Another great opportunity at Hoist Finance. We’re looking for a Cyber Security professional to join our growing team and drive forward our security strategy. Apply today  

Cyber Security Specialist 

Reporting to: Cyber Security Operations Manager 

The Role: 

Cyber attacks have the potential to prevent us from achieving our mission, reaching our financial objectives and meeting our obligations to our customers, our clients and society as a whole. 

Reporting to the Cyber Security Operations Manager, the Cyber Security Specialist operates at the forefront of our efforts to protect the business, ensuring that our overall Cyber Security Operations program enables us to successfully detect, respond to and recover from cyber attacks. 

Responsibilities: 

The Cyber Security Specialist enhances our Security Operations capabilities by undertaking advanced threat hunting activities and incorporating their findings into new detection methods. Using threat intelligence and their own knowledge of attacker TTPs to form hypotheses and inform their activities, they hunt across data from all available sources, including our SIEM and EDR products to either prove or disprove those hypotheses.  

Working with our threat intelligence partner, the Cyber Security Specialist ensures that threat intelligence informs their threat hunting activities and the detection capabilities of the security function.  

The Cyber Security Specialist is also responsible for handling security incidents that require deviation from documented remediation methods, or are of a particularly critical nature. They drive efforts to ensure swift and efficient incident resolution and risk mitigation. 

They are also responsible for creating and utilizing automation workflows to streamline Security Operations incident response.  

Key Deliverables: 

•\tDocumented hypothesis-led cyber threat hunts resulting in improved detection capabilities and improved cyber security controls and safeguards 

•\tCritical incident response and management, ensuring appropriate investigation and mitigation activities are taken 

•\tDevelopment of new proactive monitoring use cases and corresponding runbooks for incident detection and mitigation 

•\tAutomation of incident management process to ensure swift and efficient incident response and mitigation 

•\tCoordination and documentation of responses to higher-criticality incidents within the security function and in conjunction with relevant business functions 

Key Skills:  

•\tDetailed understanding of Security Operations methods, tools and technologies 

•\tAnalytical and problem-solving skills to identify threats, patterns and trends 

•\tExpert knowledge of current cyber threat actor tactics, techniques and procedures (TTPs) as per the MITRE ATT&CK framework as well as a good understanding of red-teaming tools and the artefacts they produce when used 

•\tBeing able to realistically hypothesise how a threat actor would go about attacking an organisation  

•\tCuration of cyber threat intelligence and using this to better inform cyber security capabilities 

•\tAbility to develop a timeline of how an attack occurred and unfolded, applying this to both threat hunts and when responding to incidents 

•\tOperating system, network, software and hardware fundamentals, especially Microsoft products 

•\tHigh-level system and network administrative knowledge including an overall understanding of how key services like Active Directory are configured 

•\tConfident in presenting technical concepts and findings to audiences of various levels of technical understanding 

•\tCommunication and collaboration with internal and provider teams 

Experience Required: 

•\t3yr+ experience of having worked in a Security Operations environment, responding to and investigating cyber security incidents 

•\tDemonstrable experience of hypothesis-led cyber threat hunts that have led to improved detection and response capabilities 

•\tExperience of analysing and determining the significance of threat intelligence 

Relevant Qualifications: 

•\tAppropriate cyber security certifications will be beneficial but are certainly not essential 

Location and Working Hours: 

• Full‑time position, 37.5 hours per week (Monday–Friday) 
• Hybrid working: 2 days per week in our MediaCityUK office (Salford, Greater Manchester) 
• On‑call participation required periodically 

Salary & Benefits 

We offer a competitive salary and a comprehensive benefits package designed to support your wellbeing, lifestyle and long‑term growth, including: 

• Hybrid working, including time each week in our MediaCityUK office to collaborate and connect 
• Free car parking at MediaCityUK 
• Enhanced maternity and paternity pay 
• Electric car scheme 
• Nursery benefit 
• Company pension 
• Buy/sell holiday options 
• Access to a wide range of retail, lifestyle and leisure discounts 
• Private Medical Insurance (PMI) 
• Health cash plan 
• Life assurance 
• Regular social events and team activities 
• The chance to work with an amazing, friendly and collaborative team