A team of analysts, responders, testers, engineers, and researchers united by a single goal: to protect our clients and disrupt attackers.
Cyber Defence is built around people who care deeply about their craft: SOC analysts, incident responders, penetration testers, threat intelligence specialists, security engineers, platform developers, and operational staff. Our work is technical, often high-pressure, and directly impactful for organisations that cannot afford failure.
We operate as one team across multiple disciplines, bringing together offensive and defensive experience under our Detect, Defend, and Disrupt model. Our people are based primarily in the UK and Europe, supporting clients across finance, legal, healthcare, maritime, energy, logistics, government, technology, and other sectors.
Leadership
Cyber Defence is led by practitioners with deep experience in SOC operations, incident response, offensive security, and large-scale technology delivery.
Former Global CISO for a FTSE 100 gaming company and Microsoft Europe. Founder of Hedgehog Security in 2009 (now Cyber Defence). Brings decades of SOC, incident response, penetration testing, and security leadership experience.
Leads commercial strategy and client development, ensuring that Cyber Defence services are aligned to client outcomes and long-term partnerships.
Ensures that Cyber Defence attracts, develops, and supports talented people, maintaining a strong culture of learning, integrity, and operational excellence.
Teams
Our structure reflects the way modern cyber defence must operate – integrated, collaborative, and shaped by real adversaries.
24/7 analysts, detection engineers, and threat hunters who monitor telemetry, investigate alerts, and manage containment actions.
Incident responders, forensics specialists, and IR leads handling ransomware, BEC, cloud intrusions, OT events, and compromise assessments.
Penetration testers and red team operators conducting real-world testing across external, internal, cloud, web, API, mobile, OT, and scenario engagements.
Researchers and analysts who collect, enrich, and analyse indicators, phishing activity, dark web access, and adversary infrastructure.
Engineers focused on identity, cloud, network, logging, OT/IoT, and endpoint hardening to close attack paths and improve SOC visibility.
Developers responsible for SOC365, the Threat Intelligence platform, Pulsar, DecoyPulse, and supporting internal tooling.
Alongside our human analysts, Cyber Defence uses EmilyAI — an internal SOC assistant created in 2018 to support investigation, triage, and documentation. EmilyAI helps analysts cut through noise, correlate indicators, and maintain high analytical standards while preserving human judgement for critical decisions.
EmilyAI is not a replacement for our team, but an augmentation — freeing analysts to focus on complex investigations and threat hunting tasks that truly require human insight.
We are pragmatic, technically rigorous, and honest. Our clients rely on us during some of their most difficult moments — during incidents, board scrutiny, and complex audits. That trust demands a particular way of working:
• Calm under pressure — Incidents are high-stress; our role is to simplify, stabilise, and lead through clarity.
• Curiosity and continual learning — Adversaries evolve daily; so do our skills, playbooks, and tools.
• Respect for operations — Changes must be safe, understood, and aligned with how clients actually work.
• Precision in communication — We explain risk, impact, and trade-offs in language that boards and engineers both understand.
• Team-first mindset — Detection, engineering, testing, and response are team sports, not individual heroics.
Values
These values are not aspirational statements; they are how we choose people and how we operate every day.
We give honest assessments, even when findings are uncomfortable, and we do what we say we will do.
We are deeply invested in our craft, regularly updating our knowledge, tools, and methodologies.
We act in our clients’ best interests, helping them make decisions that balance risk, cost, and operational realities.
We work seamlessly across disciplines — offensive, defensive, engineering, and intelligence — to solve complex problems.
We translate complex technical realities into clear, actionable guidance for both technical and non-technical stakeholders.
We expect setbacks, incidents, and surprises, and we design processes and systems that can adapt and recover quickly.
Careers
We look for people who are curious, thoughtful, and committed to doing things properly. Our work is demanding but rewarding, with direct impact on organisations that rely on us.
You will help to detect, investigate, and prevent real attacks against real organisations, not work on theoretical exercises.
We invest in training, certifications, and internal research so that our people stay ahead of evolving threats.
Analysts collaborate with testers, engineers, and responders, gaining a broad view of modern cyber defence.
Work with SOC365, Pulsar, DecoyPulse, EmilyAI, and other internal tooling we actively improve and evolve.
We understand that decision quality improves when people are supported, rested, and respected.
Defensive improvements and detections you help design can protect multiple organisations at once.
If you are passionate about cyber defence and want to work alongside experienced analysts, testers, engineers, and responders, we would like to hear from you.
We are always interested in speaking with talented people, even if there is no advertised role that fits perfectly.
