Location Relaxed Hybrid and Flexible Working Environment About the job Job summary Registers of Scotland (RoS) Join an award-winning organisation recognised for its technology and innovation. RoS is a world-leading pioneer in land and property registration. We work to create data-led, digital solutions for the people of Scotland. Our full-stack teams design, architect, and build all our registration products in-house. The Role We are seeking a technically skilled and people-focused SOC Technical Team Lead to join our Cyber Security team at Registers of Scotland. This role provides both technical leadership and line management for the Security Operations Centre (SOC) team, ensuring the delivery of high-quality threat detection, incident response, and vulnerability management services. We're looking for candidates with at least three years experience in a Security Operations Centre or similar environment, to ensure they bring the hands-on expertise and operational insight needed to lead effective incident response and support a high-performing security team. As SOC Technical Team Lead, you'll lead a team of analysts and work closely with cyber engineers to develop and automate threat detection and response playbooks. A key part of the role is ensuring SOC processes are fully integrated with existing ITSM workflows and that service levels are monitored and reported through agreed SLA/OLA metrics and outcome-driven key performance indicators. Please note we have partnered with an agency for this position and will be accepting applications via their website. Job description On a typical day you will Provide line management, coaching, and development to SOC analysts and engineers. Lead the configuration, tuning, and maintenance of core SOC capabilities including log aggregation, alerting, correlation, threat detection, and response tooling. Collaborate with cyber engineers to develop and automate detection logic and incident response playbooks. Work with our Technical Product Manager and Security Architect to ensure SOC capabilities align with enterprise security architecture and strategy. Develop and maintain scenario-based runbooks and technical procedures for incident response. Engage with project teams to provide security assurance for new and existing services. Drive continuous improvement in SOC operations, tooling, and team capability. Monitor and report on SOC performance, including: - SLA/OLA adherence and incident handling timelines - Volume and severity of security incidents - Average time to detect (MTTD) and respond (MTTR) to threats - Accuracy and relevance of alerts (e.g. reducing false alarms) - Coverage of threat detection across systems and services - Outcome-focused metrics such as reduced dwell time, successful containment rates, and measurable improvements in security posture Person specification Proven experience in a Security Operations Centre or operational security environment. Demonstrable experience managing or leading a technical team or function in an enterprise setting. Strong background in operating and maintaining SOC capabilities such as log management, alerting, threat detection, and incident response tooling. Experience in incident response, including leading technical investigations and developing response frameworks. Proficiency in integrating and operationalising cyber threat intelligence. Experience working with ITSM systems to manage and prioritise workloads. Experience reporting on SOC metrics including SLA/OLA performance, MTTD/MTTR, alert accuracy, and outcome-based security improvements. Excellent interpersonal and communication skills, with the ability to work effectively across technical and non-technical teams. Experience developing or implementing vulnerability management tools and processes. Familiarity with cloud security monitoring and hybrid infrastructure environments. Knowledge of relevant security frameworks such as NIST CRF, ISO 27001, NCSC CAF, and MITRE ATT&CK. Experience contributing to or leading SOC maturity assessments or improvement programmes.
Jan 16, 2026
Full time
Location Relaxed Hybrid and Flexible Working Environment About the job Job summary Registers of Scotland (RoS) Join an award-winning organisation recognised for its technology and innovation. RoS is a world-leading pioneer in land and property registration. We work to create data-led, digital solutions for the people of Scotland. Our full-stack teams design, architect, and build all our registration products in-house. The Role We are seeking a technically skilled and people-focused SOC Technical Team Lead to join our Cyber Security team at Registers of Scotland. This role provides both technical leadership and line management for the Security Operations Centre (SOC) team, ensuring the delivery of high-quality threat detection, incident response, and vulnerability management services. We're looking for candidates with at least three years experience in a Security Operations Centre or similar environment, to ensure they bring the hands-on expertise and operational insight needed to lead effective incident response and support a high-performing security team. As SOC Technical Team Lead, you'll lead a team of analysts and work closely with cyber engineers to develop and automate threat detection and response playbooks. A key part of the role is ensuring SOC processes are fully integrated with existing ITSM workflows and that service levels are monitored and reported through agreed SLA/OLA metrics and outcome-driven key performance indicators. Please note we have partnered with an agency for this position and will be accepting applications via their website. Job description On a typical day you will Provide line management, coaching, and development to SOC analysts and engineers. Lead the configuration, tuning, and maintenance of core SOC capabilities including log aggregation, alerting, correlation, threat detection, and response tooling. Collaborate with cyber engineers to develop and automate detection logic and incident response playbooks. Work with our Technical Product Manager and Security Architect to ensure SOC capabilities align with enterprise security architecture and strategy. Develop and maintain scenario-based runbooks and technical procedures for incident response. Engage with project teams to provide security assurance for new and existing services. Drive continuous improvement in SOC operations, tooling, and team capability. Monitor and report on SOC performance, including: - SLA/OLA adherence and incident handling timelines - Volume and severity of security incidents - Average time to detect (MTTD) and respond (MTTR) to threats - Accuracy and relevance of alerts (e.g. reducing false alarms) - Coverage of threat detection across systems and services - Outcome-focused metrics such as reduced dwell time, successful containment rates, and measurable improvements in security posture Person specification Proven experience in a Security Operations Centre or operational security environment. Demonstrable experience managing or leading a technical team or function in an enterprise setting. Strong background in operating and maintaining SOC capabilities such as log management, alerting, threat detection, and incident response tooling. Experience in incident response, including leading technical investigations and developing response frameworks. Proficiency in integrating and operationalising cyber threat intelligence. Experience working with ITSM systems to manage and prioritise workloads. Experience reporting on SOC metrics including SLA/OLA performance, MTTD/MTTR, alert accuracy, and outcome-based security improvements. Excellent interpersonal and communication skills, with the ability to work effectively across technical and non-technical teams. Experience developing or implementing vulnerability management tools and processes. Familiarity with cloud security monitoring and hybrid infrastructure environments. Knowledge of relevant security frameworks such as NIST CRF, ISO 27001, NCSC CAF, and MITRE ATT&CK. Experience contributing to or leading SOC maturity assessments or improvement programmes.
Location(s):UK, Europe & Africa : UK : London UK, Europe & Africa : UK : Leeds BAE Systems Digital Intelligence is home to 4,500 digital, cyber and intelligence experts. We work collaboratively across 10 countries to collect, connect and understand complex data, so that governments, nation states, armed forces and commercial businesses can unlock digital advantage in the most demanding environments. Job Title: Threat Intelligence Analyst Requisition ID: 122576 Location: London - We offer a range of hybrid and flexible working arrangements - please speak to your recruiter about the options for this particular role. Grade: GG11 Referral Bonus: £5,000 Role description To undertake the day to day operation of (and incremental improvement of) a dedicated Security Operations Centre (SOC) to support the defence of a major UK CNI organisation. The networks protected are predominantly hosted in Azure cloud platforms, with many systems within these environments that must be protected. The customer is committed to development of this improved SOC to be a benchmark of best practice and excellence in reflection of the significant threat that the protected systems are subject to. The SOC Analyst roles are 'hands on' shift based roles, working as part of a 24/7 operation with four shift teams working in a standard rotation. They are responsible for utilising the SOC's SIEM and SOAR toolsets to detect and investigate potential Security and Service Incidents occurring within the monitored networks. These roles require a minimum of SC clearance. Due to timelines for the start of operations, it will not be possible to sponsor new clearances so candidates must have existing clearances. Responsibilities Produce and maintain threat assessments to provide a clear understanding of the customer threat landscape. Maintain the IoC database tailored to the monitored environment and threats and ensure changes are pushed to the detection systems in a timely manner. Maintain threat profiles and threat modelling and applicability to the monitored estate along with updating the modelling to detail what detection and controls are in place to mitigate the threats. Gather and maintain a set of TI requirements that define the threats that will be monitored, tracked and researched by the TI Team. Oversee the collection, collation and maintenance of threat data collected from open and closed sources and ensure it appropriately validated. Conduct analysis and research to determine the identity, motivations, relationships, targets / victims, capabilities, tooling and infrastructure of threat groups relevant to customer. Requirements Technical Working in a Threat Intelligence team developing threat intelligence products for technical and non-technical audiences. Performing malware analysis and reverse engineering. Conducting threat assessments and defining threat intelligence requirements. Developing and maintaining threat data sources. Advanced knowledge of Windows and Linux operating systems and use of the command line. Advanced knowledge of core networking concepts and technologies e.g. TCP/IP. Intermediate knowledge of malware behaviour and techniques employed by attackers to evade security controls. Intermediate knowledge of malware analysis and reverse engineering techniques. Non-technical Client side consulting, including stakeholder engagement and the ability to communicate insights and concepts to others (including briefing skills and report writing). Able to understand and adapt to different cultures and hierarchical structures. Team player and adept at working in multi disciplinary and diverse teams. Proven analytical skills capable of solving new and complex technical problems. Excellent written and verbal communication skills with the ability to communicate the impact and importance of detailed technical information to non technical and senior audiences. Leading and managing small teams of highly skilled technical people. Managing and building relationships with customer and internal stakeholders. Self motivated and motivates others keeping morale and performance high. Why BAE Systems? This is a place where you'll be able to make a real difference. You'll be part of an inclusive culture that values diversity, rewards integrity, and merit, and where you'll be empowered to fulfil your potential. We welcome candidates from all backgrounds and particularly from sections of the community who are currently underrepresented within our industry, including women, ethnic minorities, people with disabilities and LGBTQ+ individuals. We also want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments. Life at BAE Systems Digital Intelligence We are embracing Hybrid Working. This means you and your colleagues may be working in different locations, such as from home, another BAE Systems office or client site, some or all of the time, and work might be going on at different times of the day. By embracing technology, we can interact, collaborate and create together, even when we're working remotely from one another. Hybrid Working allows for increased flexibility in when and where we work, helping us to balance our work and personal life more effectively, and enhance well being. Diversity and inclusion are integral to the success of BAE Systems Digital Intelligence. We are proud to have an organisational culture where employees with varying perspectives, skills, life experiences and backgrounds - the best and brightest minds - can work together to achieve excellence and realise individual and organisational potential. Division overview: Government At BAE Systems Digital Intelligence, we pride ourselves in being a leader in the cyber defence industry, and Government contracts are an area we have many decades of experience in. Government and key infrastructure networks are critical targets to defend as the effects of these networks being breached can be devastating. As a member of the Government business unit, you will defend the connected world and ensure the protection of nations. We all have a role to play in defending our clients, and this is yours. This vacancy is eligible for the UK Employee Referral Scheme. Amount: £5,000
Jan 10, 2026
Full time
Location(s):UK, Europe & Africa : UK : London UK, Europe & Africa : UK : Leeds BAE Systems Digital Intelligence is home to 4,500 digital, cyber and intelligence experts. We work collaboratively across 10 countries to collect, connect and understand complex data, so that governments, nation states, armed forces and commercial businesses can unlock digital advantage in the most demanding environments. Job Title: Threat Intelligence Analyst Requisition ID: 122576 Location: London - We offer a range of hybrid and flexible working arrangements - please speak to your recruiter about the options for this particular role. Grade: GG11 Referral Bonus: £5,000 Role description To undertake the day to day operation of (and incremental improvement of) a dedicated Security Operations Centre (SOC) to support the defence of a major UK CNI organisation. The networks protected are predominantly hosted in Azure cloud platforms, with many systems within these environments that must be protected. The customer is committed to development of this improved SOC to be a benchmark of best practice and excellence in reflection of the significant threat that the protected systems are subject to. The SOC Analyst roles are 'hands on' shift based roles, working as part of a 24/7 operation with four shift teams working in a standard rotation. They are responsible for utilising the SOC's SIEM and SOAR toolsets to detect and investigate potential Security and Service Incidents occurring within the monitored networks. These roles require a minimum of SC clearance. Due to timelines for the start of operations, it will not be possible to sponsor new clearances so candidates must have existing clearances. Responsibilities Produce and maintain threat assessments to provide a clear understanding of the customer threat landscape. Maintain the IoC database tailored to the monitored environment and threats and ensure changes are pushed to the detection systems in a timely manner. Maintain threat profiles and threat modelling and applicability to the monitored estate along with updating the modelling to detail what detection and controls are in place to mitigate the threats. Gather and maintain a set of TI requirements that define the threats that will be monitored, tracked and researched by the TI Team. Oversee the collection, collation and maintenance of threat data collected from open and closed sources and ensure it appropriately validated. Conduct analysis and research to determine the identity, motivations, relationships, targets / victims, capabilities, tooling and infrastructure of threat groups relevant to customer. Requirements Technical Working in a Threat Intelligence team developing threat intelligence products for technical and non-technical audiences. Performing malware analysis and reverse engineering. Conducting threat assessments and defining threat intelligence requirements. Developing and maintaining threat data sources. Advanced knowledge of Windows and Linux operating systems and use of the command line. Advanced knowledge of core networking concepts and technologies e.g. TCP/IP. Intermediate knowledge of malware behaviour and techniques employed by attackers to evade security controls. Intermediate knowledge of malware analysis and reverse engineering techniques. Non-technical Client side consulting, including stakeholder engagement and the ability to communicate insights and concepts to others (including briefing skills and report writing). Able to understand and adapt to different cultures and hierarchical structures. Team player and adept at working in multi disciplinary and diverse teams. Proven analytical skills capable of solving new and complex technical problems. Excellent written and verbal communication skills with the ability to communicate the impact and importance of detailed technical information to non technical and senior audiences. Leading and managing small teams of highly skilled technical people. Managing and building relationships with customer and internal stakeholders. Self motivated and motivates others keeping morale and performance high. Why BAE Systems? This is a place where you'll be able to make a real difference. You'll be part of an inclusive culture that values diversity, rewards integrity, and merit, and where you'll be empowered to fulfil your potential. We welcome candidates from all backgrounds and particularly from sections of the community who are currently underrepresented within our industry, including women, ethnic minorities, people with disabilities and LGBTQ+ individuals. We also want to make sure that our recruitment processes are as inclusive as possible. If you have a disability or health condition (for example dyslexia, autism, an anxiety disorder etc.) that may affect your performance in certain assessment types, please speak to your recruiter about potential reasonable adjustments. Life at BAE Systems Digital Intelligence We are embracing Hybrid Working. This means you and your colleagues may be working in different locations, such as from home, another BAE Systems office or client site, some or all of the time, and work might be going on at different times of the day. By embracing technology, we can interact, collaborate and create together, even when we're working remotely from one another. Hybrid Working allows for increased flexibility in when and where we work, helping us to balance our work and personal life more effectively, and enhance well being. Diversity and inclusion are integral to the success of BAE Systems Digital Intelligence. We are proud to have an organisational culture where employees with varying perspectives, skills, life experiences and backgrounds - the best and brightest minds - can work together to achieve excellence and realise individual and organisational potential. Division overview: Government At BAE Systems Digital Intelligence, we pride ourselves in being a leader in the cyber defence industry, and Government contracts are an area we have many decades of experience in. Government and key infrastructure networks are critical targets to defend as the effects of these networks being breached can be devastating. As a member of the Government business unit, you will defend the connected world and ensure the protection of nations. We all have a role to play in defending our clients, and this is yours. This vacancy is eligible for the UK Employee Referral Scheme. Amount: £5,000
Security Operations Centre / SOC Team Lead 58,252 - 68,586 per annum 28.97% Employer pension contribution and more great benefits Relaxed hybrid and flexible working environment Location: Glasgow or Edinburgh About the Role Hays' Cyber practice have partnered exclusively with Registers of Scotland (RoS) on the search for a Technical Team Lead within their internal Security Operations Centre. This role will have you leading a team of analysts and working alongside security engineers to develop and automate threat detection and response playbooks, as well as security architects and the wider IT function. The ideal candidate will have the technical expertise to work on day-to-day operations within a busy SOC, but also will have led SOC teams from a line-management, pastoral leadership, and ITSM perspective, ranging from SIEM use case tuning, to employee appraisals, KPI's and reporting metrics. About the Organisation Registers of Scotland (RoS) manages 21 land, property and other legal registers which are a critical asset for the Scottish economy. They aim to provide the best public service for Scotland and are on a mission to make some of the oldest public land registers in the world into some of the most modern. Registers of Scotland (RoS) is also an award-winning organisation recognised for its technology and innovation and is a world-leading pioneer in land and property registration. Their full-stack teams design, architect, and build all our registration products in-house, and they work to create digital solutions for the people of Scotland. You will get an opportunity to nurture your creativity and develop with RoS through access to the latest data, software engineering and product delivery techniques. Key Responsibilities Provide day-to-day line management, coaching, and development of SOC analysts and engineers. Lead the configuration, tuning, and maintenance of core SOC capabilities including log aggregation, alerting, correlation, threat detection, and response tooling. Define, track, and report SOC performance metrics and KPIs, ensuring operational efficiency and alignment with organisation objectives. Manage and mentor SOC team members, setting clear performance objectives, monitoring KPIs, analysing metrics, and driving continuous improvement through coaching, training, and performance reviews. Collaborate with cyber engineers to develop and automate detection logic and incident response playbooks. Work with Technical Product Manager and Security Architect to ensure SOC capabilities align with enterprise security architecture and strategy. Ensure SOC processes are integrated with ITSM systems for effective incident, change, and problem management. Develop and maintain scenario-based runbooks and technical procedures for incident response. Engage with project teams to provide security assurance for new and existing services. Drive continuous improvement in SOC operations, tooling, and team capability. What We're Looking For Proven experience in a Security Operations Centre or operational security environment. Demonstrable experience managing or leading a technical team or function in an enterprise setting. Strong background in operating and maintaining SOC capabilities such as log management, alerting, threat detection, and incident response tooling. Experience in incident response, including leading technical investigations and developing response frameworks. Proficiency in integrating and operationalising cyber threat intelligence. Experience working with ITSM systems to manage and prioritise workloads. Experience reporting on SOC metrics including SLA/OLA performance, MTTD/MTTR, alert accuracy, and outcome-based security improvements. Excellent interpersonal and communication skills, with the ability to work effectively across technical and non-technical teams. Experience developing or implementing vulnerability management tools and processes. Familiarity with cloud security monitoring and hybrid infrastructure environments. Knowledge of relevant security frameworks such as NIST CRF, ISO 27001, NCSC CAF, and MITRE ATT&CK. Experience contributing to or leading SOC maturity assessments or improvement programmes. Package, Benefits and What's in it for you Up to 68,586 inclusive of market supplement Pay progression 28.97% pension (employer contribution) 38 days annual holiday, increasing to 42 days with length of service. Other benefits such as career development opportunities, qualifications, up to a year in parental leave and more Further information For further information relating to RoS, including: Additional details on pay & benefits The Civil Service Code Complaints process Use of AI in the application/recruitment process, Please view our additional information page online: ros . gov . uk/about/publications/governance-and-corporate/2024/recruitment-information Nationality and immigration status In general, only nationals from the following countries (and associations of countries) are eligible for employment in the Civil Service: the United Kingdom, the Republic of Ireland, and the Commonwealth. EU nationals (with settled or pre-settled status), certain EEA nationals, Swiss and Turkish nationals are also eligible for employment. Detailed provisions on determining eligibility on the grounds of nationality and, where relevant, immigration status can be reviewed here. gov . uk/government/publications/nationality-rules What you need to do now If you're interested in this role, click 'apply now' to send us your CV, or contact us for a confidential discussion. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)
Jan 09, 2026
Full time
Security Operations Centre / SOC Team Lead 58,252 - 68,586 per annum 28.97% Employer pension contribution and more great benefits Relaxed hybrid and flexible working environment Location: Glasgow or Edinburgh About the Role Hays' Cyber practice have partnered exclusively with Registers of Scotland (RoS) on the search for a Technical Team Lead within their internal Security Operations Centre. This role will have you leading a team of analysts and working alongside security engineers to develop and automate threat detection and response playbooks, as well as security architects and the wider IT function. The ideal candidate will have the technical expertise to work on day-to-day operations within a busy SOC, but also will have led SOC teams from a line-management, pastoral leadership, and ITSM perspective, ranging from SIEM use case tuning, to employee appraisals, KPI's and reporting metrics. About the Organisation Registers of Scotland (RoS) manages 21 land, property and other legal registers which are a critical asset for the Scottish economy. They aim to provide the best public service for Scotland and are on a mission to make some of the oldest public land registers in the world into some of the most modern. Registers of Scotland (RoS) is also an award-winning organisation recognised for its technology and innovation and is a world-leading pioneer in land and property registration. Their full-stack teams design, architect, and build all our registration products in-house, and they work to create digital solutions for the people of Scotland. You will get an opportunity to nurture your creativity and develop with RoS through access to the latest data, software engineering and product delivery techniques. Key Responsibilities Provide day-to-day line management, coaching, and development of SOC analysts and engineers. Lead the configuration, tuning, and maintenance of core SOC capabilities including log aggregation, alerting, correlation, threat detection, and response tooling. Define, track, and report SOC performance metrics and KPIs, ensuring operational efficiency and alignment with organisation objectives. Manage and mentor SOC team members, setting clear performance objectives, monitoring KPIs, analysing metrics, and driving continuous improvement through coaching, training, and performance reviews. Collaborate with cyber engineers to develop and automate detection logic and incident response playbooks. Work with Technical Product Manager and Security Architect to ensure SOC capabilities align with enterprise security architecture and strategy. Ensure SOC processes are integrated with ITSM systems for effective incident, change, and problem management. Develop and maintain scenario-based runbooks and technical procedures for incident response. Engage with project teams to provide security assurance for new and existing services. Drive continuous improvement in SOC operations, tooling, and team capability. What We're Looking For Proven experience in a Security Operations Centre or operational security environment. Demonstrable experience managing or leading a technical team or function in an enterprise setting. Strong background in operating and maintaining SOC capabilities such as log management, alerting, threat detection, and incident response tooling. Experience in incident response, including leading technical investigations and developing response frameworks. Proficiency in integrating and operationalising cyber threat intelligence. Experience working with ITSM systems to manage and prioritise workloads. Experience reporting on SOC metrics including SLA/OLA performance, MTTD/MTTR, alert accuracy, and outcome-based security improvements. Excellent interpersonal and communication skills, with the ability to work effectively across technical and non-technical teams. Experience developing or implementing vulnerability management tools and processes. Familiarity with cloud security monitoring and hybrid infrastructure environments. Knowledge of relevant security frameworks such as NIST CRF, ISO 27001, NCSC CAF, and MITRE ATT&CK. Experience contributing to or leading SOC maturity assessments or improvement programmes. Package, Benefits and What's in it for you Up to 68,586 inclusive of market supplement Pay progression 28.97% pension (employer contribution) 38 days annual holiday, increasing to 42 days with length of service. Other benefits such as career development opportunities, qualifications, up to a year in parental leave and more Further information For further information relating to RoS, including: Additional details on pay & benefits The Civil Service Code Complaints process Use of AI in the application/recruitment process, Please view our additional information page online: ros . gov . uk/about/publications/governance-and-corporate/2024/recruitment-information Nationality and immigration status In general, only nationals from the following countries (and associations of countries) are eligible for employment in the Civil Service: the United Kingdom, the Republic of Ireland, and the Commonwealth. EU nationals (with settled or pre-settled status), certain EEA nationals, Swiss and Turkish nationals are also eligible for employment. Detailed provisions on determining eligibility on the grounds of nationality and, where relevant, immigration status can be reviewed here. gov . uk/government/publications/nationality-rules What you need to do now If you're interested in this role, click 'apply now' to send us your CV, or contact us for a confidential discussion. Hays Specialist Recruitment Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept the T&C's, Privacy Policy and Disclaimers which can be found at (url removed)
Nomios' mission is to build a 'secure and connected' future. Organisations across Europe depend on us to help secure and connect their digital infrastructures. In support of our continued UK growth, we are seeking a SOC Analyst to join our 24/7 Security Operations Centre. This is an excellent opportunity for someone early in their SOC career, or for an individual with a strong infrastructure and networking background looking to transition into cyber security operations. You will be working across a diverse set of customer environments as part of our Security Operations Centre, focusing on investigation, understanding attacker behaviour and contributing to the continual improvement of SOC capabilities. Your role as Security Operations Centre (SOC) Analyst As a 24/7 SOC Analyst, you will be on the frontline of our Security Operations Centre - monitoring, investigating and escalating security events across multiple customer environments. You will work closely with Senior and Lead Analysts for guidance, development and collaborative investigation. You will use platforms such as Microsoft Sentinel, Google SecOps, Defender XDR, CrowdStrike Falcon, SentinelOne and Cortex XSOAR/XSIAM to understand what has happened, how activity progressed and what actions need to be taken. You will be supported through structured training, cyber ranges, hands on exposure to modern SOC technologies and real investigation experience to help you grow quickly. You will join a modern, continuously evolving SOC run by people who are technical at heart and understand what analysts need to succeed. Career development is a core focus, with clear pathways into Threat Intelligence, SOC Engineering, SOC Professional Services, senior SOC roles and Incident Response for those who want to specialise. You'll be part of a collaborative, agile team that values curiosity, humour and a genuine interest in technology. The environment is built around continuous improvement, with everyone having a voice in shaping how the department evolves. Regular team events and knowledge sharing sessions create a supportive, engaging place to work. Key Responsibilities Detect and investigate Monitor and triage alerts across SIEM, EDR or XDR, email and web security platforms. Investigate suspicious activity and determine whether escalation is required. Follow SOC runbooks and investigation workflows. Build clear timelines of activity and maintain accurate investigation notes. Escalate complex cases to Senior and Lead Analysts with appropriate context. Review vulnerability management output and provide basic prioritisation insight. Hunt and improve Take part in directed threat hunting activities. Suggest improvements to detections, dashboards and runbooks. Support testing of new use cases and detection logic. Collaborate and communicate Provide clear written updates for customers and internal stakeholders. Participate in shift handovers to maintain continuity. Work closely with Senior and Lead Analysts to develop your skills and technical depth. We hire result orientated, smart, and high energy individuals who bring a can do attitude and a willingness to go the extra mile and deliver exceptional outcomes. You should be organised and rigorous, with excellent analytical skills. Good communication with internal stakeholders is vital, as is the ability to work as part of a dynamic team. Required skills: Minimum 1 year in a Security Operations Centre (SOC), or Minimum 3 years in infrastructure or networking roles with demonstrable security exposure. Experience triaging and investigating security alerts. Understanding of attacker behaviours, TTPs, and common malware execution chains (e.g., phishing leading to script or binary execution). Ability to recognise indicators of compromise such as unusual processes, network connections, irregular logon activity or file changes. Hands on experience with at least one major security platform (SIEM, EDR or XDR). Familiarity with ticketing tools such as ServiceNow, Salesforce, or JIRA. Familiarity with Windows event logs, authentication logs, basic process trees, and command line tools (Windows & Unix like systems). Understanding of core network protocols: DNS, HTTP, SMB, LDAP. Operational knowledge of Windows, macOS and Linux. Ability to read and interpret logs from multiple sources. Awareness of MITRE ATT&CK and differentiating legitimate admin activity vs suspicious behaviour. Desirable skills: Experience with Microsoft Sentinel, Google SecOps or other SIEM platforms. Experience with Defender, CrowdStrike, SentinelOne or other XDR solutions. Ability to query in KQL, CQL, S1QL, XQL or similar languages. Awareness of threat intelligence concepts and application to investigations. Awareness of coding or scripting, with proficiency in at least one language preferred (but not required). Job Specifics Location: This role is home based with occasional visits to the office in Basingstoke Hours: 12 hour shifts: 2 days, 2 nights; 4 days/nights off. Flexibility with hours will be required in the event of a major incident Security clearance: Eligibility for SC clearance (lived in the UK for five years consecutively) required. DV clearance eligibility is advantageous. Why would you choose to come and work with us? We invest in our people. You will get to work in a dynamic, fast paced environment where you are free to use your initiative in support of our strategic objectives. You will work alongside high calibre sales, technical, and operational experts as part of a supportive, tight knit team, within which every individual has an important part to play and makes a real difference. Nomios offers a highly competitive salary and commission scheme along with industry leading benefits. Ready to make an impact? Apply now! Nomios is an equal opportunity employer and is committed to creating and sustaining an environment in which everyone is provided with an equal opportunity to grow and develop, and no individual will be unjustly discriminated against. This includes, but is not limited to, discrimination because of age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion and belief, sex and sexual orientation.
Jan 09, 2026
Full time
Nomios' mission is to build a 'secure and connected' future. Organisations across Europe depend on us to help secure and connect their digital infrastructures. In support of our continued UK growth, we are seeking a SOC Analyst to join our 24/7 Security Operations Centre. This is an excellent opportunity for someone early in their SOC career, or for an individual with a strong infrastructure and networking background looking to transition into cyber security operations. You will be working across a diverse set of customer environments as part of our Security Operations Centre, focusing on investigation, understanding attacker behaviour and contributing to the continual improvement of SOC capabilities. Your role as Security Operations Centre (SOC) Analyst As a 24/7 SOC Analyst, you will be on the frontline of our Security Operations Centre - monitoring, investigating and escalating security events across multiple customer environments. You will work closely with Senior and Lead Analysts for guidance, development and collaborative investigation. You will use platforms such as Microsoft Sentinel, Google SecOps, Defender XDR, CrowdStrike Falcon, SentinelOne and Cortex XSOAR/XSIAM to understand what has happened, how activity progressed and what actions need to be taken. You will be supported through structured training, cyber ranges, hands on exposure to modern SOC technologies and real investigation experience to help you grow quickly. You will join a modern, continuously evolving SOC run by people who are technical at heart and understand what analysts need to succeed. Career development is a core focus, with clear pathways into Threat Intelligence, SOC Engineering, SOC Professional Services, senior SOC roles and Incident Response for those who want to specialise. You'll be part of a collaborative, agile team that values curiosity, humour and a genuine interest in technology. The environment is built around continuous improvement, with everyone having a voice in shaping how the department evolves. Regular team events and knowledge sharing sessions create a supportive, engaging place to work. Key Responsibilities Detect and investigate Monitor and triage alerts across SIEM, EDR or XDR, email and web security platforms. Investigate suspicious activity and determine whether escalation is required. Follow SOC runbooks and investigation workflows. Build clear timelines of activity and maintain accurate investigation notes. Escalate complex cases to Senior and Lead Analysts with appropriate context. Review vulnerability management output and provide basic prioritisation insight. Hunt and improve Take part in directed threat hunting activities. Suggest improvements to detections, dashboards and runbooks. Support testing of new use cases and detection logic. Collaborate and communicate Provide clear written updates for customers and internal stakeholders. Participate in shift handovers to maintain continuity. Work closely with Senior and Lead Analysts to develop your skills and technical depth. We hire result orientated, smart, and high energy individuals who bring a can do attitude and a willingness to go the extra mile and deliver exceptional outcomes. You should be organised and rigorous, with excellent analytical skills. Good communication with internal stakeholders is vital, as is the ability to work as part of a dynamic team. Required skills: Minimum 1 year in a Security Operations Centre (SOC), or Minimum 3 years in infrastructure or networking roles with demonstrable security exposure. Experience triaging and investigating security alerts. Understanding of attacker behaviours, TTPs, and common malware execution chains (e.g., phishing leading to script or binary execution). Ability to recognise indicators of compromise such as unusual processes, network connections, irregular logon activity or file changes. Hands on experience with at least one major security platform (SIEM, EDR or XDR). Familiarity with ticketing tools such as ServiceNow, Salesforce, or JIRA. Familiarity with Windows event logs, authentication logs, basic process trees, and command line tools (Windows & Unix like systems). Understanding of core network protocols: DNS, HTTP, SMB, LDAP. Operational knowledge of Windows, macOS and Linux. Ability to read and interpret logs from multiple sources. Awareness of MITRE ATT&CK and differentiating legitimate admin activity vs suspicious behaviour. Desirable skills: Experience with Microsoft Sentinel, Google SecOps or other SIEM platforms. Experience with Defender, CrowdStrike, SentinelOne or other XDR solutions. Ability to query in KQL, CQL, S1QL, XQL or similar languages. Awareness of threat intelligence concepts and application to investigations. Awareness of coding or scripting, with proficiency in at least one language preferred (but not required). Job Specifics Location: This role is home based with occasional visits to the office in Basingstoke Hours: 12 hour shifts: 2 days, 2 nights; 4 days/nights off. Flexibility with hours will be required in the event of a major incident Security clearance: Eligibility for SC clearance (lived in the UK for five years consecutively) required. DV clearance eligibility is advantageous. Why would you choose to come and work with us? We invest in our people. You will get to work in a dynamic, fast paced environment where you are free to use your initiative in support of our strategic objectives. You will work alongside high calibre sales, technical, and operational experts as part of a supportive, tight knit team, within which every individual has an important part to play and makes a real difference. Nomios offers a highly competitive salary and commission scheme along with industry leading benefits. Ready to make an impact? Apply now! Nomios is an equal opportunity employer and is committed to creating and sustaining an environment in which everyone is provided with an equal opportunity to grow and develop, and no individual will be unjustly discriminated against. This includes, but is not limited to, discrimination because of age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion and belief, sex and sexual orientation.
Role: Senior Technical Threat Intelligence Analyst Who You Are You are a research-minded threat intelligence professional with experience of analysing and tracking threat campaigns, adversary tooling and infrastructure. You stay abreast of the latest threats, recognize the value of intelligence, and believe it should drive operations. You are a devoted team member who is always willing to lend a hand, mentor a colleague, or increase our global team's awareness by sharing your knowledge and approaches with others. Key Responsibilities Independent and collaborative production of intelligence alerts and intelligence research products. Production of ad-hoc cyber threat intelligence alerts and reports aimed at meeting client requirements. Deep dive analysis of threats facing Accenture clients. Contribution to the team's overall delivery effectiveness and efficiency, such as by contributing to analyst workflow automation, developing new tools, and improving existing delivery methodologies. Supporting the ACI Consulting and ACI Managed Services teams, Readiness and Testing, Cyber Response and Recovery, and Security Operations/MxDR functions with up-to-date technical intelligence, detection logic and situational awareness on current and emerging threats. Qualifications Degree or equivalent qualifications, preferably relating to politics, intelligence, information technology or information security OR equivalent knowledge through apprenticeship, vocational training or work experience. Minimum 2 years of experience in technical threat intelligence or an adjacent role. Required Skills Ability to work with geographically dispersed teams. Strong analytical skills. Knowledge of open-source intelligence collection, and processing and analysis of multiple data sources, most of which are open source. Familiarity using threat intelligence, data analysis or technical analysis tools and platforms. Familiarity of using common threat intelligence frameworks (e.g., MITRE ATT&CK, Diamond Model) in intelligence reporting. Experience in tracking adversary infrastructure, intrusions, and malware campaign activity. Ability to work as part of a team and independently with minimal supervision. Ability to conduct quality assurance and provide feedback. Ability to produce intelligence products for varied audiences (e.g., tactical, operational, strategic). Experience in a similar role. Desired Skills Experience in conducting Attack Surface Assessment or Dark Web research. Experience with Intelligence Led Penetration Testing (ILPT) frameworks such as CREST STAR TI, CBEST, GBEST, TIBER-EU, CORIE, iCAST or AASE. Understanding of geopolitical landscape and how real-world events and geopolitics influence cyber activity. Experience in project management or leading peers during engagements. Experience delivering presentations and managing client relations. Ability to obtain and hold national security clearance. CREST Registered Threat Intelligence Analyst, SANS FOR578 or equivalent qualifications. Optional Discipline Highlights International Relations, Politics, Criminology, English, Sociology. Academic research, journalism. Cyber security, Incident Response, Penetration testing, Security Operations or Systems Administration. Software development. Military intelligence.
Jan 01, 2026
Full time
Role: Senior Technical Threat Intelligence Analyst Who You Are You are a research-minded threat intelligence professional with experience of analysing and tracking threat campaigns, adversary tooling and infrastructure. You stay abreast of the latest threats, recognize the value of intelligence, and believe it should drive operations. You are a devoted team member who is always willing to lend a hand, mentor a colleague, or increase our global team's awareness by sharing your knowledge and approaches with others. Key Responsibilities Independent and collaborative production of intelligence alerts and intelligence research products. Production of ad-hoc cyber threat intelligence alerts and reports aimed at meeting client requirements. Deep dive analysis of threats facing Accenture clients. Contribution to the team's overall delivery effectiveness and efficiency, such as by contributing to analyst workflow automation, developing new tools, and improving existing delivery methodologies. Supporting the ACI Consulting and ACI Managed Services teams, Readiness and Testing, Cyber Response and Recovery, and Security Operations/MxDR functions with up-to-date technical intelligence, detection logic and situational awareness on current and emerging threats. Qualifications Degree or equivalent qualifications, preferably relating to politics, intelligence, information technology or information security OR equivalent knowledge through apprenticeship, vocational training or work experience. Minimum 2 years of experience in technical threat intelligence or an adjacent role. Required Skills Ability to work with geographically dispersed teams. Strong analytical skills. Knowledge of open-source intelligence collection, and processing and analysis of multiple data sources, most of which are open source. Familiarity using threat intelligence, data analysis or technical analysis tools and platforms. Familiarity of using common threat intelligence frameworks (e.g., MITRE ATT&CK, Diamond Model) in intelligence reporting. Experience in tracking adversary infrastructure, intrusions, and malware campaign activity. Ability to work as part of a team and independently with minimal supervision. Ability to conduct quality assurance and provide feedback. Ability to produce intelligence products for varied audiences (e.g., tactical, operational, strategic). Experience in a similar role. Desired Skills Experience in conducting Attack Surface Assessment or Dark Web research. Experience with Intelligence Led Penetration Testing (ILPT) frameworks such as CREST STAR TI, CBEST, GBEST, TIBER-EU, CORIE, iCAST or AASE. Understanding of geopolitical landscape and how real-world events and geopolitics influence cyber activity. Experience in project management or leading peers during engagements. Experience delivering presentations and managing client relations. Ability to obtain and hold national security clearance. CREST Registered Threat Intelligence Analyst, SANS FOR578 or equivalent qualifications. Optional Discipline Highlights International Relations, Politics, Criminology, English, Sociology. Academic research, journalism. Cyber security, Incident Response, Penetration testing, Security Operations or Systems Administration. Software development. Military intelligence.
