Senior Threat Hunting Analyst | London, UK

LSEGCyber security operations is a central function employing people, processes, and technology to proactively prevent, detect, and respond to cyber security incidents. Security operations span multiple pillars including cyber threat intelligence, threat detection, data loss prevention, cyber incident response, and cyber threat hunting.

This role sits within the cyber threat hunting pillar and is responsible for driving a proactive, hunt-based approach to cyber defense. It involves leveraging large, disparate data sets, analytical techniques, and deep subject matter expertise across various disciplines to identify rare, unknown, and anomalous behaviors.

• Perform intelligence-led proactive threat hunts across the estate, utilizing available tooling, focusing on relevant behavioral TTPs identified as potential threats.
• Contribute to detection engineering by identifying opportunities for and implementing new detections based on threat hunts.
• Support other security functions by responding to hunt requests and applying expertise in advanced actors and TTPs during ongoing incidents, collaborating closely with incident responders.
• Research new attack behaviors and TTPs used by threat actors to discover new hunting and detection opportunities.
• Assist in developing and maturing the threat hunting process and team through innovative techniques and automation.
• Develop threat hunting hypotheses in collaboration with the threat intelligence team, tracking relevant threat actors, campaigns, and emerging threats.
• Cross-train and mentor team members in threat hunting development.
• Represent threat hunting to the wider security team and business through reports, presentations, and knowledge-sharing sessions.

• Experience in cyber security operations, such as incident response, threat hunting, or threat intelligence analysis.
• Extensive experience with security tools across endpoint, cloud, and network environments, including XDR/EDR, SIEM, AWS CloudTrail, Azure Sentinel, IDS/IPS.
• Proficiency in query languages like Splunk or KQL, capable of analyzing large datasets.
• Expertise in formulating hypotheses and working with data to draw conclusions.
• Solid understanding of current threat actor TTPs and ability to replicate behaviors in labs.
• Experience with the Mitre ATT&CK Framework or similar, to identify detection gaps.
• Ability to respond quickly to emerging threats and develop effective hunts under strict deadlines.

• Autonomous operation and initiative in delivering impactful results.
• Curiosity and eagerness to learn.
• Ability to work calmly under pressure in fast-paced environments.
• Strong communication and collaboration skills.
• Preferred skills include programming/scripting languages like Python, Go, Rust, or similar.
• Experience with automation pipelines and tools like Jupyter notebooks.