Internal Cyber Defence Consultant

About Ricoh

A global leader in digital services, recognised for innovation, sustainability and a people\-first culture. We feature in the Gartner Magic Quadrant, are listed in the Global 100 Most Sustainable Companies, and have been named one of Forbes’ World’s Best Employers 2025.

At Ricoh, we believe people do their best work when they feel valued and supported. We create inclusive workplaces where you can grow, contribute, and make a positive impact while helping to build a more sustainable future.

Find your place. Transform your future

Our purpose is centred on understanding and improving how people work. By focusing on real working experiences, we support individuals to develop their skills, realise their potential and do work that feels meaningful.

People transform when they Love What They Do

This belief sits at the heart of The Ricoh Promise. It guides how we recruit, how we support our people, and how we work together every day, creating an environment where you can grow, feel valued and make a difference.

When you join us, you are encouraged to share your ideas, challenge the way things are done, and work with others to build something better. If you are looking for a place where your voice is heard, your development is supported, and your work feels meaningful, you will feel at home at Ricoh.

As part of this evolution, we are looking for an Internal Cyber Defence Consultant to strengthen our defensive posture, lead the maturity of our Blue Team capability, and ensure Ricoh remains resilient against an ever‑evolving threat landscape.

This is a high‑impact individual contributor role with virtual leadership responsibilities and working closely with security, technology and business teams across Europe.

\#RicohEurope

What you will be doing

The Internal Cyber Defence Consultant will be responsible for shaping and maturing Ricoh’s defensive security operations. This includes overseeing detection engineering, incident response, threat hunting, and vulnerability management. You will guide the virtual Blue Team, set the direction for defensive strategy, and ensure security controls, processes, and technologies deliver protection across Ricoh’s systems, networks and data.

Operating in a complex and fast‑paced environment, you will be accountable for the design and continual improvement of detection and response capabilities, while ensuring alignment with industry standards, regulatory requirements and Ricoh’s risk appetite. This role blends technical expertise, leadership, analysis and communication, requiring someone who can influence without direct authority and act decisively when incidents occur.

Key Responsibilities Include:

Blue Team Leadership \& Operations

• Leading and coordinating the virtual Blue Team, including SOC analysts, incident responders, threat hunters and defensive engineers


• Setting strategic direction, improving processes, and supporting skill development across the defensive capability


• Acting as a senior escalation point during investigations and major incidents

• Designing, implementing and tuning detection rules across SIEM, SOAR, EDR and NDR platforms


• Managing log ingestion, telemetry pipelines and data quality to ensure visibility across all environments


• Identifying gaps in logging, coverage or monitoring and driving improvements

• Managing incident response processes, including playbooks, tabletop exercises and post‑incident reviews


• Leading investigations, coordinating cross‑functional teams and ensuring effective containment, eradication and recovery


• Embedding lessons learned into future detection, tooling and process enhancements

• Conducting hypothesis‑driven threat hunts informed by threat intelligence


• Identifying stealthy or emerging threats not caught by automated detection


• Collaborating with Red Team operators to validate detection gaps and enhance Blue Team response

• Overseeing vulnerability management processes and coordinating risk‑based remediation


• Working with infrastructure and application teams to prioritise and address high‑risk weaknesses


• Reporting remediation progress and exposure trends to senior leadership

• Ensuring compliance with ISO 27001, GDPR, NIS2 and internal security policies


• Providing clear reporting on threat trends, risk indicators, detection maturity and incident metrics


• Championing a security‑first culture through guidance, awareness and training initiatives

Technical Expertise

• Strong hands‑on experience across SIEM, SOAR, EDR and NDR technologies – covering the Microsoft suite.


• Zero Trust experience, ideally with zScaler.


• Proficiency in detection engineering, alert tuning, log analysis and data correlation


• Solid understanding of MITRE ATT\&CK, cyber kill chain and threat actor TTPs


• Experience conducting or leading incident response and digital forensics investigations


• Skilled in threat hunting techniques, anomaly detection and behavioural analytics


• Strong knowledge of vulnerability management processes and tooling


• Understanding of enterprise networks, cloud environments, endpoints and identity systems

• Experience guiding virtual or multidisciplinary security teams


• Strong communicator, comfortable engaging senior stakeholders across technical and non‑technical functions


• Able to influence decision‑making, challenge assumptions and advocate for necessary security improvements


• Skilled at maintaining calm, clarity and leadership during high‑pressure security incidents


• Capable of building trust, fostering collaboration and promoting continuous improvement

• Understanding of Ricoh’s business context, regulatory environment and operational dependencies


• Ability to translate technical risk into meaningful business impact


• Awareness of sector‑specific risks and organisational priorities


• Experience working in or with regulated enterprise environments

• Bachelor’s degree in Cybersecurity, Computer Science, IT or related field


• Relevant certifications such as GCIH, GCIA, GMON or CISSP


• Extensive proven experience in defensive cyber security roles


• Proven experience in a leadership or senior operational position


• Hands‑on experience leading major incident investigations in enterprise environments


• Exposure to red/purple team exercises, detection tuning and threat‑driven defence

At Ricoh, work should feel meaningful, supportive and fulfilling. The Ricoh Promise shapes your experience through four pillars that bring our culture to life.
Love to Connect

You become part of a global community built on openness, inclusion and genuine collaboration.

Across teams, countries and roles, you'll find people who listen, involve and encourage you \- helping you feel valued and able to be yourself every day.
Love to Grow

Your development truly matters to us. With access to learning pathways, mentoring and career opportunities across functions and countries, you'll be supported to stretch your skills, explore new directions and stay future\-ready in a changing world.
Love to Give Back

Purpose is part of how we work. You'll have opportunities to make a difference through volunteering, sustainability initiatives and community programmes that reflect our shared values and commitment to positive impact.
Love to Succeed

Success at Ricoh is something we pursue together. You'll benefit from fair rewards, flexible working, wellbeing resources and real recognition \- including programmes such as the Imagine. Change. Awards, where colleagues celebrate each other's achievements.

We are an equal opportunities employer

We believe that diverse perspectives make us stronger, and we welcome applications from people of all backgrounds, identities, and experiences. Our hiring decisions are based on skills, experience and potential, and we are committed to creating a fair and inclusive recruitment process. If you require any reasonable adjustments at any stage of the recruitment journey, please let us know and we will support you to bring your best self forward.

Ready to love what you do? Apply now and help us shape what comes next.

FUNCTION### IT

LOCATION### London

CONTRACT TYPE### Permanent

CLOSING DATE### 08\-Jul\-2026

This listing is from indeed. View original listing ↗