Cyber Security Analyst Reference: JAN Location: Flexible in England - With Travel Contract: Permanent Hours: Full-time, 37.5 hours per week Salary: £51,549.00 - £55,035.00 Per Annum Benefits: Pension Scheme, Life Assurance Scheme, 34 days' Annual Leave This organisation is seeking a pragmatic, hands-on Cyber Security Analyst to help mature their security function. This role will work closely with an outsourced SOC provider and internal teams to triage and investigate security events, support supplier security assurance, provide risk-based advice across the organisation, and drive automation of security processes and tooling. This is a hands-on role suited to someone who enjoys problem-solving, working across teams, and improving how security is delivered in a complex, mission-driven organisation. Key Areas of Responsibility: Security Monitoring & Incident Support Act as the internal focal point with the outsourced SOC provider - ensuring effective communication, follow-up, and escalation of alerts. Triage, investigate, and support resolution of security events and incidents. Contribute to lessons learned and improvements following incidents. Lead the instantiation of the Cyber Security Incident Response Team (CSIRT) and associated processes and playbooks Supplier & Third-Party Security Assess cyber security risk for key suppliers and partners. Review supplier security documentation, raise concerns, and help negotiate security requirements. Risk & Advice Provide pragmatic, risk-based security guidance to internal teams and respond to ad-hoc queries. Help develop and maintain security standards and processes that reflect organisational risk tolerances. Advise system owners and project managers on pen testing approach and scope Run simulated phishing campaigns and produce security awareness communications Automation & Process Improvement Identify and implement opportunities to automate security detection, response, reporting, and remediation workflows. Work with the SOC and internal technical teams to refine alert logic, improve data quality, and reduce manual effort. Help optimise security tools (e.g., SIEM, EDR, ticketing, dashboards). General Develop and produce regular Security reports for senior management. Monitor and respond to queries in group mailbox Essential skills, knowledge, & experience: 5 years' experience in a cyber security, IT security, or technology risk role Practical, demonstrable experience of working with a SOC (internal or outsourced) and investigating cyber security incidents using best practice methodologies and tools Good understanding of cyber risk concepts, controls, and technical security tools. Strong communication skills with both technical and non-technical stakeholders and experience producing communications materials and reports Relevant security certifications/qualifications (e.g. CISSP, SSCP, GCIA, CEH, CompTIA) Knowledge of UK best practice frameworks (e.g., NCSC guidance, PCI DSS, ISO 27001, Cyber Essentials). Scripting or practical automation experience. Experience assessing third-party/supplier security risk. Demonstrated passion for and experience in improving security processes and utilising automation to achieve this Experience with threat hunting and horizon scanning Strong technical security knowledge of networking technologies, IDAM, EDR/XDR Experience supporting security and compliance audit activities Personal Attributes Pragmatic and solutions-focused, with an ability to balance risk and usability Curious and motivated to improve and automate how security operates Comfortable working in a developing security function where processes are evolving Collaborative and supportive, with a strong sense of ownership Aligned with the values and mission of the organisation What Success Looks Like Efficient, risk-focused handling of alerts & incidents alongside the SOC partner. Clear, up-to-date internal security standards and processes. Reduced manual effort through practical automation improvements. Strong supplier security assurance controls supporting risk-based decision-making. Additional Information This role will be home-based with occasional travel to the employers head office or other UK locations (generally one/two days per month). This is a permanent, full-time role for 37.5 hours per week. Closing date: 23:59, Sunday 22nd February 2026 The employer is looking to conduct first interviews for this position on Thursday, February the 26th and Monday, March the 2nd. N.B. If you are interested in applying for this role we recommend doing so asap as the employer reserves the right to close this advert early should the demand be especially high. Interested? Please click the job board apply button to be taken to the next stage where you can find out more information and complete your application by following the instructions (you may need to scroll down). The employer is committed to developing an inclusive and diverse organisation, in which everyone feels supported, valued, and able to be their full selves. To achieve their vision of creating a world richer in nature, they need more people, and more diverse people, on nature's side. People of colour and disabled people are currently underrepresented across the environment, climate, sustainability, and conservation sector. If you identify as a person of colour and/or disabled, they are particularly interested in receiving your application. The organisation is an equal opportunities employer. This role is covered by the Rehabilitation of Offenders Act 1974. This role is not eligible for UK Visa Sponsorship - the successful applicant will need to have a pre-existing Right to Work in the UK in order to be offered an employment contract. No agencies please.
Feb 09, 2026
Full time
Cyber Security Analyst Reference: JAN Location: Flexible in England - With Travel Contract: Permanent Hours: Full-time, 37.5 hours per week Salary: £51,549.00 - £55,035.00 Per Annum Benefits: Pension Scheme, Life Assurance Scheme, 34 days' Annual Leave This organisation is seeking a pragmatic, hands-on Cyber Security Analyst to help mature their security function. This role will work closely with an outsourced SOC provider and internal teams to triage and investigate security events, support supplier security assurance, provide risk-based advice across the organisation, and drive automation of security processes and tooling. This is a hands-on role suited to someone who enjoys problem-solving, working across teams, and improving how security is delivered in a complex, mission-driven organisation. Key Areas of Responsibility: Security Monitoring & Incident Support Act as the internal focal point with the outsourced SOC provider - ensuring effective communication, follow-up, and escalation of alerts. Triage, investigate, and support resolution of security events and incidents. Contribute to lessons learned and improvements following incidents. Lead the instantiation of the Cyber Security Incident Response Team (CSIRT) and associated processes and playbooks Supplier & Third-Party Security Assess cyber security risk for key suppliers and partners. Review supplier security documentation, raise concerns, and help negotiate security requirements. Risk & Advice Provide pragmatic, risk-based security guidance to internal teams and respond to ad-hoc queries. Help develop and maintain security standards and processes that reflect organisational risk tolerances. Advise system owners and project managers on pen testing approach and scope Run simulated phishing campaigns and produce security awareness communications Automation & Process Improvement Identify and implement opportunities to automate security detection, response, reporting, and remediation workflows. Work with the SOC and internal technical teams to refine alert logic, improve data quality, and reduce manual effort. Help optimise security tools (e.g., SIEM, EDR, ticketing, dashboards). General Develop and produce regular Security reports for senior management. Monitor and respond to queries in group mailbox Essential skills, knowledge, & experience: 5 years' experience in a cyber security, IT security, or technology risk role Practical, demonstrable experience of working with a SOC (internal or outsourced) and investigating cyber security incidents using best practice methodologies and tools Good understanding of cyber risk concepts, controls, and technical security tools. Strong communication skills with both technical and non-technical stakeholders and experience producing communications materials and reports Relevant security certifications/qualifications (e.g. CISSP, SSCP, GCIA, CEH, CompTIA) Knowledge of UK best practice frameworks (e.g., NCSC guidance, PCI DSS, ISO 27001, Cyber Essentials). Scripting or practical automation experience. Experience assessing third-party/supplier security risk. Demonstrated passion for and experience in improving security processes and utilising automation to achieve this Experience with threat hunting and horizon scanning Strong technical security knowledge of networking technologies, IDAM, EDR/XDR Experience supporting security and compliance audit activities Personal Attributes Pragmatic and solutions-focused, with an ability to balance risk and usability Curious and motivated to improve and automate how security operates Comfortable working in a developing security function where processes are evolving Collaborative and supportive, with a strong sense of ownership Aligned with the values and mission of the organisation What Success Looks Like Efficient, risk-focused handling of alerts & incidents alongside the SOC partner. Clear, up-to-date internal security standards and processes. Reduced manual effort through practical automation improvements. Strong supplier security assurance controls supporting risk-based decision-making. Additional Information This role will be home-based with occasional travel to the employers head office or other UK locations (generally one/two days per month). This is a permanent, full-time role for 37.5 hours per week. Closing date: 23:59, Sunday 22nd February 2026 The employer is looking to conduct first interviews for this position on Thursday, February the 26th and Monday, March the 2nd. N.B. If you are interested in applying for this role we recommend doing so asap as the employer reserves the right to close this advert early should the demand be especially high. Interested? Please click the job board apply button to be taken to the next stage where you can find out more information and complete your application by following the instructions (you may need to scroll down). The employer is committed to developing an inclusive and diverse organisation, in which everyone feels supported, valued, and able to be their full selves. To achieve their vision of creating a world richer in nature, they need more people, and more diverse people, on nature's side. People of colour and disabled people are currently underrepresented across the environment, climate, sustainability, and conservation sector. If you identify as a person of colour and/or disabled, they are particularly interested in receiving your application. The organisation is an equal opportunities employer. This role is covered by the Rehabilitation of Offenders Act 1974. This role is not eligible for UK Visa Sponsorship - the successful applicant will need to have a pre-existing Right to Work in the UK in order to be offered an employment contract. No agencies please.
The Role We're looking for a Senior Content Engineer to help us research, plan, and create advanced content and virtual labs for our online courses. The ideal candidate has extensive experience in blue team cyber security roles and a strong background in training content development. Technical Skills & Experience To be considered for this opportunity, you must have at least 5 years of relevant cyber security industry experience in roles such as L3/L4 SOC Analyst, Security Engineer, Incident Responder, Threat Hunter or Digital Forensics Investigator. You should also demonstrate: Strong expertise in core blue team areas: incident detection and response, threat intelligence, log analysis, security monitoring, and digital forensics. A deep understanding of networking, computing, and operating systems as they relate to security practices. Familiarity with blue team tooling (e.g., SIEM, EDR, IDS/IPS, forensic tools) and methodologies (e.g., MITRE ATT&CK framework, log analysis, malware analysis). Proven ability to research and adapt to emerging threats and technologies and translate that knowledge into engaging training content. Strong verbal and written English communication skills, essential for conveying complex technical concepts. Job Responsibilities Research, design, and develop defensive cyber security training material with supporting hands-on lab exercises (such as virtual machines and datasets for analysis). Collaborate with the Content Engineering Team to support security training coverage and identify content development opportunities. Experience developing and configuring virtual machines and sample datasets for realistic cybersecurity labs. Provide guidance and support to other Content Engineering Team members in areas of expertise. Take charge of planning and designing portions of the content development roadmap. Collaborate with the Head of Content Engineering to continuously improve the content development process. Analyze industry trends in tooling and techniques and recreate them as teachable content. Strategically plan, review, and schedule content with our blue team content engineering team. Preferred Skills (nice-to-have): Creating challenges for capture the flags (CTFs) Programming experience in any of the following: Python, PHP, Bash, Powershell Experience leading/ coaching/ mentoring others Certifications such as GIAC Certified Incident Handler (GCIH), GIAC Certified Enterprise Defender (GCED), Certified SOC Analyst (CSA), Certified Forensic Analyst (GCFA), CompTIA CySA+, BTL2 Benefits & Perks 100% Remote - In a fully digital world, work from anywhere you want! Flexi Time - Choose your own hours as long as you have at least 4 hours of overlap with the UK timezone (from 8am - 6pm) Tools - a dedicated work laptop + any accessories you need to do your best work. Swag Pack - start your TryHackMe journey with a branded swag bundle! Personal Development - £2,500 training budget to acquire certifications, and more. Company Retreat - an annual company retreat, fully paid for by us! Lunch on us - whether you're a pizza-lover, salad obsessed or a big sushi fan, TryHackMe will cover the cost of your lunch order during our recurring company virtual lunches. Health Insurance - if you're in a country that doesn't have public health care. Enhanced Maternity & Paternity - an enhanced package on top of statutory requirements. 401k / Pension - TryHackMe makes it easy to save money for your retirement. Our Hiring Process Stage 1: Short introduction call (30 mins) Stage 2: Technical Take Home Exercise (part 1 & 2) Stage 3: Interview with our Head of Content Engineering (one hour) Stage 4: Final call with a Co-Founder (30 mins) At this time, we are unable to provide sponsorship.
Feb 07, 2026
Full time
The Role We're looking for a Senior Content Engineer to help us research, plan, and create advanced content and virtual labs for our online courses. The ideal candidate has extensive experience in blue team cyber security roles and a strong background in training content development. Technical Skills & Experience To be considered for this opportunity, you must have at least 5 years of relevant cyber security industry experience in roles such as L3/L4 SOC Analyst, Security Engineer, Incident Responder, Threat Hunter or Digital Forensics Investigator. You should also demonstrate: Strong expertise in core blue team areas: incident detection and response, threat intelligence, log analysis, security monitoring, and digital forensics. A deep understanding of networking, computing, and operating systems as they relate to security practices. Familiarity with blue team tooling (e.g., SIEM, EDR, IDS/IPS, forensic tools) and methodologies (e.g., MITRE ATT&CK framework, log analysis, malware analysis). Proven ability to research and adapt to emerging threats and technologies and translate that knowledge into engaging training content. Strong verbal and written English communication skills, essential for conveying complex technical concepts. Job Responsibilities Research, design, and develop defensive cyber security training material with supporting hands-on lab exercises (such as virtual machines and datasets for analysis). Collaborate with the Content Engineering Team to support security training coverage and identify content development opportunities. Experience developing and configuring virtual machines and sample datasets for realistic cybersecurity labs. Provide guidance and support to other Content Engineering Team members in areas of expertise. Take charge of planning and designing portions of the content development roadmap. Collaborate with the Head of Content Engineering to continuously improve the content development process. Analyze industry trends in tooling and techniques and recreate them as teachable content. Strategically plan, review, and schedule content with our blue team content engineering team. Preferred Skills (nice-to-have): Creating challenges for capture the flags (CTFs) Programming experience in any of the following: Python, PHP, Bash, Powershell Experience leading/ coaching/ mentoring others Certifications such as GIAC Certified Incident Handler (GCIH), GIAC Certified Enterprise Defender (GCED), Certified SOC Analyst (CSA), Certified Forensic Analyst (GCFA), CompTIA CySA+, BTL2 Benefits & Perks 100% Remote - In a fully digital world, work from anywhere you want! Flexi Time - Choose your own hours as long as you have at least 4 hours of overlap with the UK timezone (from 8am - 6pm) Tools - a dedicated work laptop + any accessories you need to do your best work. Swag Pack - start your TryHackMe journey with a branded swag bundle! Personal Development - £2,500 training budget to acquire certifications, and more. Company Retreat - an annual company retreat, fully paid for by us! Lunch on us - whether you're a pizza-lover, salad obsessed or a big sushi fan, TryHackMe will cover the cost of your lunch order during our recurring company virtual lunches. Health Insurance - if you're in a country that doesn't have public health care. Enhanced Maternity & Paternity - an enhanced package on top of statutory requirements. 401k / Pension - TryHackMe makes it easy to save money for your retirement. Our Hiring Process Stage 1: Short introduction call (30 mins) Stage 2: Technical Take Home Exercise (part 1 & 2) Stage 3: Interview with our Head of Content Engineering (one hour) Stage 4: Final call with a Co-Founder (30 mins) At this time, we are unable to provide sponsorship.
SOC Analyst Manchester, Cheltenham or London Today, it is an unavoidable fact that your business critical infrastructure and systems are at risk of attack. The key to good security is a clear understanding of what is most critical to the business. Where you do not have enough internal resources, time or skills to monitor and manage your IT environment 24/7, NCC Group can help, freeing up your skilled employees to focus on value-add activity.NCC Group provide a range of managed and hosted services delivered from our UK based Security Operations Centre SOC which operates 24/7, 365 days a year. Our team of over 30 accredited security experts are available 24/7, dealing daily with over 200 million log events and providing support for over 5,000 network devices.NCC Group's Cloud XDR Team provide a world class Extended Detection and Response (XDR) services; detecting, responding and mitigating cyber-attacks on our customers networks in our Security Operations Centres using the Microsoft Sentinel ecosystem.The Cloud XDR Team are looking for XDR Security Analysts with a passion for security to join the team to help the customers get the most out of our services and to protect their networks.This is an opportunity to join a technically advanced and talented team and help NCC Group build and deliver world class services to our customers.This role is ideal for a seasoned SOC Analyst with experience in cyber security looking to broaden their scope of cyber skills with a strong focus on detection and response to cyber incidents Summary Monitor global systems looking for potential threats, vulnerabilities and indicators of compromise. Perform in-depth analysis of security alerts utilizing Microsoft XDR suite (Sentinel/Defender etc) Provide Incident remediation and prevention documentation and recommendations to customers based on defined procedures and analyst experience. Document and conform to processes related to security monitoring procedures. Provide customer service that exceeds our customers' expectations at all times. Initiate escalation procedure to counteract potential threats, vulnerabilities and threat actors. Compilation and review of service focused reporting. Act as an escalation point for more junior members of the team, providing assistance and mentoring where necessary. Providing assistance to Senior Cyber Security Analysts on Threat Hunting engagements. Contributing to the continuous improvement of SOC procedures and documentation. Perform other duties as assigned. What we are looking for in you Practical knowledge of security and networking toolsets such including Microsofts XDR suite (Sentinel/Defender) Pre-existing, in-depth knowledge of common network protocols and endpoint detection/forensics Pre-existing, in-depth knowledge of Windows and Linux based operating systems. Experience in the extensive analysis of common security incidents. Experience in endpoint Ability to stay calm in highly sensitive and high pressure incidents. Certification s The following certifications are desirable, but not a requirement. Successful candidates that do not possess these certifications may be tasked with working towards them at the beginning of their employment: Azure based certifications (SC-200,AZ-500,MS-500) CREST CPSA / CRIA / CMRE / CNIA / CHIA CompTIA Security+ CompTIA Network+ Other relevant certifications. Ways of working Focusing on Clients and Customers. Working as One NCC.Always Learning.Being Inclusive and Respectful.Delivering Brilliantly. Our company At NCC Group, our mission is to create a more secure digital future. That mission underpins everything we do, from our work with our incredible clients to groundbreaking research shaping our industry. Our teams' partner with clients across a multitude of industries, delving into, securing new products, and emerging technologies, as well as solving complex security problems. As global leaders in cyber and escrow, NCC Group is a people-powered business seeking the next group of brilliant minds to join our ranks. Our colleagues are our greatest asset, and NCC Group is committed to providing an inclusive and supportive work environment that fosters creativity, collaboration, authenticity, and accountability. We want colleagues to put down roots at NCC Group, and we offer a comprehensive benefits package, as well as opportunities for learning and development and career growth. We believe our people are at their brilliant best when they feel bolstered in all aspects of their well-being, and we offer wellness programs and flexible working arrangements to provide that vital support.We have a high-performance culture which is balanced evenly with world-class well-being initiatives and benefits:Flexible working Financial & InvestmentPensionLife AssuranceShare Save SchemeMaternity & Paternity leaveCommunity & Volunteering Programmes Green Car Scheme Cycle Scheme Employee Referral Program Lifestyle & Wellness Learning & Development Diversity & Inclusion If this sounds like the right opportunity for you, then we would love to hear from you! Click on apply to this job to send us your CV and cover letter and the relevant member of our global talent team will be in touch with you. Alternatively send your details to . About your application We review every application received and will get in touch if your skills and experience match what we're looking for. If you don't hear back from us within 10 days, please don't be too disappointed - we may keep your CV on our database for any future vacancies and we would encourage you to keep an eye on our career opportunities as there may be other suitable roles.If you do not want us to retain your details, please email . All personal data is held in accordance with the NCC Group Privacy Policy (). We are committed to diversity and flexibility in the workplace. If you require any reasonable adjustments to support you during the application process, please tell us at any stage. Please note that this role involves mandatory pre-employment background checks due to the nature of the work NCC Group does. To apply, you must be willing and able to undergo the vetting process. This role being advertised will be subject to BS7858 screening as a mandatory requirement.
Feb 03, 2026
Full time
SOC Analyst Manchester, Cheltenham or London Today, it is an unavoidable fact that your business critical infrastructure and systems are at risk of attack. The key to good security is a clear understanding of what is most critical to the business. Where you do not have enough internal resources, time or skills to monitor and manage your IT environment 24/7, NCC Group can help, freeing up your skilled employees to focus on value-add activity.NCC Group provide a range of managed and hosted services delivered from our UK based Security Operations Centre SOC which operates 24/7, 365 days a year. Our team of over 30 accredited security experts are available 24/7, dealing daily with over 200 million log events and providing support for over 5,000 network devices.NCC Group's Cloud XDR Team provide a world class Extended Detection and Response (XDR) services; detecting, responding and mitigating cyber-attacks on our customers networks in our Security Operations Centres using the Microsoft Sentinel ecosystem.The Cloud XDR Team are looking for XDR Security Analysts with a passion for security to join the team to help the customers get the most out of our services and to protect their networks.This is an opportunity to join a technically advanced and talented team and help NCC Group build and deliver world class services to our customers.This role is ideal for a seasoned SOC Analyst with experience in cyber security looking to broaden their scope of cyber skills with a strong focus on detection and response to cyber incidents Summary Monitor global systems looking for potential threats, vulnerabilities and indicators of compromise. Perform in-depth analysis of security alerts utilizing Microsoft XDR suite (Sentinel/Defender etc) Provide Incident remediation and prevention documentation and recommendations to customers based on defined procedures and analyst experience. Document and conform to processes related to security monitoring procedures. Provide customer service that exceeds our customers' expectations at all times. Initiate escalation procedure to counteract potential threats, vulnerabilities and threat actors. Compilation and review of service focused reporting. Act as an escalation point for more junior members of the team, providing assistance and mentoring where necessary. Providing assistance to Senior Cyber Security Analysts on Threat Hunting engagements. Contributing to the continuous improvement of SOC procedures and documentation. Perform other duties as assigned. What we are looking for in you Practical knowledge of security and networking toolsets such including Microsofts XDR suite (Sentinel/Defender) Pre-existing, in-depth knowledge of common network protocols and endpoint detection/forensics Pre-existing, in-depth knowledge of Windows and Linux based operating systems. Experience in the extensive analysis of common security incidents. Experience in endpoint Ability to stay calm in highly sensitive and high pressure incidents. Certification s The following certifications are desirable, but not a requirement. Successful candidates that do not possess these certifications may be tasked with working towards them at the beginning of their employment: Azure based certifications (SC-200,AZ-500,MS-500) CREST CPSA / CRIA / CMRE / CNIA / CHIA CompTIA Security+ CompTIA Network+ Other relevant certifications. Ways of working Focusing on Clients and Customers. Working as One NCC.Always Learning.Being Inclusive and Respectful.Delivering Brilliantly. Our company At NCC Group, our mission is to create a more secure digital future. That mission underpins everything we do, from our work with our incredible clients to groundbreaking research shaping our industry. Our teams' partner with clients across a multitude of industries, delving into, securing new products, and emerging technologies, as well as solving complex security problems. As global leaders in cyber and escrow, NCC Group is a people-powered business seeking the next group of brilliant minds to join our ranks. Our colleagues are our greatest asset, and NCC Group is committed to providing an inclusive and supportive work environment that fosters creativity, collaboration, authenticity, and accountability. We want colleagues to put down roots at NCC Group, and we offer a comprehensive benefits package, as well as opportunities for learning and development and career growth. We believe our people are at their brilliant best when they feel bolstered in all aspects of their well-being, and we offer wellness programs and flexible working arrangements to provide that vital support.We have a high-performance culture which is balanced evenly with world-class well-being initiatives and benefits:Flexible working Financial & InvestmentPensionLife AssuranceShare Save SchemeMaternity & Paternity leaveCommunity & Volunteering Programmes Green Car Scheme Cycle Scheme Employee Referral Program Lifestyle & Wellness Learning & Development Diversity & Inclusion If this sounds like the right opportunity for you, then we would love to hear from you! Click on apply to this job to send us your CV and cover letter and the relevant member of our global talent team will be in touch with you. Alternatively send your details to . About your application We review every application received and will get in touch if your skills and experience match what we're looking for. If you don't hear back from us within 10 days, please don't be too disappointed - we may keep your CV on our database for any future vacancies and we would encourage you to keep an eye on our career opportunities as there may be other suitable roles.If you do not want us to retain your details, please email . All personal data is held in accordance with the NCC Group Privacy Policy (). We are committed to diversity and flexibility in the workplace. If you require any reasonable adjustments to support you during the application process, please tell us at any stage. Please note that this role involves mandatory pre-employment background checks due to the nature of the work NCC Group does. To apply, you must be willing and able to undergo the vetting process. This role being advertised will be subject to BS7858 screening as a mandatory requirement.
Cyber Security Analyst Milton Keynes - hybrid Up to 60,000, 10% annual bonus and excellent benefits. Our client is an impressive, innovative, multiple award-winning, leading IT Managed Service Provider; they believe great people build great companies and invest heavily in staff development, cultivating a culture of innovation, quality, and excellence. We are looking for a skilled and proactive Cyber Security Analyst to join their specialist security team. This role offers the opportunity to work across a diverse range of clients and environments, applying your technical expertise to enhance security operations, tooling, and compliance. You will play a key role in managing incidents, optimising security tools, and mentoring junior analysts, while contributing to the continuous improvement of their security posture. This is a hands-on, operationally focused role that blends technical security responsibilities with governance, risk, and compliance (GRC) elements. As Cyber Security Analyst, you will: Lead cyber incident investigations with SOC and client teams Triage and analyse alerts across email, cloud, and hybrid systems Perform threat hunting and develop detection use cases Manage vulnerability assessments and remediation efforts Maintain and optimise DLP tools and incident response Support forensic readiness and insider risk initiatives Develop and enforce security policies and awareness programs Lead incident response and produce investigation reports Utilise and enhance Microsoft Security Stack (Sentinel, Defender, Purview) Drive Zero Trust implementation Conduct security audits and generate KPI/compliance reports Mentor junior analysts and support their growth What are we looking for? Industry certifications such as Security+, ISC2 CC, Cisco, or equivalent. Progress toward or completion of Microsoft certifications: AZ-900, SC-200, SC-401, SC-500, and ideally SC-100. Strong written and verbal communication skills. Solid understanding of enterprise security operations and tooling. Experience in a technical cyber security role. Hands-on experience with the Microsoft Security Stack and other leading security tools. Familiarity with network and application firewalls. Working knowledge of security frameworks such as ISO27001, NIST, SOC2, and Cyber Essentials Plus. Experience with Privileged Access Management tools (e.g., CyberArk, Entra, SailPoint). Ability to quickly learn and adapt to new security tools and technologies. Please be aware this advert will remain open until the vacancy has been filled. Interviews will take place throughout this period, therefore we encourage you to apply early to avoid disappointment. Tate is acting as an Employment Business in relation to this vacancy. Tate is committed to promoting equal opportunities. To ensure that every candidate has the best experience with us, we encourage you to let us know if there are any adjustments we can make during the application or interview process. Your comfort and accessibility are our priority, and we are here to support you every step of the way. Additionally, we value and respect your individuality, and we invite you to share your preferred pronouns in your application.
Jan 31, 2026
Full time
Cyber Security Analyst Milton Keynes - hybrid Up to 60,000, 10% annual bonus and excellent benefits. Our client is an impressive, innovative, multiple award-winning, leading IT Managed Service Provider; they believe great people build great companies and invest heavily in staff development, cultivating a culture of innovation, quality, and excellence. We are looking for a skilled and proactive Cyber Security Analyst to join their specialist security team. This role offers the opportunity to work across a diverse range of clients and environments, applying your technical expertise to enhance security operations, tooling, and compliance. You will play a key role in managing incidents, optimising security tools, and mentoring junior analysts, while contributing to the continuous improvement of their security posture. This is a hands-on, operationally focused role that blends technical security responsibilities with governance, risk, and compliance (GRC) elements. As Cyber Security Analyst, you will: Lead cyber incident investigations with SOC and client teams Triage and analyse alerts across email, cloud, and hybrid systems Perform threat hunting and develop detection use cases Manage vulnerability assessments and remediation efforts Maintain and optimise DLP tools and incident response Support forensic readiness and insider risk initiatives Develop and enforce security policies and awareness programs Lead incident response and produce investigation reports Utilise and enhance Microsoft Security Stack (Sentinel, Defender, Purview) Drive Zero Trust implementation Conduct security audits and generate KPI/compliance reports Mentor junior analysts and support their growth What are we looking for? Industry certifications such as Security+, ISC2 CC, Cisco, or equivalent. Progress toward or completion of Microsoft certifications: AZ-900, SC-200, SC-401, SC-500, and ideally SC-100. Strong written and verbal communication skills. Solid understanding of enterprise security operations and tooling. Experience in a technical cyber security role. Hands-on experience with the Microsoft Security Stack and other leading security tools. Familiarity with network and application firewalls. Working knowledge of security frameworks such as ISO27001, NIST, SOC2, and Cyber Essentials Plus. Experience with Privileged Access Management tools (e.g., CyberArk, Entra, SailPoint). Ability to quickly learn and adapt to new security tools and technologies. Please be aware this advert will remain open until the vacancy has been filled. Interviews will take place throughout this period, therefore we encourage you to apply early to avoid disappointment. Tate is acting as an Employment Business in relation to this vacancy. Tate is committed to promoting equal opportunities. To ensure that every candidate has the best experience with us, we encourage you to let us know if there are any adjustments we can make during the application or interview process. Your comfort and accessibility are our priority, and we are here to support you every step of the way. Additionally, we value and respect your individuality, and we invite you to share your preferred pronouns in your application.
Product Manager SOC Analyst or SOC Specialist wishing to move into a Product Manager role. Hybrid working - Two days per week in-office in Horsham, West Sussex and 3 days remote working. Salary - £60k to £70k + excellent benefits scheme A market leading Digital Security Software provider with offices in UK, USA and Africa are looking for a SOC Specialist keen to become a Product Manager to join their UK team as they embark the development for a number of new products aimed at the SOC sector They are looking to hire a candidate with a strong background in Security Operations Centre work, who can work with their existing Product Managers and tech team to build a new SOC product for their global customer base. This role will suit a SOC specialist who is looking for a career progression move into a Product Management role. The SOC knowledge is key to this role, and they will train you on the client skills and product management skills needed for this role. This role is offered on a hybrid working basis - 2 days per week in Horsham, West Sussex and 3 days remote working This job will suit a SOC specialist who is passionate about joining a team who are building products that customers love. You will join a dynamic and fast-paced environment and work with cross-functional teams to design, build and roll-out products that deliver the company s vision and strategy. This role will provide the right candidate with the opportunity to work on some extremely rewarding projects supporting the development of impactful SOC and Digital Security software while working with a friendly and supportive team. SOC knowledge and IT Security industry experience would be beneficial in this role. The role has a strong opportunity for growth and will play an integral role in helping shape the company s new SOC products for the future. Role Responsibilities: This role will be responsible for gathering customer requirements from Sales, Marketing, and Training teams, and defining the product roadmaps with engineering. The Product Manager will also be responsible for prioritizing customer requirements to create winning products. The primary responsibility lies in defining a clear roadmap that aligns with engineering team goals while keeping up to date on all developments essential to achieving our desired outcomes. Responsibilities will include: Provide expert SOC operational guidance to product management and engineering teams throughout the product development lifecycle Define and document detailed system-level requirements for SOC analyst tools, ensuring alignment with real-world operational needs Translate SOC analyst pain points, workflows, and use cases into actionable product features and user stories Design and validate alert prioritization algorithms, incident triage workflows, and automated playbook logic based on operational experience Collaborate with product managers to shape product strategy, roadmap priorities, and feature definitions Conduct customer discovery sessions, interviews, and workshops with SOC teams to gather requirements and validate concepts Create realistic user personas, journey maps, and workflow diagrams that represent authentic SOC analyst experiences Evaluate competitive SOC tools and industry trends to inform product differentiation and innovation opportunities Participate in proof-of-concept development to validate new features addressing critical analyst decision-making challenges Work with UX designers to ensure intuitive interfaces that match SOC analyst mental models and workflow patterns Provide technical consultation on threat detection logic, MITRE ATT&CK mapping, and security operations best practices Support go-to-market activities by creating technical content, conducting product demonstrations, and engaging with prospective customers Mentor and educate internal teams on SOC operations, threat landscapes, and analyst workflows Ensure product features align with industry frameworks (MITRE ATT&CK, NIST, ISO 27001) and SOC maturity models Customer & Pre-Sales Enablement Act as a trusted SOC and cyber defence expert in customer meetings, workshops, and solution design sessions Support pre-sales engagements by articulating operational value, use cases, and real-world applicability Deliver product demonstrations and technical briefings tailored to SOC practitioners, security leaders, and decision-makers Translate complex SOC workflows and technical concepts into clear, compelling narratives for customers and stakeholders Support go-to-market activities through technical content creation, presentations, and customer engagement Skills and Experience: Minimum 6 years of hands-on experience as a SOC Analyst, Senior SOC Analyst, or SOC Team Lead Deep understanding of end-to-end SOC operations including alert triage, incident response, threat hunting, and case management Extensive experience with SIEM platforms, security orchestration tools, and the broader SOC technology stack Strong knowledge of threat detection methodologies, alert correlation, and incident prioritization frameworks Expert-level understanding of MITRE ATT&CK framework and its practical application in SOC operations Excellent communication skills with ability to articulate complex security concepts to both technical and business audiences Desirable: Experience in Tier 2 or Tier 3 SOC roles with incident response and threat hunting responsibilities Previous involvement in SOC tool evaluation, selection, or implementation projects Familiarity with product management principles, agile methodologies, or requirements gathering processes Experience presenting to executive leadership or external stakeholders Security certifications (e.g., GCIH, GCIA, GCFA, CISSP, GMON) demonstrating advanced security operations expertise This is an opportunity for a SOC Specialist to move their career from technical to a Product Management role while performing extremely rewarding work developing meaningful Digital Security & SOC Software. The role has the strong opportunity for growth and the chance to be an important voice in shaping the company s development processes. If you want to work for a company where your work will be enjoyable and have a positive impact on society in general, then this will be a great job opportunity for you to consider. Please send your CV for immediate interview. Please note that we can only consider candidates based in the U.K and who are willing/able to travel to their office in Horsham, West Sussex for two days per week.
Jan 30, 2026
Full time
Product Manager SOC Analyst or SOC Specialist wishing to move into a Product Manager role. Hybrid working - Two days per week in-office in Horsham, West Sussex and 3 days remote working. Salary - £60k to £70k + excellent benefits scheme A market leading Digital Security Software provider with offices in UK, USA and Africa are looking for a SOC Specialist keen to become a Product Manager to join their UK team as they embark the development for a number of new products aimed at the SOC sector They are looking to hire a candidate with a strong background in Security Operations Centre work, who can work with their existing Product Managers and tech team to build a new SOC product for their global customer base. This role will suit a SOC specialist who is looking for a career progression move into a Product Management role. The SOC knowledge is key to this role, and they will train you on the client skills and product management skills needed for this role. This role is offered on a hybrid working basis - 2 days per week in Horsham, West Sussex and 3 days remote working This job will suit a SOC specialist who is passionate about joining a team who are building products that customers love. You will join a dynamic and fast-paced environment and work with cross-functional teams to design, build and roll-out products that deliver the company s vision and strategy. This role will provide the right candidate with the opportunity to work on some extremely rewarding projects supporting the development of impactful SOC and Digital Security software while working with a friendly and supportive team. SOC knowledge and IT Security industry experience would be beneficial in this role. The role has a strong opportunity for growth and will play an integral role in helping shape the company s new SOC products for the future. Role Responsibilities: This role will be responsible for gathering customer requirements from Sales, Marketing, and Training teams, and defining the product roadmaps with engineering. The Product Manager will also be responsible for prioritizing customer requirements to create winning products. The primary responsibility lies in defining a clear roadmap that aligns with engineering team goals while keeping up to date on all developments essential to achieving our desired outcomes. Responsibilities will include: Provide expert SOC operational guidance to product management and engineering teams throughout the product development lifecycle Define and document detailed system-level requirements for SOC analyst tools, ensuring alignment with real-world operational needs Translate SOC analyst pain points, workflows, and use cases into actionable product features and user stories Design and validate alert prioritization algorithms, incident triage workflows, and automated playbook logic based on operational experience Collaborate with product managers to shape product strategy, roadmap priorities, and feature definitions Conduct customer discovery sessions, interviews, and workshops with SOC teams to gather requirements and validate concepts Create realistic user personas, journey maps, and workflow diagrams that represent authentic SOC analyst experiences Evaluate competitive SOC tools and industry trends to inform product differentiation and innovation opportunities Participate in proof-of-concept development to validate new features addressing critical analyst decision-making challenges Work with UX designers to ensure intuitive interfaces that match SOC analyst mental models and workflow patterns Provide technical consultation on threat detection logic, MITRE ATT&CK mapping, and security operations best practices Support go-to-market activities by creating technical content, conducting product demonstrations, and engaging with prospective customers Mentor and educate internal teams on SOC operations, threat landscapes, and analyst workflows Ensure product features align with industry frameworks (MITRE ATT&CK, NIST, ISO 27001) and SOC maturity models Customer & Pre-Sales Enablement Act as a trusted SOC and cyber defence expert in customer meetings, workshops, and solution design sessions Support pre-sales engagements by articulating operational value, use cases, and real-world applicability Deliver product demonstrations and technical briefings tailored to SOC practitioners, security leaders, and decision-makers Translate complex SOC workflows and technical concepts into clear, compelling narratives for customers and stakeholders Support go-to-market activities through technical content creation, presentations, and customer engagement Skills and Experience: Minimum 6 years of hands-on experience as a SOC Analyst, Senior SOC Analyst, or SOC Team Lead Deep understanding of end-to-end SOC operations including alert triage, incident response, threat hunting, and case management Extensive experience with SIEM platforms, security orchestration tools, and the broader SOC technology stack Strong knowledge of threat detection methodologies, alert correlation, and incident prioritization frameworks Expert-level understanding of MITRE ATT&CK framework and its practical application in SOC operations Excellent communication skills with ability to articulate complex security concepts to both technical and business audiences Desirable: Experience in Tier 2 or Tier 3 SOC roles with incident response and threat hunting responsibilities Previous involvement in SOC tool evaluation, selection, or implementation projects Familiarity with product management principles, agile methodologies, or requirements gathering processes Experience presenting to executive leadership or external stakeholders Security certifications (e.g., GCIH, GCIA, GCFA, CISSP, GMON) demonstrating advanced security operations expertise This is an opportunity for a SOC Specialist to move their career from technical to a Product Management role while performing extremely rewarding work developing meaningful Digital Security & SOC Software. The role has the strong opportunity for growth and the chance to be an important voice in shaping the company s development processes. If you want to work for a company where your work will be enjoyable and have a positive impact on society in general, then this will be a great job opportunity for you to consider. Please send your CV for immediate interview. Please note that we can only consider candidates based in the U.K and who are willing/able to travel to their office in Horsham, West Sussex for two days per week.
Threat Intelligence Analyst Edinburgh (Hybrid) Competitive Salary + Excellent Benefits Hunt threats. Shape intelligence. Make a real impact. Quorum is one of Scotland s largest Microsoft Partners and a Microsoft Direct Cloud Solutions Provider (CSP). As we continue to grow our security services, we re looking for a Threat Intelligence Analyst to join our expert team on a permanent basis. In this role, you ll be at the frontline of cyber defence proactively identifying, analysing, and mitigating threats through intelligence-led investigations and advanced threat hunting. You ll combine deep technical skills with the ability to clearly communicate risk and impact to both technical teams and clients. Just as importantly, you ll be supported at every stage of your career. At Quorum, training and development aren t buzzwords they re a promise. We invest heavily in our people and even reward you financially for the Microsoft accreditations you achieve. Key Responsibilities of the Threat Intelligence Analyst: Threat Hunting & Analysis Conduct proactive threat hunts based on hypotheses and real-world attack scenarios Investigate Indicators of Compromise (IOCs) and adversary TTPs Leverage threat intelligence feeds, OSINT, and commercial platforms to enrich detection Develop and maintain detection rules across SIEM and EDR platforms Threat Intelligence Management Collect, validate, and analyse threat data from multiple sources Monitor emerging threats, vulnerabilities, and attack trends Produce high-quality, actionable intelligence for internal teams and clients Client Engagement & Reporting Deliver clear, concise threat intelligence briefings Create tailored reports for strategic, operational, and technical audiences Translate complex technical findings into meaningful business impact Collaboration & Continuous Improvement Work closely with SOC analysts, incident responders, and engineering teams Contribute to playbooks, automation, and threat-hunting maturity Participate in service reviews and governance meetings What we re looking for: 2 3 years experience in threat intelligence and/or threat hunting Strong understanding of MITRE ATT&CK, malware analysis, and adversary behaviour Hands-on experience with Microsoft Sentinel, Defender XDR, and threat intelligence platforms Proficiency in KQL, Python, or similar scripting/query languages Excellent communication skills comfortable presenting to clients Analytical, detail-driven mindset with the ability to manage multiple investigations Passion for cybersecurity and a desire to keep learning Why join Quorum? Quorum is an Employee-Owned Scottish company delivering custom technology solutions, infrastructure consultancy, and managed services to organisations ranging from major financial institutions to small businesses. We re proud of our low staff turnover, collaborative culture, and genuine focus on work-life balance. Our benefits include: Highly competitive salary Contributory pension Private healthcare Buy & sell holidays Paid home broadband Annual personal technical training budget Paid Microsoft certifications plus annual bonus for accreditations Award-winning Family Friendly Working policies And yes we really are a nice bunch of people to work with. Ready to apply? If you eat, sleep, and breathe technology and want to build your threat intelligence career in a supportive, forward-thinking environment we d love to hear from you. Apply today and help us stay one step ahead of the threat.
Jan 30, 2026
Full time
Threat Intelligence Analyst Edinburgh (Hybrid) Competitive Salary + Excellent Benefits Hunt threats. Shape intelligence. Make a real impact. Quorum is one of Scotland s largest Microsoft Partners and a Microsoft Direct Cloud Solutions Provider (CSP). As we continue to grow our security services, we re looking for a Threat Intelligence Analyst to join our expert team on a permanent basis. In this role, you ll be at the frontline of cyber defence proactively identifying, analysing, and mitigating threats through intelligence-led investigations and advanced threat hunting. You ll combine deep technical skills with the ability to clearly communicate risk and impact to both technical teams and clients. Just as importantly, you ll be supported at every stage of your career. At Quorum, training and development aren t buzzwords they re a promise. We invest heavily in our people and even reward you financially for the Microsoft accreditations you achieve. Key Responsibilities of the Threat Intelligence Analyst: Threat Hunting & Analysis Conduct proactive threat hunts based on hypotheses and real-world attack scenarios Investigate Indicators of Compromise (IOCs) and adversary TTPs Leverage threat intelligence feeds, OSINT, and commercial platforms to enrich detection Develop and maintain detection rules across SIEM and EDR platforms Threat Intelligence Management Collect, validate, and analyse threat data from multiple sources Monitor emerging threats, vulnerabilities, and attack trends Produce high-quality, actionable intelligence for internal teams and clients Client Engagement & Reporting Deliver clear, concise threat intelligence briefings Create tailored reports for strategic, operational, and technical audiences Translate complex technical findings into meaningful business impact Collaboration & Continuous Improvement Work closely with SOC analysts, incident responders, and engineering teams Contribute to playbooks, automation, and threat-hunting maturity Participate in service reviews and governance meetings What we re looking for: 2 3 years experience in threat intelligence and/or threat hunting Strong understanding of MITRE ATT&CK, malware analysis, and adversary behaviour Hands-on experience with Microsoft Sentinel, Defender XDR, and threat intelligence platforms Proficiency in KQL, Python, or similar scripting/query languages Excellent communication skills comfortable presenting to clients Analytical, detail-driven mindset with the ability to manage multiple investigations Passion for cybersecurity and a desire to keep learning Why join Quorum? Quorum is an Employee-Owned Scottish company delivering custom technology solutions, infrastructure consultancy, and managed services to organisations ranging from major financial institutions to small businesses. We re proud of our low staff turnover, collaborative culture, and genuine focus on work-life balance. Our benefits include: Highly competitive salary Contributory pension Private healthcare Buy & sell holidays Paid home broadband Annual personal technical training budget Paid Microsoft certifications plus annual bonus for accreditations Award-winning Family Friendly Working policies And yes we really are a nice bunch of people to work with. Ready to apply? If you eat, sleep, and breathe technology and want to build your threat intelligence career in a supportive, forward-thinking environment we d love to hear from you. Apply today and help us stay one step ahead of the threat.
World Class Defence Organisation based in Stevenage, Hertfordshire is currently looking to recruit 8x SOC Threat Detection Analyst subcontractors on an initial 6 month contract. This role can start on an SC Security Clearance basis, however DV Clearance will be required down the line. This role would suit someone from a Cyber Security Analyst, SOC Analyst or Threat Detection Analyst background. Hourly Rate: 45ph - 85 per hour. There are 8 positions being recruited across the mid-senior level. Overtime rate of time and a quarter. Contract Duration: 6 Months initially and long-term thereafter. Shift pattern: 28 day Cycle Sat to Tue - Earlies (Apply online only) Wed to Sun - Off Mon to Fri - Lates (Apply online only) Sat to Tue Off Wed to Sun - Nights (Apply online only) (The type of shift rotates along the pattern through, so the start of the next 28 day cycle they start with lates -> Nights -> earlies then next cycle: Nights -> earlies -> lates) 28 days = 4 weeks, 14 days worked per 28 days, 3.5 days worked per week, 3.5 x 8 = 28 hours per week Initially may not be expected to do nights until team grows. SOC Threat Detection Analyst Job Description: An opportunity has arisen in the cyber security operations centre (SOC) within Information Management (IM) for a SOC Threat Detection Analyst. Supporting the Senior SOC analysts in assisting IM meet the challenges and demands of countering the Cyber Threat. The successful applicant will drive a proactive ethos in an ever-changing cyber security environment and provide robust threat detection and analysis within the 24x7 SOC. Responsibilities: To support the SOC Manager in assisting Information Management UK meet the challenges and demands of countering the Cyber Threat. Support for the operational functions of the UK SOC. To work with other UK SOC members, including the UK InfoSec Team and the IM Domains (Customer Support and Infrastructure / Information Systems). It will cover analysis, monitoring, reporting, alerting and investigation activity utilising a wide variety of security platforms including AI/ML and behavioural analytics, SIEM (Security Information Event Management), Network Packet Capture platform, Anti Malicious Code, Threat Detection technologies and platforms across the UK Network Perimeter working with the best standard technologies. The SOC Analyst reports to the SOC Manager. The SOC Analyst conducts a range of analysis and assists the incident response team with investigations that need to be escalated to an embedded member of staff. The SOC Analyst key responsibilities are: Effective Tier 1 to 2 alert triage of security events Monitoring of Cyber Security tools Monitoring the SOC email notification mailboxes Assists with the maintenance of Security technologies Assisting the SOC Solutions Lead with project activity Assist proactive threat hunting in collaboration with the CTI function Assist IR in HR and InfoSec related investigations Ensure the timely triage and remediation of any incident or request tickets raised to the SOC Participate in the activity of adding/removing URLs from the AcceptList and BlockList Attend routine security meetings Conduct activities in line with SOC Maturity and continuous improvement Skillset/experience required (Baseline): A career background in Cyber Security. Security awareness and experience in all areas of IT, primarily Network Security, Infrastructure and the secondary area being Operating Systems & Applications. Knowledge of IT Security standard methodologies. Demonstrable understanding of the OSI Reference Model and the network communication protocols, including but not limited to DNS, HTTP/S, SSL, SMTP, FTP/S, LDAP/S. Demonstrable experience with Security Information Event Monitoring Tools and/or Network Packet Capture tools. Hands on experience with IDS/IPS technologies and threat hunting activities. Strong analytical experience and mind-set. Experience within Defensive Cyber-attack methodologies and frameworks. Understanding of Malware capabilities, attack vectors, propagation and impact. Good communication skills liaising with the business and suppliers. Desirable Skillset/experience (Senior grade): Root cause analysis and leading T2 incident investigations Process / Playbook / Runbook development Working knowledge of detection engineering, false positive improvements Capability to tune SIEM rules or create custom detections Scripted automation experience e.g. Python, SOAR, PowerShell Threat modelling and Hunting methodologies
Jan 27, 2026
Contractor
World Class Defence Organisation based in Stevenage, Hertfordshire is currently looking to recruit 8x SOC Threat Detection Analyst subcontractors on an initial 6 month contract. This role can start on an SC Security Clearance basis, however DV Clearance will be required down the line. This role would suit someone from a Cyber Security Analyst, SOC Analyst or Threat Detection Analyst background. Hourly Rate: 45ph - 85 per hour. There are 8 positions being recruited across the mid-senior level. Overtime rate of time and a quarter. Contract Duration: 6 Months initially and long-term thereafter. Shift pattern: 28 day Cycle Sat to Tue - Earlies (Apply online only) Wed to Sun - Off Mon to Fri - Lates (Apply online only) Sat to Tue Off Wed to Sun - Nights (Apply online only) (The type of shift rotates along the pattern through, so the start of the next 28 day cycle they start with lates -> Nights -> earlies then next cycle: Nights -> earlies -> lates) 28 days = 4 weeks, 14 days worked per 28 days, 3.5 days worked per week, 3.5 x 8 = 28 hours per week Initially may not be expected to do nights until team grows. SOC Threat Detection Analyst Job Description: An opportunity has arisen in the cyber security operations centre (SOC) within Information Management (IM) for a SOC Threat Detection Analyst. Supporting the Senior SOC analysts in assisting IM meet the challenges and demands of countering the Cyber Threat. The successful applicant will drive a proactive ethos in an ever-changing cyber security environment and provide robust threat detection and analysis within the 24x7 SOC. Responsibilities: To support the SOC Manager in assisting Information Management UK meet the challenges and demands of countering the Cyber Threat. Support for the operational functions of the UK SOC. To work with other UK SOC members, including the UK InfoSec Team and the IM Domains (Customer Support and Infrastructure / Information Systems). It will cover analysis, monitoring, reporting, alerting and investigation activity utilising a wide variety of security platforms including AI/ML and behavioural analytics, SIEM (Security Information Event Management), Network Packet Capture platform, Anti Malicious Code, Threat Detection technologies and platforms across the UK Network Perimeter working with the best standard technologies. The SOC Analyst reports to the SOC Manager. The SOC Analyst conducts a range of analysis and assists the incident response team with investigations that need to be escalated to an embedded member of staff. The SOC Analyst key responsibilities are: Effective Tier 1 to 2 alert triage of security events Monitoring of Cyber Security tools Monitoring the SOC email notification mailboxes Assists with the maintenance of Security technologies Assisting the SOC Solutions Lead with project activity Assist proactive threat hunting in collaboration with the CTI function Assist IR in HR and InfoSec related investigations Ensure the timely triage and remediation of any incident or request tickets raised to the SOC Participate in the activity of adding/removing URLs from the AcceptList and BlockList Attend routine security meetings Conduct activities in line with SOC Maturity and continuous improvement Skillset/experience required (Baseline): A career background in Cyber Security. Security awareness and experience in all areas of IT, primarily Network Security, Infrastructure and the secondary area being Operating Systems & Applications. Knowledge of IT Security standard methodologies. Demonstrable understanding of the OSI Reference Model and the network communication protocols, including but not limited to DNS, HTTP/S, SSL, SMTP, FTP/S, LDAP/S. Demonstrable experience with Security Information Event Monitoring Tools and/or Network Packet Capture tools. Hands on experience with IDS/IPS technologies and threat hunting activities. Strong analytical experience and mind-set. Experience within Defensive Cyber-attack methodologies and frameworks. Understanding of Malware capabilities, attack vectors, propagation and impact. Good communication skills liaising with the business and suppliers. Desirable Skillset/experience (Senior grade): Root cause analysis and leading T2 incident investigations Process / Playbook / Runbook development Working knowledge of detection engineering, false positive improvements Capability to tune SIEM rules or create custom detections Scripted automation experience e.g. Python, SOAR, PowerShell Threat modelling and Hunting methodologies
