Senior Threat Hunting Analyst

Senior Threat Hunting Analyst

Apply locations London, United Kingdom time type Full time posted on Posted 2 Days Ago job requisition id R0100172

LSEGCyber security operations is a central function employing people, process and technology to proactively prevent, detect and respond to cyber security incidents. Security operations spans multiple pillars including cyber threat intelligence, cyber threat detection, data loss prevention, cyber incident response and cyber threat hunting.

This role sits within the cyber threat hunting pillar and is responsible for driving a proactive hunt based approach to cyber defense, leveraging large disparate data sets, analytical techniques and leveraging of deep subject matter expertise across a broad range of disciplines to help identify rare, unknown and anomalous behaviours.

1. Perform intelligence led proactive threat hunts across the estate, utilising a range of tooling available, and focusing hunts on relevant behavioural tactics, techniques, and procedures (TTPs) identified as potential threats to the organisation.
2. Contribute to detection engineering initiatives by identifying opportunities for, and implementation of new detections as an output of threat hunts completed.
3. Support other functions within security operations by responding to hunt requests and by applying your expertise in advanced actors and TTPs for ongoing incidents, working closely with our incident responders.
4. Research new attack behaviours and TTPs used by threat actors, leading to new hunting and detection opportunities.
5. Assist in the development and maturity of the threat hunting process and team through development of cutting edge hunting techniques and introduction of automation into the threat hunting process.
6. Develop threat hunting hypothesis in collaboration with the threat intelligence team, helping to track relevant threat actors, campaigns and emerging threats and the TTPs they use.
7. Cross-train and mentor wider analyst team in the development of threat hunting.
8. Represent threat hunting to the wider information security team, and to the wider business, including senior stakeholders, through reporting, presentations and knowledge sharing sessions.

1. Experience within cyber security operations as either an incident responder, threat hunter, threat intelligence analyst, or similar role.
2. Extensive experience in various security tooling across endpoint, cloud and network, including XDR/EDR technology, SIEM, AWS CloudTrail, Azure Sentinel, IDS/IPS.
3. Proficiency in multiple query languages such as Splunk or KQL, with an ability to manipulate and analyse large data sets.
4. Expertise in formulating threat hunting hypotheses and working with available data sets to determine conclusions.
5. Solid understanding of current TTPs used by threat actors and an ability to replicate behaviours in a lab environment to generate telemetry.
6. Direct experience working with the Mitre ATT&CK Framework or similar, with an ability to utilise the framework to identify detection gaps for threat hunting.
7. Strong competence being able to quickly respond to emerging threats, showcasing an ability to develop and perform hunts, while working under strict deadlines.

1. Able to operate autonomously and identify opportunities to deliver impactful results.
2. Curiosity and a desire to gain knowledge.
3. Ability to work in a fast-paced environment, whilst remaining calm under pressure.
4. Strong verbal and written communication and collaboration skills.
5. Preferred competence with one or more programming/scripting languages, such as Python, Go, Rust or similar.
6. Previous experience working with automation pipelines, and utilising Jupyter notebooks.

LSEG is a leading global financial markets infrastructure and data provider. Our purpose is driving financial stability, empowering economies and enabling customers to create sustainable growth.

We are proud to be an equal opportunities employer. This means that we do not discriminate on the basis of anyone’s race, religion, colour, national origin, gender, sexual orientation, gender identity, gender expression, age, marital status, veteran status, pregnancy or disability, or any other basis protected under applicable law.