Senior SecOps Analyst

Who are we?👋

Look at the latest headlines and you will see something Ki insures. Think space shuttles, world tours, wind farms, and even footballers’ legs. 

Ki’s mission is simple. Digitally disrupt and revolutionise a 335-year-old market. Working with Google and UCL, Ki has created a platform that uses algorithms, machine learning and large language models to give insurance brokers quotes in seconds, rather than days. 

Ki is proudly the biggest global algorithmic insurance carrier. It is the fastest growing syndicate in the Lloyd's of London market, and the first ever to make $100m in profit in 3 years. 

Ki’s teams have varied backgrounds and work together in an agile, cross-functional way to build the very best experience for its customers. Ki has big ambitions but needs more excellent minds to challenge the status-quo and help it reach new horizons.

Where you come in?

As a Senior Security Operations Analyst, you lead security operations activities, including incident response for medium to high severity incidents, advanced threat hunting, and detection engineering. You build deep expertise in security monitoring and response, you automate your work, mentor junior analysts, and influence security decisions across teams.

You work independently on complex security problems, uphold and advance security operations practices, and collaborate regularly with engineering teams across Cloud Services, Infrastructure and Product on detection, monitoring, and vulnerability management initiatives.

This role is expected to use AI to build automation and agentic AI workflows responsibly, to improve productivity, while ensuring safe use, data protection, and appropriate security controls.

What you will be doing: 🖋️

Security Monitoring & Detection Leadership

• Lead development and tuning of SIEM detection rules and alerts
• Develop and tune detection use-cases for AI misuse (suspicious tool calls, anomalous connector usage, token abuse, prompt injection attempts, unusual access patterns)
• Design and implement advanced detection logic and analytics
• Conduct and automate proactive threat hunting activities
• Analyse complex security events and identify advanced threats
• Optimise security monitoring to reduce false positives and improve signal quality
• Build security dashboards and metrics for leadership visibility

Incident Response Leadership

• Lead incident response for medium to high severity security incidents
• Lead investigation and response for AI-related incidents (prompt injection, data leakage via AI tooling, compromised connectors, overprivileged tool access), and translate lessons learned into improved monitoring, playbooks, and preventative controls
• Coordinate incident response activities across security and technology teams
• Conduct advanced forensic analysis and root cause investigation
• Drive post-incident reviews and implement improvements
• Maintain and improve incident response playbooks
• Mentor junior analysts on incident response techniques
• Participate in crisis management and business continuity exercises

Threat Intelligence & Hunting

• Lead threat hunting program and conduct advanced hunting activities
• Analyse threat intelligence and translate to detection and response capabilities
• Research adversary TTPs and attack techniques (MITRE ATT&CK)
• Share threat intelligence with stakeholders and drive proactive improvements
• Monitor threat landscape and assess impact to Ki's environment
• Build threat intelligence capabilities and processes

Vulnerability Management

• Lead vulnerability prioritisation and risk assessment
• Partner with teams on infrastructure and application vulnerability remediation
• Track vulnerability metrics and drive timely remediation
• Coordinate penetration testing and security assessments
• Support risk-based vulnerability management decisions

Cross-Functional Leadership

• Collaborate with Cloud Security engineers on detection and monitoring architecture
• Partner with AppSec on integrating security testing into vulnerability management
• Support SANE, cloud, and infrastructure engineers during complex infrastructure and application incidents
• Lead cross-functional workstreams on security initiatives
• Proactively identify opportunities for collaboration across security functions

Mentorship & Security Culture

• Mentor junior and mid-level security operations analysts Build trust and credibility with engineering teams
• Uphold and advance security operations principles and ways of working
• Contribute to security operations roadmap and strategy Drive security operations process improvements

Requirements:
A successful candidate will have:

• Significant experience in security operations, incident response, threat hunting, or SOC roles
• Deep expertise in security monitoring, detection, and incident response
• Proven track record leading complex security incidents to resolution
• Experience with advanced threat hunting and detection engineering
• Hands-on scripting experience and delivering automations to production
• Strong background in SIEM platforms and security operations tooling
• Demonstrated ability to mentor and develop junior analysts
• Experience building trust and collaborating with engineering teams
• Practical understanding of AI and LLM threat patterns and mitigations, and how to operationalise detections in SIEM
• Expert knowledge of Azure Sentinel (or similar SIEM platforms)
• Advanced KQL query language methodology for detection and hunting
• Deep understanding of MITRE ATT&CK framework and adversary TTPs
• Expert knowledge of incident response methodologies (NIST, SANS)
• Experience with advanced threat hunting techniques and methodologies & XDR/EDR platforms (Darktrace or similar)
• Advanced security event analysis and correlation
• Understanding of cloud security monitoring (GCP, Azure)
• Knowledge of network security monitoring and traffic analysis
• Strong understanding of networking, operating systems, and cloud security
• Scripting skills in Python, PowerShell, or similar for automation
• Understanding of Infrastructure-as-Code and DevSecOps practices
• Familiarity with Kubernetes and container security
• Advanced incident response and coordination skills
• Digital forensics and malware analysis knowledge
• Experience with forensic tools and techniques
• Understanding of legal and regulatory requirements for incident handling
• Experience with vulnerability scanning platforms and tools
• Knowledge of vulnerability prioritisation frameworks (CVSS, EPSS)
• Understanding of penetration testing methodologies