22nd April 2026
Senior Information Security Analyst – Cloud & Endpoint Security
Information Security
London
£85k
Senior Information Security Analyst – Cloud & Endpoint Security
Role Overview
We are seeking a highly experienced Senior Information Security Analyst to join our established Information Security function within a regulated financial services environment. This role will play a critical part in protecting the confidentiality, integrity, and availability of our cloud and endpoint platforms, with particular accountability for Endpoint Detection and Response (EDR) capabilities and cloud-based security controls.
The successful candidate will demonstrate strong expertise in Microsoft Defender security tooling, cloud security architecture, and security operations, along with the ability to operate effectively within a risk-managed and compliance-driven organisation. This position requires sound technical judgement, disciplined execution, and the ability to work collaboratively across technology and business teams.
Key ResponsibilitiesCloud & Endpoint Security Controls
- Design, implement, and maintain security controls across cloud environments (eg Azure, AWS, GCP) in alignment with organisational risk appetite and regulatory expectations
- Own and enhance Endpoint Detection & Response (EDR) capabilities, with a strong focus on Microsoft Defender for Endpoint, Defender for Cloud, and the wider Microsoft security ecosystem
- Ensure endpoint security controls are consistently applied across server, Workstation, and cloud-hosted assets
- Oversee configuration, tuning, and health of EDR policies to balance detection efficacy with operational stability
- Implement and manage cloud-native security services including identity and access management, encryption, logging, and monitoring
Threat Detection, Incident Response & Security Operations
- Monitor and analyse security telemetry from SIEM, EDR, and cloud security tooling, identifying malicious or anomalous behaviour
- Lead the investigation, containment, and remediation of security incidents, including endpoint- and cloud-based threats
- Act as a senior escalation point for complex incidents involving Defender alerts, advanced threats, or persistent attackers
- Contribute to incident response planning, playbooks, and tabletop exercises in line with regulatory and operational resilience requirements
Assurance, Risk & Compliance
- Conduct regular security assessments of cloud and endpoint environments, including control effectiveness reviews and threat modelling
- Support internal and external audits by providing evidence, technical subject matter expertise, and remediation guidance
- Maintain awareness of evolving regulatory, legal, and cyber risk requirements relevant to financial services
- Ensure security controls align with industry standards and internal policies
Collaboration & Stakeholder Engagement
- Work closely with infrastructure, cloud engineering, and end-user computing teams to embed security by design
- Provide clear, concise security advice to both technical and non-technical stakeholders, including risk and control impacts
- Contribute to targeted security awareness initiatives, particularly around endpoint security and user risk
Strategic Security Development
- Support the ongoing development of the organisation’s security strategy, with a focus on cloud and endpoint protection
- Evaluate emerging EDR, cloud security, and threat detection technologies, making evidence-based recommendations
- Drive continuous improvement in detection capability, response maturity, and operational resilience
Skills, Experience & Qualifications
- Degree in Computer Science, Information Security, or a related discipline (or equivalent professional experience)
- 5+ years’ experience in information security, including demonstrable experience in cloud and endpoint security
- Strong hands-on expertise with Microsoft Defender for Endpoint, and ideally Defender for Cloud and Microsoft Sentinel
- Experience securing environments within Azure (AWS/GCP experience beneficial)
- In-depth understanding of:
- Endpoint protection and EDR concepts
- Identity and access management
- Data protection and encryption
- Network and application security
- Incident response and threat analysis
- Experience using vulnerability management and security assessment techniques
- Strong analytical and problem-solving skills, with a calm and methodical approach to incidents
- Excellent written and verbal communication skills, with confidence operating in a regulated environment
Desirable Certifications
- CISSP, CCSP
- Microsoft Security certifications (eg SC-200, SC-300, SC-400)
- AWS or Azure Security certifications
We invite individuals from underrepresented groups to apply for any of our roles and are committed to supporting accessibility needs.
Consultant - Abigail Moss
Telephone: 0207 392 7516
Email: abigail.moss@spencer-rose.com
Share This Position