Lead Cyber Defence Analyst

Job Title

Job Description

So, who are we?

Hello, we're IG Group. We are a publicly-traded FTSE250 FinTech company who run mobile, web and desktop platforms that help our clients trade stocks & shares, leveraged products, Futures & Options and Crypto.

We are ambitious. Over 340,000 people already use our platforms. We're global with offices in 18 countries and products in 16 regions. We're hungry to move faster, ship better product for our customers and grow our user base. We believe in high autonomy, and we want people who are looking to do things differently in order to create better experiences for our customers.

We work in cross-functional teams and are laser focused on increasing the number of active clients we serve to drive sustainable growth.

Your team
This role sits within our Security Operations Centre (SOC), a 24/7 function responsible for detecting, investigating, and responding to cybersecurity threats across IG Group's global platforms. The team protects our clients, systems, and data through a combination of human expertise, AI-assisted triage, and continuously evolving security automation.

Your role in the Team's Success

As a Lead Cyber Defence Analyst (L3), you are accountable for shift operations and serve as the senior technical escalation point for complex and high-severity security incidents. You will drive meaningful improvements to the SOC's detection and response capabilities — designing SIEM rules, building SOAR automation, and leading post-incident reviews that translate lessons learnt into tangible enhancements.

Beyond the technical, you will play a central role in developing the analysts around you, mentoring L1s and L2s and helping to build a high-performing, continuously improving team. Your leadership during incidents, your visibility across shift workload, and your contribution to strategic SOC development will directly shape IG Group's ability to detect and respond to emerging threats at scale.

What you'll do

• Act as the senior escalation point for complex, high, and critical severity incidents — leading investigations, coordinating response efforts, and keeping the SOC Manager informed throughout.

• Design and implement improvements to detection rules and SOAR automation, drawing on threat intelligence, lessons learnt, and emerging global threat trends.

• Lead post-incident reviews for high and critical severity incidents, facilitating lessons learnt discussions and driving measurable improvements to SOC processes and tooling.

• Mentor and coach L1 and L2 analysts, organise tabletop exercises focused on current threat trends, and provide cover and support for SOC Team Leaders when needed.

• Maintain shift oversight, monitor team workload and incident queues, and conduct proactive threat hunts in line with the JIRA procedure.

What you'll need for this role

• 6+ years of extensive experience in SOC operations and incident response, with a proven ability to lead complex, high-pressure investigations and coordinate across teams. 

• Deep technical expertise across SIEM and SOAR platforms, EDR tooling, and threat detection technologies, including hands-on experience building and automating detection logic and playbooks in production environments. 

• Demonstrated ability to develop and maintain automated workflows that improve SOC efficiency and reduce analyst toil. 

• Strong mentoring and communication skills, with experience coaching analysts at multiple levels and delivering structured learning activities such as tabletop exercises. 

• A proactive, improvement-focused mindset — comfortable analysing incident metrics, identifying gaps, and taking ownership of making things better.

Shift Timings (APAC & EMEA Support Coverage)

This role requires flexibility to operate within the following primary working windows based on business needs:

APAC (Primary Working Window)

• India (IST): 08:00 – 17:00

EMEA (Primary Working Window)

• India (IST): 13:30 – 23:30

How we work

We try to take a thoughtful approach to our ways of working as a company. We follow a hybrid working model with 3 days in the office -- which we think balances the need to collaborate effectively and connect with each other. When it comes to how we deliver, there are 5 things we want everyone to do to drive high performance, better learning and career satisfaction:

• Lead and Inspire: Drives trust, alignment, and enthusiasm

• Think Big: Focus on the problems that most impact commercial outcomes

• Champion the client: Understand and prioritise client's needs

• Deliver at pace: Push for fast, sustainable growth;

• Raise the bar: Take ownership, be accountable and share feedback

We believe that diversity is vital to success, it fuels creativity, drives innovation and sets us up for global success. We're committed to building teams with a variety of perspectives and skills to help us realise our vision and strategy, that's why we encourage applications from people with diverse backgrounds and experiences to join us on this journey. Learn more about our D&I approach here.

The Perks
Your growth fuels our success! Thrive with tailored development programs, mentoring opportunities with leaders, and clear career progression. Expand your network through committees, sports and social clubs. Enjoy extra time off for volunteering and community work.

• Matched giving for your fundraising activity

• Flexible working hours and work-from-home opportunities

• Performance-related bonuses

• Insurance and medical plans

• Career-focused technical and leadership training in class and online, incl. unlimited access to LinkedIn Learning platform

• Contribution to gym memberships and more

• Free Lunch/Snacks

• A day off on your birthday

• Two days’ volunteering leave per year.

Join us for this exciting journey. Apply now!

Number of openings