Development - £2,500 training budget to acquire certifications, and more. Company Retreat - an annual company retreat, fully paid for by us! Lunch on us - whether you're a pizza-lover, salad obsessed or a big sushi fan, TryHackMe will cover the cost of your lunch order during our recurring company virtual lunches. Health Insurance - if you're in a country that doesn't have public health care. Enhanced Maternity & Paternity - an enhanced package on top of statutory requirements. 401k / Pension - TryHackMe makes it easy to save money for your retirement. Our Hiring Process Stage 1: Short introduction call (30 mins) Stage 2: Technical Take Home Exercise (part 1 & 2) Stage 3: Interview with our Head of Content Engineering (one hour) Stage 4: Final call with a Co-Founder (30 mins) At this time, we are unable to provide sponsorship.
SOC Analyst Manchester, Cheltenham or London Today, it is an unavoidable fact that your business critical infrastructure and systems are at risk of attack. The key to good security is a clear understanding of what is most critical to the business. Where you do not have enough internal resources, time or skills to monitor and manage your IT environment 24/7, NCC Group can help, freeing up your skilled employees to focus on value-add activity.NCC Group provide a range of managed and hosted services delivered from our UK based Security Operations Centre SOC which operates 24/7, 365 days a year. Our team of over 30 accredited security experts are available 24/7, dealing daily with over 200 million log events and providing support for over 5,000 network devices.NCC Group's Cloud XDR Team provide a world class Extended Detection and Response (XDR) services; detecting, responding and mitigating cyber-attacks on our customers networks in our Security Operations Centres using the Microsoft Sentinel ecosystem.The Cloud XDR Team are looking for XDR Security Analysts with a passion for security to join the team to help the customers get the most out of our services and to protect their networks.This is an opportunity to join a technically advanced and talented team and help NCC Group build and deliver world class services to our customers.This role is ideal for a seasoned SOC Analyst with experience in cyber security looking to broaden their scope of cyber skills with a strong focus on detection and response to cyber incidents Summary Monitor global systems looking for potential threats, vulnerabilities and indicators of compromise. Perform in-depth analysis of security alerts utilizing Microsoft XDR suite (Sentinel/Defender etc) Provide Incident remediation and prevention documentation and recommendations to customers based on defined procedures and analyst experience. Document and conform to processes related to security monitoring procedures. Provide customer service that exceeds our customers' expectations at all times. Initiate escalation procedure to counteract potential threats, vulnerabilities and threat actors. Compilation and review of service focused reporting. Act as an escalation point for more junior members of the team, providing assistance and mentoring where necessary. Providing assistance to Senior Cyber Security Analysts on Threat Hunting engagements. Contributing to the continuous improvement of SOC procedures and documentation. Perform other duties as assigned. What we are looking for in you Practical knowledge of security and networking toolsets such including Microsofts XDR suite (Sentinel/Defender) Pre-existing, in-depth knowledge of common network protocols and endpoint detection/forensics Pre-existing, in-depth knowledge of Windows and Linux based operating systems. Experience in the extensive analysis of common security incidents. Experience in endpoint Ability to stay calm in highly sensitive and high pressure incidents. Certification s The following certifications are desirable, but not a requirement. Successful candidates that do not possess these certifications may be tasked with working towards them at the beginning of their employment: Azure based certifications (SC-200,AZ-500,MS-500) CREST CPSA / CRIA / CMRE / CNIA / CHIA CompTIA Security+ CompTIA Network+ Other relevant certifications. Ways of working Focusing on Clients and Customers. Working as One NCC.Always Learning.Being Inclusive and Respectful.Delivering Brilliantly. Our company At NCC Group, our mission is to create a more secure digital future. That mission underpins everything we do, from our work with our incredible clients to groundbreaking research shaping our industry. Our teams' partner with clients across a multitude of industries, delving into, securing new products, and emerging technologies, as well as solving complex security problems. As global leaders in cyber and escrow, NCC Group is a people-powered business seeking the next group of brilliant minds to join our ranks. Our colleagues are our greatest asset, and NCC Group is committed to providing an inclusive and supportive work environment that fosters creativity, collaboration, authenticity, and accountability. We want colleagues to put down roots at NCC Group, and we offer a comprehensive benefits package, as well as opportunities for learning and development and career growth. We believe our people are at their brilliant best when they feel bolstered in all aspects of their well-being, and we offer wellness programs and flexible working arrangements to provide that vital support.We have a high-performance culture which is balanced evenly with world-class well-being initiatives and benefits:Flexible working Financial & InvestmentPensionLife AssuranceShare Save SchemeMaternity & Paternity leaveCommunity & Volunteering Programmes Green Car Scheme Cycle Scheme Employee Referral Program Lifestyle & Wellness Learning & Development Diversity & Inclusion If this sounds like the right opportunity for you, then we would love to hear from you! Click on apply to this job to send us your CV and cover letter and the relevant member of our global talent team will be in touch with you. Alternatively send your details to . About your application We review every application received and will get in touch if your skills and experience match what we're looking for. If you don't hear back from us within 10 days, please don't be too disappointed - we may keep your CV on our database for any future vacancies and we would encourage you to keep an eye on our career opportunities as there may be other suitable roles.If you do not want us to retain your details, please email . All personal data is held in accordance with the NCC Group Privacy Policy (). We are committed to diversity and flexibility in the workplace. If you require any reasonable adjustments to support you during the application process, please tell us at any stage. Please note that this role involves mandatory pre-employment background checks due to the nature of the work NCC Group does. To apply, you must be willing and able to undergo the vetting process. This role being advertised will be subject to BS7858 screening as a mandatory requirement.
Feb 03, 2026
Full time
SOC Analyst Manchester, Cheltenham or London Today, it is an unavoidable fact that your business critical infrastructure and systems are at risk of attack. The key to good security is a clear understanding of what is most critical to the business. Where you do not have enough internal resources, time or skills to monitor and manage your IT environment 24/7, NCC Group can help, freeing up your skilled employees to focus on value-add activity.NCC Group provide a range of managed and hosted services delivered from our UK based Security Operations Centre SOC which operates 24/7, 365 days a year. Our team of over 30 accredited security experts are available 24/7, dealing daily with over 200 million log events and providing support for over 5,000 network devices.NCC Group's Cloud XDR Team provide a world class Extended Detection and Response (XDR) services; detecting, responding and mitigating cyber-attacks on our customers networks in our Security Operations Centres using the Microsoft Sentinel ecosystem.The Cloud XDR Team are looking for XDR Security Analysts with a passion for security to join the team to help the customers get the most out of our services and to protect their networks.This is an opportunity to join a technically advanced and talented team and help NCC Group build and deliver world class services to our customers.This role is ideal for a seasoned SOC Analyst with experience in cyber security looking to broaden their scope of cyber skills with a strong focus on detection and response to cyber incidents Summary Monitor global systems looking for potential threats, vulnerabilities and indicators of compromise. Perform in-depth analysis of security alerts utilizing Microsoft XDR suite (Sentinel/Defender etc) Provide Incident remediation and prevention documentation and recommendations to customers based on defined procedures and analyst experience. Document and conform to processes related to security monitoring procedures. Provide customer service that exceeds our customers' expectations at all times. Initiate escalation procedure to counteract potential threats, vulnerabilities and threat actors. Compilation and review of service focused reporting. Act as an escalation point for more junior members of the team, providing assistance and mentoring where necessary. Providing assistance to Senior Cyber Security Analysts on Threat Hunting engagements. Contributing to the continuous improvement of SOC procedures and documentation. Perform other duties as assigned. What we are looking for in you Practical knowledge of security and networking toolsets such including Microsofts XDR suite (Sentinel/Defender) Pre-existing, in-depth knowledge of common network protocols and endpoint detection/forensics Pre-existing, in-depth knowledge of Windows and Linux based operating systems. Experience in the extensive analysis of common security incidents. Experience in endpoint Ability to stay calm in highly sensitive and high pressure incidents. Certification s The following certifications are desirable, but not a requirement. Successful candidates that do not possess these certifications may be tasked with working towards them at the beginning of their employment: Azure based certifications (SC-200,AZ-500,MS-500) CREST CPSA / CRIA / CMRE / CNIA / CHIA CompTIA Security+ CompTIA Network+ Other relevant certifications. Ways of working Focusing on Clients and Customers. Working as One NCC.Always Learning.Being Inclusive and Respectful.Delivering Brilliantly. Our company At NCC Group, our mission is to create a more secure digital future. That mission underpins everything we do, from our work with our incredible clients to groundbreaking research shaping our industry. Our teams' partner with clients across a multitude of industries, delving into, securing new products, and emerging technologies, as well as solving complex security problems. As global leaders in cyber and escrow, NCC Group is a people-powered business seeking the next group of brilliant minds to join our ranks. Our colleagues are our greatest asset, and NCC Group is committed to providing an inclusive and supportive work environment that fosters creativity, collaboration, authenticity, and accountability. We want colleagues to put down roots at NCC Group, and we offer a comprehensive benefits package, as well as opportunities for learning and development and career growth. We believe our people are at their brilliant best when they feel bolstered in all aspects of their well-being, and we offer wellness programs and flexible working arrangements to provide that vital support.We have a high-performance culture which is balanced evenly with world-class well-being initiatives and benefits:Flexible working Financial & InvestmentPensionLife AssuranceShare Save SchemeMaternity & Paternity leaveCommunity & Volunteering Programmes Green Car Scheme Cycle Scheme Employee Referral Program Lifestyle & Wellness Learning & Development Diversity & Inclusion If this sounds like the right opportunity for you, then we would love to hear from you! Click on apply to this job to send us your CV and cover letter and the relevant member of our global talent team will be in touch with you. Alternatively send your details to . About your application We review every application received and will get in touch if your skills and experience match what we're looking for. If you don't hear back from us within 10 days, please don't be too disappointed - we may keep your CV on our database for any future vacancies and we would encourage you to keep an eye on our career opportunities as there may be other suitable roles.If you do not want us to retain your details, please email . All personal data is held in accordance with the NCC Group Privacy Policy (). We are committed to diversity and flexibility in the workplace. If you require any reasonable adjustments to support you during the application process, please tell us at any stage. Please note that this role involves mandatory pre-employment background checks due to the nature of the work NCC Group does. To apply, you must be willing and able to undergo the vetting process. This role being advertised will be subject to BS7858 screening as a mandatory requirement.
