Senior Threat Hunting Analyst

LSEG cyber security operations is a central function employing people, process and technology to proactively prevent, detect and respond to cyber security incidents. Security operations spans multiple pillars including cyber threat intelligence, cyber threat detection, data loss prevention, cyber incident response and cyber threat hunting.

This role sits within the cyber threat hunting pillar and is responsible for driving a proactive hunt based approach to cyber defense, exploiting large disparate data sets, analytical techniques and  application of deep domain expertise across a broad range of disciplines to help identify rare, unknown and anomalous behaviors.

Key Responsibilities

• Perform intelligence led proactive threat hunts across the estate, utilising a range of tooling available, and focusing hunts on relevant behavioural tactics, techniques, and procedures (TTPs) identified as potential threats to the organisation.

• Contribute to detection engineering initiatives by finding opportunities for, and implementation of new detections as an output of threat hunts completed.

• Support other functions within security operations by responding to hunt requests and by applying your expertise in advanced actors and their TTPs for ongoing incidents, working closely with our incident responders.     

• Research new attack behaviours and TTPs used by threat actors, leading to new hunting and detection opportunities.

• Assist in the development and maturity of the threat hunting process and team through development of innovative hunting techniques and introduction of automation into the threat hunting process.

• Develop threat hunting hypothesis in collaboration with the threat intelligence team, helping to track relevant threat actors, campaigns and emerging threats and the TTPs they use.

• Cross-train and mentor wider analyst team in the development of threat hunting.

• Represent threat hunting to the wider information security team, and to the wider business, including senior stakeholders, through reporting, presentations and knowledge sharing sessions.

Desired Skills & Experience

• Experience within cyber security operations as either an incident responder, threat hunter, threat intelligence analyst, or similar role.

• Extensive experience in various security tooling across endpoint, cloud and network, including XDR/EDR technology, SIEM, AWS CloudTrail, Azure Sentinel, IDS/IPS

• Proficiency in multiple query languages such as Splunk or KQL, with an ability to manipulate and analyse large data sets.

• Expertise in formulating threat hunting hypotheses and working with available data sets to determine conclusions.

• Solid grasp of current TTPs used by threat actors and an ability to replicate behaviours in a lab environment to generate telemetry.

• Direct experience working with the MITRE ATT&CK Framework or similar, with an ability to utilise the framework to identify detection gaps for threat hunting.

• Be able to quickly respond to emerging threats, showcasing an ability to develop and perform hunts, while working under strict deadlines.   

Personal Skills and Competencies

• Able to operate autonomously and identify opportunities to deliver impactful results.

• Curiosity and a desire to gain knowledge.

• Ability to work in a fast-paced environment, whilst remaining calm under pressure.

• Strong verbal and written communication and collaboration skills.

• Preferred competence with one or more programming/scripting languages, such as Python, Go, Rust or similar.

• Previous experience using or writing automation pipelines, and utilising Jupyter notebooks.

Diversity & Inclusion

People are at the heart of what we do and drive the success of our business.  Our colleagues thrive personally and professionally through our shared values of Integrity, Partnership, Innovation and Excellence are at the core of our culture.  We embrace diversity and actively seek to attract people with unique backgrounds and perspectives.  We are always looking at ways to become more agile, so we meet the needs of our teams and customers. We believe that an inclusive collaborative workplace is pivotal to our success and supports the potential and growth of all colleagues at LSEG

LSEG is a leading global financial markets infrastructure and data provider. Our purpose is driving financial stability, empowering economies and enabling customers to create sustainable growth.

Our purpose is the foundation on which our culture is built. Our values of Integrity, Partnership, Excellence and Change underpin our purpose and set the standard for everything we do, every day. They go to the heart of who we are and guide our decision making and everyday actions.

Working with us means that you will be part of a dynamic organisation of 25,000 people across 65 countries. However, we will value your individuality and enable you to bring your true self to work so you can help enrich our diverse workforce. You will be part of a collaborative and creative culture where we encourage new ideas and are committed to sustainability across our global business. You will experience the critical role we have in helping to re-engineer the financial ecosystem to support and drive sustainable economic growth. Together, we are aiming to achieve this growth by accelerating the just transition to net zero, enabling growth of the green economy and creating inclusive economic opportunity.

LSEG offers a range of tailored benefits and support, including healthcare, retirement planning, paid volunteering days and wellbeing initiatives.

We are proud to be an equal opportunities employer. This means that we do not discriminate on the basis of anyone’s race, religion, colour, national origin, gender, sexual orientation, gender identity, gender expression, age, marital status, veteran status, pregnancy or disability, or any other basis protected under applicable law. Conforming with applicable law, we can reasonably accommodate applicants' and employees' religious practices and beliefs, as well as mental health or physical disability needs.

Please take a moment to read this privacy notice carefully, as it describes what personal information London Stock Exchange Group (LSEG) (we) may hold about you, what it’s used for, and how it’s obtained, your rights and how to contact us as a data subject.

If you are submitting as a Recruitment Agency Partner, it is essential and your responsibility to ensure that candidates applying to LSEG are aware of this privacy notice.