Change your job, change your workplace, change your future
Ricoh Europe is continuing its investment in modern, intelligence driven cybersecurity capabilities. As part of this evolution, we are looking for an Internal Cyber Defence Consultant to strengthen our defensive posture, lead the maturity of our Blue Team capability, and ensure Ricoh remains resilient against an ever evolving threat landscape.
This is a high impact individual contributor role with virtual leadership responsibilities and working closely with security, technology and business teams across Europe.
About the Role
The Internal Cyber Defence Consultant will be responsible for shaping and maturing Ricoh's defensive security operations. This includes overseeing detection engineering, incident response, threat hunting, and vulnerability management. You will guide the virtual Blue Team, set the direction for defensive strategy, and ensure security controls, processes, and technologies deliver protection across Ricoh's systems, networks and data.
Operating in a complex and fast paced environment, you will be accountable for the design and continual improvement of detection and response capabilities, while ensuring alignment with industry standards, regulatory requirements and Ricoh's risk appetite. This role blends technical expertise, leadership, analysis and communication, requiring someone who can influence without direct authority and act decisively when incidents occur.
What you will be doing
Blue Team Leadership & Operations
- Leading and coordinating the virtual Blue Team, including SOC analysts, incident responders, threat hunters and defensive engineers
- Setting strategic direction, improving processes, and supporting skill development across the defensive capability
- Acting as a senior escalation point during investigations and major incidents
- Designing, implementing and tuning detection rules across SIEM, SOAR, EDR and NDR platforms
- Managing log ingestion, telemetry pipelines and data quality to ensure visibility across all environments
- Identifying gaps in logging, coverage or monitoring and driving improvements
- Managing incident response processes, including playbooks, tabletop exercises and post incident reviews
- Leading investigations, coordinating cross functional teams and ensuring effective containment, eradication and recovery
- Embedding lessons learned into future detection, tooling and process enhancements
Threat Hunting & Proactive Defence
- Conducting hypothesis driven threat hunts informed by threat intelligence
- Identifying stealthy or emerging threats not caught by automated detection
- Collaborating with Red Team operators to validate detection gaps and enhance Blue Team response
Vulnerability & Exposure Management
- Overseeing vulnerability management processes and coordinating risk based remediation
- Working with infrastructure and application teams to prioritise and address high risk weaknesses
- Reporting remediation progress and exposure trends to senior leadership
Governance, Reporting & Culture
- Ensuring compliance with ISO 27001, GDPR, NIS2 and internal security policies
- Providing clear reporting on threat trends, risk indicators, detection maturity and incident metrics
- Championing a security first culture through guidance, awareness and training initiatives
What We Are Looking For
Technical Expertise
- Strong hands on experience across SIEM, SOAR, EDR and NDR technologies - covering the Microsoft suite.
- Zero Trust experience, ideally with zScaler.
- Proficiency in detection engineering, alert tuning, log analysis and data correlation
- Solid understanding of MITRE ATT&CK, cyber kill chain and threat actor TTPs
- Experience conducting or leading incident response and digital forensics investigations
- Skilled in threat hunting techniques, anomaly detection and behavioural analytics
- Strong knowledge of vulnerability management processes and tooling
- Understanding of enterprise networks, cloud environments, endpoints and identity systems
Leadership & Interpersonal Skills
- Experience guiding virtual or multidisciplinary security teams
- Strong communicator, comfortable engaging senior stakeholders across technical and non technical functions
- Able to influence decision making, challenge assumptions and advocate for necessary security improvements
- Skilled at maintaining calm, clarity and leadership during high pressure security incidents
- Capable of building trust, fostering collaboration and promoting continuous improvement
Business & Strategic Acumen
- Understanding of Ricoh's business context, regulatory environment and operational dependencies
- Ability to translate technical risk into meaningful business impact
- Awareness of sector specific risks and organisational priorities
- Experience working in or with regulated enterprise environments
Qualifications & Experience
- Bachelor's degree in Cybersecurity, Computer Science, IT or related field
- Relevant certifications such as GCIH, GCIA, GMON or CISSP
- Extensive proven experience in defensive cyber security roles
- Proven experience in a leadership or senior operational position
- Hands on experience leading major incident investigations in enterprise environments
- Exposure to red/purple team exercises, detection tuning and threat driven defence
In Return For Your Commitment, You Can Expect
- A competitive salary package
- Industry leading benefits
Ricoh is an exceptional place to work. A place where there is strong emphasis on career development for the right individuals. This is a role where you can excel within a fast paced environment and succeed within a thriving organisation. This is an excellent opportunity to join a global company where you can truly capitalise and build on your own experience.
At Ricoh, we embrace and respect the collective and unique talents, experience, and perspectives of all people. Together we inspire remarkable innovation. That's how we live the Ricoh Way.