Cyber Threat Specialist (Blue Team)

Cyber Threat Specialist (Blue Team)

Shift Pattern:

Standard 40 Hour Week (United Kingdom)

Scheduled Weekly Hours:

40

Corporate Grade:

E - Associate

Reporting Line:

(UK Division) Information Technology

Location:

UK-London

Worker Type:

Permanent

Overall Purpose of Role

The Cyber Threat Specialist works in the Threat Detection & Response Team which focuses on defensive cyber security services to the LME and LME Clear. Working closely with peers within the Information Security function and stakeholders across the wider group, they will define and deliver a modern and effective defensive cyber security capability.

The role will primarily focus on defensive security disciplines (detection engineering, incident handling, investigation and forensics, SOAR automation, threat hunting, threat intelligence). The successful candidate should have a minimum of 3 years of experience in hands-on defensive security operations and up to date knowledge of attacker TTPs. The successful candidate will work closely with IT Engineering, Security Engineering, and Infrastructure teams to ensure that security controls are effectively implemented and maintained across LME’s platforms.

Key Responsibilities

Detection Engineering

• Design, implement, and validate high-fidelity detection and response rules.
• Lead the testing of rules against detection frameworks and support the continuous optimisation and recertification of existing detection content.

Incident Response

• Lead and/or support investigations across host, identity, email, SaaS, and cloud workloads.
• Support forensic and investigation work as needed, including malware analysis.
• Participate in on-call duties and after-hours support for incident escalations.

Security Engineering & Automation

• Assist in the deployment and maintenance of security tools and platforms (e.g., DLP, E-Mail Security, Endpoint Protection, SIEM, SOAR, WAF).
• Develop and support the automation of security tools, configuration, and updates using scripting (e.g. Bash, Python, PowerShell).

Threat Hunting

• Lead threat hunting exercises based on defined threat models and specific attack scenarios.
• Perform analysis of existing data to identify anomalous patterns and convert findings into new detections / control enhancements.
• Participate in Blue/Purple/Red Team testing, identifying gaps/weaknesses in monitoring capabilities and recommend/implement changes.

Threat Intelligence

• Operationalise threat intel (ISACs, OSINT) into detections, hunts, and control enhancements.
• Review emerging threat intelligence and produce concise advisories as needed.
• Stay up to date with current and emerging trends that represent a threat to the LME.

Threat Triage

• Escalation point for junior analysts to ensure timely triage of alerts from the SIEM/SOAR platform.
• Support the MSSP by maintaining and improving triage runbooks to help reduce MTTD/MTTR.

Qualifications Required

• University degree in Computer Science, Information Management, or related field, or equivalent experience.
• Desirable: One of, or similar to, the following professional qualifications: GIAC (GCIA, GCDA, GCFA, GCIH, GSOC, etc.), Microsoft (SC-200, AZ-500), Security Blue Team (BTL2).
• Desirable: Demonstrable activity on GitHub showing code / tools development.

Required Knowledge and Experience

Minimum of 3 years’ hands-on experience in at least two of: detection engineering, incident response, security engineering, threat hunting, threat intelligence; exposure to the rest.

Excellent hands-on experience in / understanding of:

• Security tooling (e.g. EDR, DLP, SIEM, SOAR).
• Threat investigation and incident response.
• MITRE ATT&CK, cyber kill chain, and common attacker tradecraft.
• Offensive tooling e.g. Kali, Cobalt Strike, Metasploit, Bloodhound, Mimikatz, etc.
• Networking and security protocols (TCP/IP, HTTPS, DNS, Firewalls, Proxy).
• Operating systems (Windows, Linux/Unix, Kubernetes).
• Scripting or programming (Bash, Python, PowerShell).
• CI/CD tools and cloud platforms (e.g., Ansible Tower, Bitbucket, Pipelines, Azure)
• Secure network architectures and technologies.

Personal Qualities

• Curiosity about emerging threats and technologies
• Ability to assess and prioritize tasks/risks
• Excellent attention to detail
• Strong analytical and problem-solving skills.
• Effective communicator with good documentation habits.
• Team-oriented, proactive, and adaptable in a fast-paced environment.
• Willingness to learn and grow within a critical infrastructure environment.
• Commitment to continuous learning

The LME is committed to creating a diverse environment and is proud to be an equal opportunity employer. In recruiting for our teams, we welcome the unique contributions that you can bring in terms of education, ethnicity, race, sex, gender identity, expression and reassignment, nation of origin, age, languages spoken, colour, religion, disability, sexual orientation and beliefs. In doing so, we want every LME employee to feel our commitment to showing respect for all and encouraging open collaboration and communication.