Description The Senior AI Security & Automation Engineer plays a pivotal role in enhancing the efficiency and maturity of the organisation's security operations by designing and implementing robust automated solutions. Working in close collaboration with Global Information and Cyber Security Defence (ICSD) function, this role identifies opportunities to streamline processes, accelerate incident response, and reduce operational overhead through intelligent automation, leveraging Artificial Intelligence (AI) and Large Language Models (LLMs). In addition to building scalable automation workflows, this individual will contribute to the broader Security Engineering team, including supporting Detection Engineering through the design, development, and optimisation of high-fidelity threat detections, ensuring effective visibility of threats across the environment. The ideal candidate combines a deep understanding of cybersecurity operations with a strong background in scripting, automation, AI/LLM technologies, and detection engineering practices to build scalable, resilient, and secure systems. This is a hybrid role requiring a minimum of one day in the office, with additional office attendance as needed. The Role: Design and deploy AI-driven security agents leveraging Large Language Models (LLMs) to automate traditionally manual security operations and workflows. Leverage LLM-powered platforms such as Microsoft Security Copilot to support cybersecurity tasks including threat hunting, triage, investigations and response, and creating security incident response playbooks. Build and maintain SOAR playbooks integrated with various security platforms (e.g., SIEMs, EDRs, identity platforms) to streamline incident response and automation. Lead automation initiatives to eliminate manual processes, improve the reliability and visibility of security controls, and define metrics to measure the impact of process improvements. Ensure automation workflows and monitoring solutions are resilient, integrated, and optimized for 24/7 detection and response capabilities. Develop, tune, and maintain detection rules and analytics within Microsoft Sentinel SIEM/XDR platforms, improving alert fidelity and aligning coverage to known threat techniques (e.g., MITRE ATT&CK). Support the administration and management of security tools within the Security Engineering team. Participate in proof-of-concepts for innovative security and automation solutions. Lead security operations process improvements, including development and refinement of SOPs, playbooks, and standards. Support security audits, assist in incident investigations, and promote adherence to security best practices across DevOps environments. Create technical documentation and deliver enablement sessions to enhance security awareness and practices within engineering teams. Foster a culture of security excellence by promoting secure coding and design practices across the organization. Qualifications What you'll bring: Bachelor's degree in computer science, Information Security, or a related field, or equivalent work experience. Demonstrated experience delivering cybersecurity solutions, with a strong emphasis on security engineering and automated controls. Comfortable writing scripts using languages such as Python, PowerShell, or Bash, and experience with automation platforms such as Azure Logic Apps, SOAR tools (e.g., Microsoft Sentinel, Splunk SOAR, Cortex XSOAR). Experience building and tuning detections using SIEM platforms (e.g., KQL, SPL) and working with security telemetry across endpoint, identity, network, and cloud. Experience designing SOAR workflows for automated security response and incident triage. Proven experience with Large Language Models (LLMs) such as Claude, GPT-4, OpenAI, Azure OpenAI, or similar frameworks. Deep understanding of cybersecurity domains, including incident response, threat detection, and Identity and Access Management (IAM) principles. Experience with RESTful APIs, JSON, and integrating various security platforms. Familiarity with cloud platforms and cloud-native security services. Knowledge of Microsoft Security products such as Microsoft Sentinel, Microsoft Defender XDR, Microsoft Defender for Cloud, Microsoft Intune, etc. Solid understanding of ITSM and change control processes. Understanding log management, SIEM tools, endpoint detection and other security platforms. Other Knowledge, Skills and Abilities: Strong communication and collaboration skills, with proven experience working in cross-functional global teams. Strong problem-solving and critical thinking skills for addressing security issues and finding effective solutions. Outstanding written and verbal communication skills. Ability to work both independently and collaboratively in a fast-paced environment. Strong communication skills, with the ability to explain security concepts to non-technical stakeholders. Certifications (Preferred): Microsoft Certified: Azure Security Engineer Associate (AZ-500) Microsoft Certified: Security, Compliance, and Identity Fundamentals (SC-900) Microsoft Certified: Security Operations Analyst Associate (SC-200) Certified Information Systems Security Professional (CISSP) Certified Automation Professional (CAP) Certified Cloud Security Professional (CCSP) CompTIA Security+ / CySA+/ CASP+ Any other relevant security automation or cloud security certifications What we offer Enjoy a benefits package designed to help you thrive, both professionally and personally. You'll receive 25 days of annual leave plus an extra WTW day to relax and recharge. Our comprehensive health and wellbeing offering includes private healthcare, life insurance, group income protection, and regular health assessments, all giving you peace of mind. Secure your future with our defined contribution pension scheme, featuring matched contributions up to 10% from the company. We support your growth and balance with hybrid working options, access to an employee assistance programme, and a fully paid volunteer day to make a difference in your community. On top of these, you can opt into a variety of additional perks including an electric vehicle car scheme, share scheme, cycle-to-work programme, dental and optical cover, critical illness protection, and much more. Start making the most of your career and wellbeing with a range of benefits tailored for you. Equal Opportunity Employer We're committed to equal employment opportunity and provide application, interview and workplace adjustments and accommodations to all applicants. If you foresee any barriers, from the application process through to joining WTW, please
22/05/2026
Full time
Description The Senior AI Security & Automation Engineer plays a pivotal role in enhancing the efficiency and maturity of the organisation's security operations by designing and implementing robust automated solutions. Working in close collaboration with Global Information and Cyber Security Defence (ICSD) function, this role identifies opportunities to streamline processes, accelerate incident response, and reduce operational overhead through intelligent automation, leveraging Artificial Intelligence (AI) and Large Language Models (LLMs). In addition to building scalable automation workflows, this individual will contribute to the broader Security Engineering team, including supporting Detection Engineering through the design, development, and optimisation of high-fidelity threat detections, ensuring effective visibility of threats across the environment. The ideal candidate combines a deep understanding of cybersecurity operations with a strong background in scripting, automation, AI/LLM technologies, and detection engineering practices to build scalable, resilient, and secure systems. This is a hybrid role requiring a minimum of one day in the office, with additional office attendance as needed. The Role: Design and deploy AI-driven security agents leveraging Large Language Models (LLMs) to automate traditionally manual security operations and workflows. Leverage LLM-powered platforms such as Microsoft Security Copilot to support cybersecurity tasks including threat hunting, triage, investigations and response, and creating security incident response playbooks. Build and maintain SOAR playbooks integrated with various security platforms (e.g., SIEMs, EDRs, identity platforms) to streamline incident response and automation. Lead automation initiatives to eliminate manual processes, improve the reliability and visibility of security controls, and define metrics to measure the impact of process improvements. Ensure automation workflows and monitoring solutions are resilient, integrated, and optimized for 24/7 detection and response capabilities. Develop, tune, and maintain detection rules and analytics within Microsoft Sentinel SIEM/XDR platforms, improving alert fidelity and aligning coverage to known threat techniques (e.g., MITRE ATT&CK). Support the administration and management of security tools within the Security Engineering team. Participate in proof-of-concepts for innovative security and automation solutions. Lead security operations process improvements, including development and refinement of SOPs, playbooks, and standards. Support security audits, assist in incident investigations, and promote adherence to security best practices across DevOps environments. Create technical documentation and deliver enablement sessions to enhance security awareness and practices within engineering teams. Foster a culture of security excellence by promoting secure coding and design practices across the organization. Qualifications What you'll bring: Bachelor's degree in computer science, Information Security, or a related field, or equivalent work experience. Demonstrated experience delivering cybersecurity solutions, with a strong emphasis on security engineering and automated controls. Comfortable writing scripts using languages such as Python, PowerShell, or Bash, and experience with automation platforms such as Azure Logic Apps, SOAR tools (e.g., Microsoft Sentinel, Splunk SOAR, Cortex XSOAR). Experience building and tuning detections using SIEM platforms (e.g., KQL, SPL) and working with security telemetry across endpoint, identity, network, and cloud. Experience designing SOAR workflows for automated security response and incident triage. Proven experience with Large Language Models (LLMs) such as Claude, GPT-4, OpenAI, Azure OpenAI, or similar frameworks. Deep understanding of cybersecurity domains, including incident response, threat detection, and Identity and Access Management (IAM) principles. Experience with RESTful APIs, JSON, and integrating various security platforms. Familiarity with cloud platforms and cloud-native security services. Knowledge of Microsoft Security products such as Microsoft Sentinel, Microsoft Defender XDR, Microsoft Defender for Cloud, Microsoft Intune, etc. Solid understanding of ITSM and change control processes. Understanding log management, SIEM tools, endpoint detection and other security platforms. Other Knowledge, Skills and Abilities: Strong communication and collaboration skills, with proven experience working in cross-functional global teams. Strong problem-solving and critical thinking skills for addressing security issues and finding effective solutions. Outstanding written and verbal communication skills. Ability to work both independently and collaboratively in a fast-paced environment. Strong communication skills, with the ability to explain security concepts to non-technical stakeholders. Certifications (Preferred): Microsoft Certified: Azure Security Engineer Associate (AZ-500) Microsoft Certified: Security, Compliance, and Identity Fundamentals (SC-900) Microsoft Certified: Security Operations Analyst Associate (SC-200) Certified Information Systems Security Professional (CISSP) Certified Automation Professional (CAP) Certified Cloud Security Professional (CCSP) CompTIA Security+ / CySA+/ CASP+ Any other relevant security automation or cloud security certifications What we offer Enjoy a benefits package designed to help you thrive, both professionally and personally. You'll receive 25 days of annual leave plus an extra WTW day to relax and recharge. Our comprehensive health and wellbeing offering includes private healthcare, life insurance, group income protection, and regular health assessments, all giving you peace of mind. Secure your future with our defined contribution pension scheme, featuring matched contributions up to 10% from the company. We support your growth and balance with hybrid working options, access to an employee assistance programme, and a fully paid volunteer day to make a difference in your community. On top of these, you can opt into a variety of additional perks including an electric vehicle car scheme, share scheme, cycle-to-work programme, dental and optical cover, critical illness protection, and much more. Start making the most of your career and wellbeing with a range of benefits tailored for you. Equal Opportunity Employer We're committed to equal employment opportunity and provide application, interview and workplace adjustments and accommodations to all applicants. If you foresee any barriers, from the application process through to joining WTW, please
Internal SOC Analyst page is loaded Senior Internal SOC Analystlocations: Cambridge Office: London Officetime type: Full timeposted on: Posted Todayjob requisition id: JR101593Darktrace is a global leader in AI for cybersecurity that keeps organizations ahead of the changing threat landscape every day. Founded in 2013, Darktrace provides the essential cybersecurity platform protecting nearly 10,000 organizations from unknown threats using its proprietary AI.The Darktrace Active AI Security Platform(TM) delivers a proactive approach to cyber resilience to secure the business across the entire digital estate - from network to cloud to email. Breakthrough innovations from our R&D teams have resulted in over 200 patent applications filed. Darktrace's platform and services are supported by over 2,400 employees around the world. To learn more, visit . Job D escription : As a Senior Internal SOC Analyst, you will play a pivotal role in safeguarding our organisation by leveraging Darktrace's proprietary security technologies across network, cloud, email, endpoint, and zero trust environments. You will lead the triage, investigation, and response to security events generated from our security stack, while acting as an escalation point for complex internal security queries raised across the business.This is a hybrid position working 2 days a week from either our London or Cambridge office.Working across a broad range of security domains, you will contribute directly to incident response decision making, help shape processes and playbooks, and support the continued maturity of our SOC. This role offers the opportunity to refine your expertise, mentor junior analysts, and influence best practices in a rapidly evolving threat landscape. Lead the triage and investigation of security alerts across multiple environments using Darktrace and other security tooling. Perform advanced incident analysis and coordinate remediation actions with internal stakeholders. Act as an escalation point for complex security tickets raised within the business. Drive continuous improvement of SOC processes, playbooks, and detection capabilities. Monitor emerging threats and contribute to updating detection and response strategies. Provide training, guidance, and knowledge sharing for junior analysts. Bachelor's degree in Computer Science, Cybersecurity, or a related field - or equivalent practical experience. 1-3 years of experience in a SOC, cybersecurity operations, or similar technical security function. Strong analytical, problem solving, and time management skills, with the ability to prioritise effectively in a dynamic environment. Excellent written and verbal communication skills, including confident presentation ability. Ability to work independently with minimal supervision, while collaborating effectively within a team. Benefits: 23 days' holiday + all public holidays, rising to 25 days after 2 years of service, Additional day off for your birthday, Private medical insurance which covers you, your cohabiting partner and children, Life insurance of 4 times your base salary, Salary sacrifice pension scheme, Enhanced family leave, Confidential Employee Assistance Program, Cycle to work scheme.
22/05/2026
Full time
Internal SOC Analyst page is loaded Senior Internal SOC Analystlocations: Cambridge Office: London Officetime type: Full timeposted on: Posted Todayjob requisition id: JR101593Darktrace is a global leader in AI for cybersecurity that keeps organizations ahead of the changing threat landscape every day. Founded in 2013, Darktrace provides the essential cybersecurity platform protecting nearly 10,000 organizations from unknown threats using its proprietary AI.The Darktrace Active AI Security Platform(TM) delivers a proactive approach to cyber resilience to secure the business across the entire digital estate - from network to cloud to email. Breakthrough innovations from our R&D teams have resulted in over 200 patent applications filed. Darktrace's platform and services are supported by over 2,400 employees around the world. To learn more, visit . Job D escription : As a Senior Internal SOC Analyst, you will play a pivotal role in safeguarding our organisation by leveraging Darktrace's proprietary security technologies across network, cloud, email, endpoint, and zero trust environments. You will lead the triage, investigation, and response to security events generated from our security stack, while acting as an escalation point for complex internal security queries raised across the business.This is a hybrid position working 2 days a week from either our London or Cambridge office.Working across a broad range of security domains, you will contribute directly to incident response decision making, help shape processes and playbooks, and support the continued maturity of our SOC. This role offers the opportunity to refine your expertise, mentor junior analysts, and influence best practices in a rapidly evolving threat landscape. Lead the triage and investigation of security alerts across multiple environments using Darktrace and other security tooling. Perform advanced incident analysis and coordinate remediation actions with internal stakeholders. Act as an escalation point for complex security tickets raised within the business. Drive continuous improvement of SOC processes, playbooks, and detection capabilities. Monitor emerging threats and contribute to updating detection and response strategies. Provide training, guidance, and knowledge sharing for junior analysts. Bachelor's degree in Computer Science, Cybersecurity, or a related field - or equivalent practical experience. 1-3 years of experience in a SOC, cybersecurity operations, or similar technical security function. Strong analytical, problem solving, and time management skills, with the ability to prioritise effectively in a dynamic environment. Excellent written and verbal communication skills, including confident presentation ability. Ability to work independently with minimal supervision, while collaborating effectively within a team. Benefits: 23 days' holiday + all public holidays, rising to 25 days after 2 years of service, Additional day off for your birthday, Private medical insurance which covers you, your cohabiting partner and children, Life insurance of 4 times your base salary, Salary sacrifice pension scheme, Enhanced family leave, Confidential Employee Assistance Program, Cycle to work scheme.
Senior SOC Analyst UK - 3 days a week in our Manchester office (Suite B, Maple Court, M60 Office Park, Wynne Ave, Swinton, Clifton, Manchester, M27 8FF) £50-£55k (Dependent on experience) + benefits Focus Group is looking for a Senior SOC Analyst to play a key role within our Managed Security Services team. This is a dual focused position combining hands on technical expertise with day to day operational leadership, ensuring high quality delivery of managed detection and response services across a diverse customer base. You'll lead SOC operations, act as the escalation point for complex security incidents, and mentor junior analysts-driving both service excellence and team development. What you'll do Lead day to day SOC operations, ensuring effective triage, escalation, and communication workflows Act as the primary escalation point for complex security investigations and incidents Conduct advanced threat investigations across endpoints, networks, and cloud environments Perform proactive threat hunting and detection tuning to improve coverage and reduce noise Manage and mentor Tier 1-2 analysts, supporting development and technical growth Ensure ticket quality, SLA adherence, and high service standards across SOC operations Support onboarding of new customers into monitoring and detection platforms Collaborate with Cyber Security leadership to improve detection strategy and SOC maturity Analyse logs and security data to identify malicious or suspicious activity Develop and maintain playbooks, runbooks, and knowledge base content Produce clear, actionable incident reports for internal and customer stakeholders Engage directly with customers during escalations, incident reviews, and briefings Identify opportunities for automation, process improvement, and enhanced detection capabilities Stay up to date with emerging threats, attack techniques, and MITRE ATT&CK developments What you'll bring 4-6 years' experience in a SOC or MSSP environment at Tier 2-3 or Lead level Strong hands on experience with SIEM platforms (e.g. Microsoft Sentinel, Splunk, Elastic, LogPoint) Experience with EDR tools such as Microsoft Defender, SentinelOne, or Bitdefender Deep understanding of MITRE ATT&CK and modern threat detection methodologies Strong incident response, investigation, and log analysis capability across multiple data sources Ability to lead during high pressure incidents with calm, confident decision making Strong communication skills, including producing clear incident reports and updates Proven ability to mentor, coach, and support junior analysts Organised approach with the ability to manage multiple concurrent incidents Proactive mindset focused on continuous improvement and service optimisation Nice to have Certifications such as SC 200, GCIH, GCIA, Security+, or BTL1 Experience in an MSSP or multi customer environment Microsoft security stack experience (Defender XDR, Sentinel, M365 security) Knowledge of cloud security, email security, and vulnerability management Experience with KQL or other query languages Scripting skills (PowerShell, Python) Familiarity with SOAR and threat intelligence platforms Understanding of compliance frameworks (ISO 27001, NIST, Cyber Essentials) Future opportunities SOC Manager / Head of Security Operations Cyber Security Technical Lead Detection Engineering Lead Threat Intelligence LeadIncident Response Manager Security Consultant / Advisory
22/05/2026
Full time
Senior SOC Analyst UK - 3 days a week in our Manchester office (Suite B, Maple Court, M60 Office Park, Wynne Ave, Swinton, Clifton, Manchester, M27 8FF) £50-£55k (Dependent on experience) + benefits Focus Group is looking for a Senior SOC Analyst to play a key role within our Managed Security Services team. This is a dual focused position combining hands on technical expertise with day to day operational leadership, ensuring high quality delivery of managed detection and response services across a diverse customer base. You'll lead SOC operations, act as the escalation point for complex security incidents, and mentor junior analysts-driving both service excellence and team development. What you'll do Lead day to day SOC operations, ensuring effective triage, escalation, and communication workflows Act as the primary escalation point for complex security investigations and incidents Conduct advanced threat investigations across endpoints, networks, and cloud environments Perform proactive threat hunting and detection tuning to improve coverage and reduce noise Manage and mentor Tier 1-2 analysts, supporting development and technical growth Ensure ticket quality, SLA adherence, and high service standards across SOC operations Support onboarding of new customers into monitoring and detection platforms Collaborate with Cyber Security leadership to improve detection strategy and SOC maturity Analyse logs and security data to identify malicious or suspicious activity Develop and maintain playbooks, runbooks, and knowledge base content Produce clear, actionable incident reports for internal and customer stakeholders Engage directly with customers during escalations, incident reviews, and briefings Identify opportunities for automation, process improvement, and enhanced detection capabilities Stay up to date with emerging threats, attack techniques, and MITRE ATT&CK developments What you'll bring 4-6 years' experience in a SOC or MSSP environment at Tier 2-3 or Lead level Strong hands on experience with SIEM platforms (e.g. Microsoft Sentinel, Splunk, Elastic, LogPoint) Experience with EDR tools such as Microsoft Defender, SentinelOne, or Bitdefender Deep understanding of MITRE ATT&CK and modern threat detection methodologies Strong incident response, investigation, and log analysis capability across multiple data sources Ability to lead during high pressure incidents with calm, confident decision making Strong communication skills, including producing clear incident reports and updates Proven ability to mentor, coach, and support junior analysts Organised approach with the ability to manage multiple concurrent incidents Proactive mindset focused on continuous improvement and service optimisation Nice to have Certifications such as SC 200, GCIH, GCIA, Security+, or BTL1 Experience in an MSSP or multi customer environment Microsoft security stack experience (Defender XDR, Sentinel, M365 security) Knowledge of cloud security, email security, and vulnerability management Experience with KQL or other query languages Scripting skills (PowerShell, Python) Familiarity with SOAR and threat intelligence platforms Understanding of compliance frameworks (ISO 27001, NIST, Cyber Essentials) Future opportunities SOC Manager / Head of Security Operations Cyber Security Technical Lead Detection Engineering Lead Threat Intelligence LeadIncident Response Manager Security Consultant / Advisory
Why N-able At N-able, we're not just helping businesses be secure -we're redefining what it means to be business resilient. Our end-to-end platform blends AI-powered capabilities and flexible tech stacks, so customers can manage, secure, and recover with confidence. But the real power behind it all? Our people. We're a global crew of N-ablites, who love solving complex problems, sharing knowledge, and delivering solutions that actually make a difference. If you're into meaningful work, fast growth, and a team that's got your back, you'll be surrounded by people who believe in what they do-and in you. We are looking to hire 3 Senior SOC Analysts four our new SOC team in out Dundee hub As a Senior SOC Analyst, you act as a high-performing security analyst within the field of cyber security, and play a pivotal role to help define and drive cyber defense across the organization. You are responsible for analyzing, documenting, reporting, and tracking notifications and escalations from N-able's preventative and detective security infrastructure. The position also assists in creating dashboards and scripts to drive automation amongst the team. This role is part of a 24/7/365 work effort and may be required to participate in an on call rotation. The role is hybrid requiring 3 days a week in the Dundee hub. What You'll Do First responder, responsible for identifying, monitoring, investigating, and analyzing computer network intrusions. Perform analysis for security events as detected by various cloud, host, and network-based tools. Serve as the technical escalation point and mentor for lower-level analysts. Professionally manage interactions with internal stakeholders. Drive the remediation efforts for security incidents. Develop metrics and reports in support of Security Operations Leadership. Document and communicate findings and after-action reports. Contribute to the continuous improvement of monitoring and alerting. Generate reports and create documentation to drive automation What You'll Bring Strong multi-domain security experience across SIEM, IDS/IPS, firewalls, EDR/antivirus, MDR, and application security (SAST/SCA) Hands on expertise with Splunk (or similar SIEM) including multi source log analysis and correlation Deep understanding of threats, vulnerabilities, exploits, and attack vectors across networks, endpoints, web apps, and APIs Solid grounding in networking protocols and services (HTTP, FTP, SSH, SMB, LDAP) and associated security tooling Proven ability to perform root cause analysis, troubleshoot complex incidents, and rapidly learn new technologies Significant experience in SOC operations, Incident Response, or Threat Hunting, with demonstrated leadership responsibilities Strong knowledge of incident handling frameworks (e.g. NIST, MITRE ATT&CK) and best practices Proficiency across security tooling stack (SIEM, SOAR, EDR, vulnerability management) plus relevant certifications (e.g. Security+, CySA+, GSEC, SSCP, CCNA Security) Purple Perks Medical, dental and vision coverage Generous PTO and observed holidays 2 Paid VoluNteer Days per year Employee Stock Purchase Program FuN-raising opportunities as part of our giving program N-ablite Learning - custom learning experience as part of our investment in you The Way We Work - our hybrid working model based on trust and flexibility About N-able At N-able, our mission is to protect businesses against evolving cyberthreats with an end-to end cyber resilience platform to manage, secure, and recover. Our scalable technology infrastructure includes AI powered capabilities, market leading third party integrations, and the flexibility to employ technologies of choice-to transform workflows and deliver critical security outcomes. Our partner first approach combines our products with experts, training, and peer led events that empower our customers to be secure, resilient, and successful.
22/05/2026
Full time
Why N-able At N-able, we're not just helping businesses be secure -we're redefining what it means to be business resilient. Our end-to-end platform blends AI-powered capabilities and flexible tech stacks, so customers can manage, secure, and recover with confidence. But the real power behind it all? Our people. We're a global crew of N-ablites, who love solving complex problems, sharing knowledge, and delivering solutions that actually make a difference. If you're into meaningful work, fast growth, and a team that's got your back, you'll be surrounded by people who believe in what they do-and in you. We are looking to hire 3 Senior SOC Analysts four our new SOC team in out Dundee hub As a Senior SOC Analyst, you act as a high-performing security analyst within the field of cyber security, and play a pivotal role to help define and drive cyber defense across the organization. You are responsible for analyzing, documenting, reporting, and tracking notifications and escalations from N-able's preventative and detective security infrastructure. The position also assists in creating dashboards and scripts to drive automation amongst the team. This role is part of a 24/7/365 work effort and may be required to participate in an on call rotation. The role is hybrid requiring 3 days a week in the Dundee hub. What You'll Do First responder, responsible for identifying, monitoring, investigating, and analyzing computer network intrusions. Perform analysis for security events as detected by various cloud, host, and network-based tools. Serve as the technical escalation point and mentor for lower-level analysts. Professionally manage interactions with internal stakeholders. Drive the remediation efforts for security incidents. Develop metrics and reports in support of Security Operations Leadership. Document and communicate findings and after-action reports. Contribute to the continuous improvement of monitoring and alerting. Generate reports and create documentation to drive automation What You'll Bring Strong multi-domain security experience across SIEM, IDS/IPS, firewalls, EDR/antivirus, MDR, and application security (SAST/SCA) Hands on expertise with Splunk (or similar SIEM) including multi source log analysis and correlation Deep understanding of threats, vulnerabilities, exploits, and attack vectors across networks, endpoints, web apps, and APIs Solid grounding in networking protocols and services (HTTP, FTP, SSH, SMB, LDAP) and associated security tooling Proven ability to perform root cause analysis, troubleshoot complex incidents, and rapidly learn new technologies Significant experience in SOC operations, Incident Response, or Threat Hunting, with demonstrated leadership responsibilities Strong knowledge of incident handling frameworks (e.g. NIST, MITRE ATT&CK) and best practices Proficiency across security tooling stack (SIEM, SOAR, EDR, vulnerability management) plus relevant certifications (e.g. Security+, CySA+, GSEC, SSCP, CCNA Security) Purple Perks Medical, dental and vision coverage Generous PTO and observed holidays 2 Paid VoluNteer Days per year Employee Stock Purchase Program FuN-raising opportunities as part of our giving program N-ablite Learning - custom learning experience as part of our investment in you The Way We Work - our hybrid working model based on trust and flexibility About N-able At N-able, our mission is to protect businesses against evolving cyberthreats with an end-to end cyber resilience platform to manage, secure, and recover. Our scalable technology infrastructure includes AI powered capabilities, market leading third party integrations, and the flexibility to employ technologies of choice-to transform workflows and deliver critical security outcomes. Our partner first approach combines our products with experts, training, and peer led events that empower our customers to be secure, resilient, and successful.
Purpose of the Role: The M365/Entra Security & Governance Specialist owns the security posture, data governance, and compliance alignment of the customer's Microsoft estate. The role designs and operates Zero Trust controls, threat protection, information protection, insider risk management, and the audit/evidence machinery required to demonstrate alignment with ISO 27001, GDPR, NIST CSF and Microsoft's Secure Score baselines. The customer processes personal and special-category data on behalf of public-sector programmes. The role therefore carries direct accountability for protecting beneficiary data, ensuring lawful processing within the EEA, and providing evidence of control effectiveness to the customer's Cyber Security team and external auditors. This is a senior, hands-on technical role - not a paper-only governance position. Requirements Key Technical Responsibilities: Threat Protection - Microsoft Defender XDR Operate Microsoft Defender XDR across Defender for Endpoint, Defender for Office 365 (Plan 2), Defender for Identity, Defender for Cloud Apps, and Defender Vulnerability Management. Manage Defender for Endpoint deployment, onboarding (via Intune/GPO/script), attack surface reduction (ASR) rules, EDR in block mode, automated investigation and response (AIR), tamper protection, and live response. Tune Defender for Office 365 anti-phishing, Safe Links, Safe Attachments, anti-spoofing, impersonation protection, attack simulation training, and Threat Explorer queries. Operate Defender for Identity sensors on domain controllers and ADFS Servers; investigate identity-based attack paths (DCSync, Golden Ticket, Pass-the-Hash) and remediate exposures. Operate Defender for Cloud Apps for SaaS discovery, OAuth app governance, conditional access app control (reverse Proxy), session policies, and shadow IT reporting. Investigate alerts and incidents in the Defender XDR portal using KQL advanced hunting; build custom detections, suppression rules, and automated playbooks. SIEM and SOAR - Microsoft Sentinel Operate Microsoft Sentinel for the estate: data connectors (M365, Entra, Defender XDR, Azure Activity, Office 365, Threat Intelligence, Syslog/CEF), workspace architecture, retention, and cost optimisation. Author analytics rules (scheduled, NRT, Fusion, Microsoft Security), build watchlists, threat intelligence integrations (TAXII/MISP), and User Entity Behaviour Analytics (UEBA). Develop KQL detection content aligned to MITRE ATT&CK; operate hunting queries, bookmarks, and incident investigation graphs. Build SOAR automation using Azure Logic Apps playbooks for incident enrichment, containment (eg, disable user, force password reset, isolate device), and notification. Operate the 24/7 Sentinel-based monitoring stack in collaboration with the NOC analyst function. Information Protection and Data Governance - Microsoft Purview Design and operate Microsoft Purview Information Protection: sensitivity labels, label policies, auto-labelling (client and service-side), encryption with rights management, and co-authoring on encrypted documents. Build and tune Data Loss Prevention (DLP) policies for Exchange, SharePoint, OneDrive, Teams chat, Endpoint DLP and Power Platform; manage policy tips, overrides, and incident review. Operate Insider Risk Management policies, content Explorer, activity Explorer, and communication compliance where in scope. Design retention policies, retention labels, and records management aligned to the customer's records retention schedules and applicable public-sector records management frameworks. Operate eDiscovery (Standard and Premium): cases, holds, collections, reviews, custodian management, and chain-of-custody documentation. Operate Microsoft Purview Data Map, Data Catalog, and Data Estate Insights for the Microsoft Fabric/Power BI estate, including lineage, classification scans, and Data Loss Prevention for Fabric. Maintain audit and reporting using Purview Audit (Standard/Premium), Compliance Manager templates (ISO 27001, GDPR, NIS2), and customer-managed Compliance Manager assessments. Identity Security and Zero Trust Define and maintain the Conditional Access policy baseline using a documented policy framework (Persona-based or Microsoft Zero Trust deployment guidance), including emergency/break-glass access, named locations, and report-only validation. Operate Entra ID Protection - sign-in risk, user risk, risk policies, and risk investigation - including alignment with Defender XDR for unified incident view. Govern privileged access via PIM, role-assignable groups, access reviews, and Just-In-Time elevation; co-own break-glass account procedures with the AD/Entra Specialist. Operate Entra Permissions Management (CIEM) where licensed, providing visibility of multi-cloud permission risk. Compliance and Audit Maintain ISO 27001 control evidence and align with the customer's certification and surveillance audits; act as the technical lead for any audit observation related to the Microsoft estate. Maintain GDPR records of processing, support Data Protection Impact Assessments for new applications, and operate technical and organisational measures (TOMs). Map controls to NIST CSF, NIS2 (where applicable as an essential/important entity), and Microsoft Secure Score/Identity Secure Score; maintain a target posture and quarterly improvement plan. Produce monthly security KPIs for the SLA report - Secure Score trend, MFA coverage, DLP incidents, phishing simulation results, vulnerability remediation, patch compliance - and quarterly executive risk reports. Microsoft Copilot and AI Governance Operate the security envelope for Microsoft 365 Copilot and Copilot Studio including SharePoint sharing hygiene ("oversharing"), sensitivity-label-aware grounding, restricted SearchableContent, and Copilot interaction audit log review. Define and enforce a Responsible AI policy aligned with Microsoft's Responsible AI Standard - fairness, reliability, safety, privacy, security, inclusiveness, transparency, and accountability. Mandatory Technical Skills Microsoft Defender XDR (full stack) and Microsoft Sentinel - analytics, hunting (KQL), incident management, and SOAR playbook authoring. Microsoft Purview - Information Protection, DLP, Insider Risk, Records Management, eDiscovery, Audit, and Compliance Manager. Entra ID security: Conditional Access, MFA, PIM, Identity Protection, External Identities, and Permissions Management. Zero Trust architecture knowledge per Microsoft Zero Trust deployment guidance; ability to lead a Zero Trust roadmap discussion with senior stakeholders. ISO 27001:2022 control set; GDPR Articles 5, 6, 9, 25, 28, 30, 32-34; awareness of NIS2 and applicable national cyber-security guidance. KQL (Kusto Query Language) - fluent across Defender Advanced Hunting, Sentinel, and Log Analytics. PowerShell automation across Microsoft Graph Security, ExchangeOnlineManagement, and Compliance modules. Desirable Technical Skills Threat hunting using Sigma rules, MITRE ATT&CK navigator, and STIX/TAXII Intel feeds. SOC operations experience - shift handover, evidence preservation, incident life cycle (NIST SP 800-61). Familiarity with on-premises PAM (CyberArk, BeyondTrust) and hybrid SOC tooling beyond Microsoft. Microsoft Fabric/Purview Data Loss Prevention (Fabric DLP) and AI hub for Purview. Familiarity with Cyber Essentials Plus, NCSC Cyber Assessment Framework (CAF), and ENISA guidance. Required Certifications Microsoft Certified: Security Operations Analyst Associate (SC-200) - mandatory. Microsoft Certified: Information Protection and Compliance Administrator Associate (SC-400) - mandatory. Microsoft Certified: Identity and Access Administrator Associate (SC-300) - mandatory. Microsoft Certified: Cybersecurity Architect Expert (SC-100) - preferred. ISO/IEC 27001 Lead Implementer or Lead Auditor - preferred. CISSP, CISM, or equivalent - desirable.
22/05/2026
Purpose of the Role: The M365/Entra Security & Governance Specialist owns the security posture, data governance, and compliance alignment of the customer's Microsoft estate. The role designs and operates Zero Trust controls, threat protection, information protection, insider risk management, and the audit/evidence machinery required to demonstrate alignment with ISO 27001, GDPR, NIST CSF and Microsoft's Secure Score baselines. The customer processes personal and special-category data on behalf of public-sector programmes. The role therefore carries direct accountability for protecting beneficiary data, ensuring lawful processing within the EEA, and providing evidence of control effectiveness to the customer's Cyber Security team and external auditors. This is a senior, hands-on technical role - not a paper-only governance position. Requirements Key Technical Responsibilities: Threat Protection - Microsoft Defender XDR Operate Microsoft Defender XDR across Defender for Endpoint, Defender for Office 365 (Plan 2), Defender for Identity, Defender for Cloud Apps, and Defender Vulnerability Management. Manage Defender for Endpoint deployment, onboarding (via Intune/GPO/script), attack surface reduction (ASR) rules, EDR in block mode, automated investigation and response (AIR), tamper protection, and live response. Tune Defender for Office 365 anti-phishing, Safe Links, Safe Attachments, anti-spoofing, impersonation protection, attack simulation training, and Threat Explorer queries. Operate Defender for Identity sensors on domain controllers and ADFS Servers; investigate identity-based attack paths (DCSync, Golden Ticket, Pass-the-Hash) and remediate exposures. Operate Defender for Cloud Apps for SaaS discovery, OAuth app governance, conditional access app control (reverse Proxy), session policies, and shadow IT reporting. Investigate alerts and incidents in the Defender XDR portal using KQL advanced hunting; build custom detections, suppression rules, and automated playbooks. SIEM and SOAR - Microsoft Sentinel Operate Microsoft Sentinel for the estate: data connectors (M365, Entra, Defender XDR, Azure Activity, Office 365, Threat Intelligence, Syslog/CEF), workspace architecture, retention, and cost optimisation. Author analytics rules (scheduled, NRT, Fusion, Microsoft Security), build watchlists, threat intelligence integrations (TAXII/MISP), and User Entity Behaviour Analytics (UEBA). Develop KQL detection content aligned to MITRE ATT&CK; operate hunting queries, bookmarks, and incident investigation graphs. Build SOAR automation using Azure Logic Apps playbooks for incident enrichment, containment (eg, disable user, force password reset, isolate device), and notification. Operate the 24/7 Sentinel-based monitoring stack in collaboration with the NOC analyst function. Information Protection and Data Governance - Microsoft Purview Design and operate Microsoft Purview Information Protection: sensitivity labels, label policies, auto-labelling (client and service-side), encryption with rights management, and co-authoring on encrypted documents. Build and tune Data Loss Prevention (DLP) policies for Exchange, SharePoint, OneDrive, Teams chat, Endpoint DLP and Power Platform; manage policy tips, overrides, and incident review. Operate Insider Risk Management policies, content Explorer, activity Explorer, and communication compliance where in scope. Design retention policies, retention labels, and records management aligned to the customer's records retention schedules and applicable public-sector records management frameworks. Operate eDiscovery (Standard and Premium): cases, holds, collections, reviews, custodian management, and chain-of-custody documentation. Operate Microsoft Purview Data Map, Data Catalog, and Data Estate Insights for the Microsoft Fabric/Power BI estate, including lineage, classification scans, and Data Loss Prevention for Fabric. Maintain audit and reporting using Purview Audit (Standard/Premium), Compliance Manager templates (ISO 27001, GDPR, NIS2), and customer-managed Compliance Manager assessments. Identity Security and Zero Trust Define and maintain the Conditional Access policy baseline using a documented policy framework (Persona-based or Microsoft Zero Trust deployment guidance), including emergency/break-glass access, named locations, and report-only validation. Operate Entra ID Protection - sign-in risk, user risk, risk policies, and risk investigation - including alignment with Defender XDR for unified incident view. Govern privileged access via PIM, role-assignable groups, access reviews, and Just-In-Time elevation; co-own break-glass account procedures with the AD/Entra Specialist. Operate Entra Permissions Management (CIEM) where licensed, providing visibility of multi-cloud permission risk. Compliance and Audit Maintain ISO 27001 control evidence and align with the customer's certification and surveillance audits; act as the technical lead for any audit observation related to the Microsoft estate. Maintain GDPR records of processing, support Data Protection Impact Assessments for new applications, and operate technical and organisational measures (TOMs). Map controls to NIST CSF, NIS2 (where applicable as an essential/important entity), and Microsoft Secure Score/Identity Secure Score; maintain a target posture and quarterly improvement plan. Produce monthly security KPIs for the SLA report - Secure Score trend, MFA coverage, DLP incidents, phishing simulation results, vulnerability remediation, patch compliance - and quarterly executive risk reports. Microsoft Copilot and AI Governance Operate the security envelope for Microsoft 365 Copilot and Copilot Studio including SharePoint sharing hygiene ("oversharing"), sensitivity-label-aware grounding, restricted SearchableContent, and Copilot interaction audit log review. Define and enforce a Responsible AI policy aligned with Microsoft's Responsible AI Standard - fairness, reliability, safety, privacy, security, inclusiveness, transparency, and accountability. Mandatory Technical Skills Microsoft Defender XDR (full stack) and Microsoft Sentinel - analytics, hunting (KQL), incident management, and SOAR playbook authoring. Microsoft Purview - Information Protection, DLP, Insider Risk, Records Management, eDiscovery, Audit, and Compliance Manager. Entra ID security: Conditional Access, MFA, PIM, Identity Protection, External Identities, and Permissions Management. Zero Trust architecture knowledge per Microsoft Zero Trust deployment guidance; ability to lead a Zero Trust roadmap discussion with senior stakeholders. ISO 27001:2022 control set; GDPR Articles 5, 6, 9, 25, 28, 30, 32-34; awareness of NIS2 and applicable national cyber-security guidance. KQL (Kusto Query Language) - fluent across Defender Advanced Hunting, Sentinel, and Log Analytics. PowerShell automation across Microsoft Graph Security, ExchangeOnlineManagement, and Compliance modules. Desirable Technical Skills Threat hunting using Sigma rules, MITRE ATT&CK navigator, and STIX/TAXII Intel feeds. SOC operations experience - shift handover, evidence preservation, incident life cycle (NIST SP 800-61). Familiarity with on-premises PAM (CyberArk, BeyondTrust) and hybrid SOC tooling beyond Microsoft. Microsoft Fabric/Purview Data Loss Prevention (Fabric DLP) and AI hub for Purview. Familiarity with Cyber Essentials Plus, NCSC Cyber Assessment Framework (CAF), and ENISA guidance. Required Certifications Microsoft Certified: Security Operations Analyst Associate (SC-200) - mandatory. Microsoft Certified: Information Protection and Compliance Administrator Associate (SC-400) - mandatory. Microsoft Certified: Identity and Access Administrator Associate (SC-300) - mandatory. Microsoft Certified: Cybersecurity Architect Expert (SC-100) - preferred. ISO/IEC 27001 Lead Implementer or Lead Auditor - preferred. CISSP, CISM, or equivalent - desirable.
Key responsibilities Monitor, triage and respond to security alerts and events, ensuring effective prioritisation based on risk and impact Act as a first responder for security incidents, including participation in on call support Analyse security data and alerts to identify trends, risks and potential threats Act as an escalation point for information security queries from colleagues and service delivery teams Support and coordinate patch management activities, validating effectiveness through vulnerability scanning Oversee and operate key security technologies, including SIEM, email and web gateways, and endpoint protection tools Monitor external threat intelligence sources and assess relevance to the organisation Produce and report on security metrics, KPIs and operational performance Technical expertise Good understanding of information security principles, risk management and the threat landscape Experience of operating and monitoring security tooling, including SIEM, endpoint protection, and email/web security solutions Ability to proactively conduct threat hunting activities and develop or enhance detection analytics to improve identification of malicious activity Awareness of cloud security controls and standards Experience of managing enterprise systems, including Microsoft Active Directory, Windows and Linux Knowledge of network security technologies, including proxies, end point security tools and data loss prevention controls are highly advantageous Skills and experience Experience working within recognised information security frameworks (e.g. ISO27001, NIST) Proven experience in an information security role, preferably within financial services or e commerce Strong analytical capability, with the ability to interpret data and support decision making Ability to take ownership of tasks and deliver through to completion Confident in providing challenge to improve security outcomes Effective communication skills, both written and verbal Well organised, with strong attention to detail and the ability to manage competing priorities Demonstrates a commitment to continuous professional development (e.g. CISSP or equivalent) What we offer 26 days holiday, increasing with service + buy/sell scheme + bank holidays 7% Pension with matched contributions Discretionary bonus scheme Share schemes (including free shares and BAYE) Health Cash Plan and discounted private healthcare Free onsite gym Enhanced family leave (subject to qualifying criteria) Travel and bike loan schemes Employee Assistance Programme Our ways of working We offer hybrid working, with a minimum of 50% of your working time per month spent in the office. For new starters, there's an initial period of full time office working to help you settle in and build relationships. Inclusion & diversity We're committed to creating an inclusive environment where everyone feels respected and able to be themselves at work. We welcome applications from all backgrounds and make hiring decisions based on skills, experience and potential.
20/05/2026
Full time
Key responsibilities Monitor, triage and respond to security alerts and events, ensuring effective prioritisation based on risk and impact Act as a first responder for security incidents, including participation in on call support Analyse security data and alerts to identify trends, risks and potential threats Act as an escalation point for information security queries from colleagues and service delivery teams Support and coordinate patch management activities, validating effectiveness through vulnerability scanning Oversee and operate key security technologies, including SIEM, email and web gateways, and endpoint protection tools Monitor external threat intelligence sources and assess relevance to the organisation Produce and report on security metrics, KPIs and operational performance Technical expertise Good understanding of information security principles, risk management and the threat landscape Experience of operating and monitoring security tooling, including SIEM, endpoint protection, and email/web security solutions Ability to proactively conduct threat hunting activities and develop or enhance detection analytics to improve identification of malicious activity Awareness of cloud security controls and standards Experience of managing enterprise systems, including Microsoft Active Directory, Windows and Linux Knowledge of network security technologies, including proxies, end point security tools and data loss prevention controls are highly advantageous Skills and experience Experience working within recognised information security frameworks (e.g. ISO27001, NIST) Proven experience in an information security role, preferably within financial services or e commerce Strong analytical capability, with the ability to interpret data and support decision making Ability to take ownership of tasks and deliver through to completion Confident in providing challenge to improve security outcomes Effective communication skills, both written and verbal Well organised, with strong attention to detail and the ability to manage competing priorities Demonstrates a commitment to continuous professional development (e.g. CISSP or equivalent) What we offer 26 days holiday, increasing with service + buy/sell scheme + bank holidays 7% Pension with matched contributions Discretionary bonus scheme Share schemes (including free shares and BAYE) Health Cash Plan and discounted private healthcare Free onsite gym Enhanced family leave (subject to qualifying criteria) Travel and bike loan schemes Employee Assistance Programme Our ways of working We offer hybrid working, with a minimum of 50% of your working time per month spent in the office. For new starters, there's an initial period of full time office working to help you settle in and build relationships. Inclusion & diversity We're committed to creating an inclusive environment where everyone feels respected and able to be themselves at work. We welcome applications from all backgrounds and make hiring decisions based on skills, experience and potential.
Cyber Security Operations Manager Liverpool (Hybrid) - £70 000 - £75,000 We're working with a growing UK business looking to hire a Cyber Security Operations Manager to take full ownership of its security operations function, ensuring the organisation is protected, resilient, and continuously improving against an increasingly complex threat landscape. This is a high-impact position where you'll lead the security operations function end-to-end, driving improvements across threat detection, incident response, and overall security posture within a complex, evolving environment. The Role You'll take ownership of security operations, ensuring the business is protected against evolving threats while continuously improving processes, tooling, and team capability. Key responsibilities include: Leading the day-to-day operations of the Security Operations function, including oversight of any outsourced SOC Managing the full incident response lifecycle (detection through to recovery and post-incident review) Overseeing threat detection, vulnerability management, and cyber defence capabilities Driving improvements across SIEM, SOAR, EDR/XDR, and security tooling Ensuring robust monitoring, alerting, and response across cloud, network, and endpoint environments Partnering with Infrastructure, Cloud, and Risk teams to strengthen security across the business Leading and developing a team of cyber engineers and analysts Driving automation initiatives to improve response times and operational efficiency Supporting governance, compliance, and audit requirements Reporting on security performance, risks, and KPIs to senior stakeholders What We're Looking For Proven experience leading a Security Operations or SOC function Strong understanding of SIEM, SOAR, EDR/XDR, IDS/IPS, and security tooling Experience managing incident response and threat management in complex environments Strong knowledge of frameworks such as NIST, ISO 27001, or CIS Controls Experience working in cloud environments (Azure, AWS, or GCP) Strong leadership and stakeholder management skills Ability to balance hands-on technical understanding with strategic oversight Why Join? Opportunity to lead and shape the security operations function High visibility role across technology and leadership teams Business actively investing in cyber security and resilience If you're looking for a role where you can lead, influence, and strengthen cyber security at scale, we'd love to hear from you. Apply today with your most up to date CV. BH36094
19/05/2026
Full time
Cyber Security Operations Manager Liverpool (Hybrid) - £70 000 - £75,000 We're working with a growing UK business looking to hire a Cyber Security Operations Manager to take full ownership of its security operations function, ensuring the organisation is protected, resilient, and continuously improving against an increasingly complex threat landscape. This is a high-impact position where you'll lead the security operations function end-to-end, driving improvements across threat detection, incident response, and overall security posture within a complex, evolving environment. The Role You'll take ownership of security operations, ensuring the business is protected against evolving threats while continuously improving processes, tooling, and team capability. Key responsibilities include: Leading the day-to-day operations of the Security Operations function, including oversight of any outsourced SOC Managing the full incident response lifecycle (detection through to recovery and post-incident review) Overseeing threat detection, vulnerability management, and cyber defence capabilities Driving improvements across SIEM, SOAR, EDR/XDR, and security tooling Ensuring robust monitoring, alerting, and response across cloud, network, and endpoint environments Partnering with Infrastructure, Cloud, and Risk teams to strengthen security across the business Leading and developing a team of cyber engineers and analysts Driving automation initiatives to improve response times and operational efficiency Supporting governance, compliance, and audit requirements Reporting on security performance, risks, and KPIs to senior stakeholders What We're Looking For Proven experience leading a Security Operations or SOC function Strong understanding of SIEM, SOAR, EDR/XDR, IDS/IPS, and security tooling Experience managing incident response and threat management in complex environments Strong knowledge of frameworks such as NIST, ISO 27001, or CIS Controls Experience working in cloud environments (Azure, AWS, or GCP) Strong leadership and stakeholder management skills Ability to balance hands-on technical understanding with strategic oversight Why Join? Opportunity to lead and shape the security operations function High visibility role across technology and leadership teams Business actively investing in cyber security and resilience If you're looking for a role where you can lead, influence, and strengthen cyber security at scale, we'd love to hear from you. Apply today with your most up to date CV. BH36094
Senior Information Security Analyst, UK page is loaded Senior Information Security Analyst, UKlocations: London, United Kingdomtime type: Full timeposted on: Posted 3 Days Agojob requisition id: R-100213Realty Income aims to be a globally recognized leader in the S&P 100, committed to creating long-term value for all stakeholders. These stakeholders include our dedicated team members, who embody our purpose: building enduring relationships and brighter financial futures. This guiding principle serves as a beacon for our team, influencing every action we take. Our employees consistently invest their time, commitment, and dedication into the company, and in turn, they receive investment returns in the form of purpose, belonging, and opportunities for advancement. We are committed to best-in-class corporate responsibility practices through environmental initiatives, governance programs, and community outreach projects. From the boardroom to the breakroom, our team members make a difference every day.Realty Income (NYSE: O), an S&P 500 company, is a real estate partner to the world's leading companies. Founded in 1969, we invest in diversified commercial real estate and have a portfolio of 15,500 properties in all 50 U.S. states, the UK and eight other countries in Europe, with a gross book value $58bn. We are known as "The Monthly Dividend Company(R)" and have a mission to deliver stockholders dependable monthly dividends that grow over time. Since our founding, we have declared 656 consecutive monthly dividends and are a member of the S&P 500 Dividend Aristocrats(R) index, having increased our dividend for the last 31 consecutive years.The European portfolio, including the UK, has grown significantly since our first international acquisition, a £429m 12-property portfolio from Sainsbury's in 2019. In just five years the portfolio now includes investments of over €11bn, and 483 distinct properties.Be a part of this growth story for a world leading Real Estate Investment Trust! Working in this global role you will contribute to the Info Sec team's expansion in Europe, empowering your career and allowing you to take on additional responsibility and challenges, whilst you broaden your experience and skillsets. Position Overview: Reporting to the Associate Director, European IT and operating under the supervision of the global Information Security program, the Senior Information Security Analyst supports the day-to-day operations of the global Information Security program, with a focus on security alert triage, incident investigation, and operational effectiveness across the environment.This role is responsible for monitoring and responding to security alerts, performing assigned operational tasks, and optimizing security tooling to improve detection quality and reduce false positives. The position operates within a centralized global security function and collaborates across regions to ensure consistent handling of security incidents.The Senior Information Security Analyst contributes to the continuous improvement of information security processes and procedures, supporting compliance activities aligned with frameworks and standards such as the NIST Cybersecurity Framework, GDPR and SOX. Key Responsibilities: Monitor, triage, and investigate security alerts in coordination with the Security Operations Center (SOC) and internal teams. Analyze and validate potential security incidents, ensuring accurate classification, documentation, and escalation. Perform daily operational information security tasks, including the management and resolution of ServiceNow incidents assigned to the Information Security team. Support incident response efforts through investigation, coordination, and detailed documentation of findings. Participate occasionally in an on-call rotation as required to support timely response and escalation of security incidents outside of business hours, ensuring appropriate handover, documentation, and continuity of incident management. Tune and optimize security tools, including SIEM and endpoint protection platforms, to improve alert fidelity and reduce false positives. Collaborate with internal technology teams to ensure appropriate logging, monitoring, and alerting capabilities are in place across systems. Work closely with the IT Service Desk, Operations, and development teams to support vulnerability identification and ensure remediation is prioritised and delivered within agreed SLAs. Work closely with global and regional stakeholders to support consistent security operations and incident handling across time zones. Support security awareness initiatives through participation in training, workshops, and knowledge-sharing activities. Partner with the global Information Security team to review, streamline, and develop security processes, procedures, and incident response playbooks, while maintaining accurate, current documentation aligned with approved standards. Promote a culture of security across the organization through engagement and collaboration. Performs other duties as assigned. Candidate Requirements Knowledge, Skills, and Abilities Must have for the role: Suitable experience in an Information Security role. Some previous relevant experience in a technical IT role (System Administration/Network Administration/DevOps). While we do not set upper or lower limits of experience for any of our vacancies, candidates with at least 4 - 8 years' suitable experience are likely to have the right level of knowledge and experience. Combination of education, training, experience, skills and other characteristics that would provide the requisite knowledge and abilities in support of the essential job functions. Must have Cybersecurity certification(s) (CISSP, Sec+, CCSP, CEH) or equivalent Knowledge of security frameworks and regulatory compliance standards (NIST CSF, SOX ITGC, GDPR, etc.). Hands-on experience with security technologies including Microsoft Defender, Zscaler, SIEM platforms (e.g. Google SecOps), and identity platforms (e.g. Azure/Entra, Okta).Hands on experience in incident response, threat detection, and vulnerability management within an enterprise environment. Strong ability to analyze, prioritize, and respond to security alerts and vulnerabilities within the context of business operations and risk tolerance. Experience with incident response processes and best practices, including investigation, escalation, and documentation. Knowledge of cloud security principles, particularly within Microsoft Azure environments. Working technical knowledge of IT systems including Active Directory, Microsoft 365 and Windows OS. Strong written and verbal communication skills include the ability to clearly document findings and risks to technical and non-technical stakeholders. Demonstrate commitment to continuous learning, staying current with emerging threats, technologies and industry trends. Hybrid working arrangements, in the office Monday / Tuesday / Wednesday / Thursday May require infrequent travel to remote sites. Make yourself available outside of normal working hours for security incidents Desirable but not essential: Experience working in the financial services or investment industries. Bachelor's degree in information security or related field or equivalent combination of education and experience. Our Mission & Values For more than 50 years, Realty Income has been guided by our mission to invest in people and places to deliver dependable monthly dividends that increase over time. We do this by nurturing long-term, meaningful relationships that enable people to achieve a better financial outlook. We understand that when individuals succeed financially, they are able to provide for their families, support local businesses and pursue their greatest ambitions-creating a lasting positive impact
19/05/2026
Full time
Senior Information Security Analyst, UK page is loaded Senior Information Security Analyst, UKlocations: London, United Kingdomtime type: Full timeposted on: Posted 3 Days Agojob requisition id: R-100213Realty Income aims to be a globally recognized leader in the S&P 100, committed to creating long-term value for all stakeholders. These stakeholders include our dedicated team members, who embody our purpose: building enduring relationships and brighter financial futures. This guiding principle serves as a beacon for our team, influencing every action we take. Our employees consistently invest their time, commitment, and dedication into the company, and in turn, they receive investment returns in the form of purpose, belonging, and opportunities for advancement. We are committed to best-in-class corporate responsibility practices through environmental initiatives, governance programs, and community outreach projects. From the boardroom to the breakroom, our team members make a difference every day.Realty Income (NYSE: O), an S&P 500 company, is a real estate partner to the world's leading companies. Founded in 1969, we invest in diversified commercial real estate and have a portfolio of 15,500 properties in all 50 U.S. states, the UK and eight other countries in Europe, with a gross book value $58bn. We are known as "The Monthly Dividend Company(R)" and have a mission to deliver stockholders dependable monthly dividends that grow over time. Since our founding, we have declared 656 consecutive monthly dividends and are a member of the S&P 500 Dividend Aristocrats(R) index, having increased our dividend for the last 31 consecutive years.The European portfolio, including the UK, has grown significantly since our first international acquisition, a £429m 12-property portfolio from Sainsbury's in 2019. In just five years the portfolio now includes investments of over €11bn, and 483 distinct properties.Be a part of this growth story for a world leading Real Estate Investment Trust! Working in this global role you will contribute to the Info Sec team's expansion in Europe, empowering your career and allowing you to take on additional responsibility and challenges, whilst you broaden your experience and skillsets. Position Overview: Reporting to the Associate Director, European IT and operating under the supervision of the global Information Security program, the Senior Information Security Analyst supports the day-to-day operations of the global Information Security program, with a focus on security alert triage, incident investigation, and operational effectiveness across the environment.This role is responsible for monitoring and responding to security alerts, performing assigned operational tasks, and optimizing security tooling to improve detection quality and reduce false positives. The position operates within a centralized global security function and collaborates across regions to ensure consistent handling of security incidents.The Senior Information Security Analyst contributes to the continuous improvement of information security processes and procedures, supporting compliance activities aligned with frameworks and standards such as the NIST Cybersecurity Framework, GDPR and SOX. Key Responsibilities: Monitor, triage, and investigate security alerts in coordination with the Security Operations Center (SOC) and internal teams. Analyze and validate potential security incidents, ensuring accurate classification, documentation, and escalation. Perform daily operational information security tasks, including the management and resolution of ServiceNow incidents assigned to the Information Security team. Support incident response efforts through investigation, coordination, and detailed documentation of findings. Participate occasionally in an on-call rotation as required to support timely response and escalation of security incidents outside of business hours, ensuring appropriate handover, documentation, and continuity of incident management. Tune and optimize security tools, including SIEM and endpoint protection platforms, to improve alert fidelity and reduce false positives. Collaborate with internal technology teams to ensure appropriate logging, monitoring, and alerting capabilities are in place across systems. Work closely with the IT Service Desk, Operations, and development teams to support vulnerability identification and ensure remediation is prioritised and delivered within agreed SLAs. Work closely with global and regional stakeholders to support consistent security operations and incident handling across time zones. Support security awareness initiatives through participation in training, workshops, and knowledge-sharing activities. Partner with the global Information Security team to review, streamline, and develop security processes, procedures, and incident response playbooks, while maintaining accurate, current documentation aligned with approved standards. Promote a culture of security across the organization through engagement and collaboration. Performs other duties as assigned. Candidate Requirements Knowledge, Skills, and Abilities Must have for the role: Suitable experience in an Information Security role. Some previous relevant experience in a technical IT role (System Administration/Network Administration/DevOps). While we do not set upper or lower limits of experience for any of our vacancies, candidates with at least 4 - 8 years' suitable experience are likely to have the right level of knowledge and experience. Combination of education, training, experience, skills and other characteristics that would provide the requisite knowledge and abilities in support of the essential job functions. Must have Cybersecurity certification(s) (CISSP, Sec+, CCSP, CEH) or equivalent Knowledge of security frameworks and regulatory compliance standards (NIST CSF, SOX ITGC, GDPR, etc.). Hands-on experience with security technologies including Microsoft Defender, Zscaler, SIEM platforms (e.g. Google SecOps), and identity platforms (e.g. Azure/Entra, Okta).Hands on experience in incident response, threat detection, and vulnerability management within an enterprise environment. Strong ability to analyze, prioritize, and respond to security alerts and vulnerabilities within the context of business operations and risk tolerance. Experience with incident response processes and best practices, including investigation, escalation, and documentation. Knowledge of cloud security principles, particularly within Microsoft Azure environments. Working technical knowledge of IT systems including Active Directory, Microsoft 365 and Windows OS. Strong written and verbal communication skills include the ability to clearly document findings and risks to technical and non-technical stakeholders. Demonstrate commitment to continuous learning, staying current with emerging threats, technologies and industry trends. Hybrid working arrangements, in the office Monday / Tuesday / Wednesday / Thursday May require infrequent travel to remote sites. Make yourself available outside of normal working hours for security incidents Desirable but not essential: Experience working in the financial services or investment industries. Bachelor's degree in information security or related field or equivalent combination of education and experience. Our Mission & Values For more than 50 years, Realty Income has been guided by our mission to invest in people and places to deliver dependable monthly dividends that increase over time. We do this by nurturing long-term, meaningful relationships that enable people to achieve a better financial outlook. We understand that when individuals succeed financially, they are able to provide for their families, support local businesses and pursue their greatest ambitions-creating a lasting positive impact
Requisition ID: FEQ427R217 Sr. Solutions Architect (Lakewatch - EMEA) The Solutions Architect (Lakewatch) team executes on Databricks' strategic Product Operating Model that provides enhanced focus on earlier stage, highly prioritized product lines in order to establish product market fit, and set the course for rapid revenue growth. They are part of a global go to market team mandate, though individually will cover a specific, local region. Clients may span across one or more business units and verticals. By working in partnership with direct account teams, they will jointly engage clients, foster the necessary relationships, position in-depth the specific product line, so as to provide compelling reasons for clients to adopt and grow the usage of the given product. They understand the appropriate approach, the guardrails, and the steps needed to successfully adopt the product line, as clients deliver on their business objectives. The Solutions Architect (Lakewatch) is paired with an Account Executive aligned to the product line with specific targets accordingly. Together, they will devise and implement a strategy across their assigned set of accounts, develop presentations, demos and other assets and deliver them such that customers make an informed decision as they decide to adopt the product line in a meaningful way. The Lakewatch product line requires the following core technical competencies: 5+ years of cybersecurity engineering, security operations (SecOps), or security architecture expertise, with a proven track record of designing and delivering customer facing security solutions (of which 3+ years are in a customer facing, pre sales or consulting role). Experience with design and implementation of data and AI applications in cybersecurity, including anomaly detection, behavioral analytics, and agentic AI workflows for triage and investigation. Deep familiarity with SIEM platforms (Splunk, Microsoft Sentinel, QRadar, or similar), including deployment, tuning, detection engineering, and migration strategies. Familiarity with SOAR platforms is also desirable. Strong understanding of the security telemetry landscape: endpoint (EDR/XDR), network (firewall, DNS, proxy), identity (Okta, Entra ID), cloud (AWS CloudTrail, Azure Activity Log, GCP Audit), and SaaS application logs. Familiarity with standards such as OCSF. Experience with "detection as code" workflows, including rule authoring in SQL or YAML, CI/CD integration for detection pipelines, and MITRE ATT&CK framework mapping. Credibility in influencing security analytics products with the market insight needed to shape and prioritize roadmap capabilities. The impact you will have Provide technical leadership to guide strategic customers to successful implementations on big data projects, ranging from architectural design to data engineering to model deployment. Collaborate with GTM leadership and account teams to design and execute high impact engagement strategies across your territory, driving Lakewatch adoption from initial data offload through full SIEM augmentation or replacement. As a trusted advisor, serve as an expert Solutions Architect building technical credibility with CISOs, security architects, SOC leadership, and security analysts to drive product adoption and vision. Enable clients at scale through workshops, POC execution, and developing customer facing collateral that increases technical knowledge and demonstrates the value of an open agentic SIEM architecture. Influence product roadmap by translating field derived, data driven insights into strategic recommendations for Product and Engineering teams. Handle the most complex technical challenges in this product line by acting as the tier 3 escalation point for the field, ensuring customer success in mission critical security environments. Establish and refine the sales qualification and POC intake process, ensuring well scoped engagements that maximize customer success and minimize friction for R&D. Competencies & Responsibilities 5+ years in a customer facing, pre sales or consulting role influencing technical executives, driving high level security strategy and product adoption. Experience with design and implementation of data and AI applications in cybersecurity, including anomaly detection, behavioral analytics, and agentic AI workflows for triage and investigation. Proficient in programming, debugging, and problem solving using SQL and Python and with AI tools. Experience collaborating with Global System Integrators (GSIs) and third party consulting organizations to drive customer outcomes in cybersecurity. Hands on experience building solutions within major public cloud environments (AWS, Azure, or GCP), with an understanding of cloud native security logging and monitoring. Deep experience in security operations, with broad familiarity across one or more of the following: data engineering, data warehousing, AI/ML for security, data governance, and streaming. Undergraduate degree (or higher) in a technical field such as Computer Science, Cybersecurity, Applied Mathematics, Engineering or similar. Our Commitment to Diversity and Inclusion At Databricks, we are committed to fostering a diverse and inclusive culture where everyone can excel. We take great care to ensure that our hiring practices are inclusive and meet equal employment opportunity standards. Individuals looking for employment at Databricks are considered without regard to age, color, disability, ethnicity, family or marital status, gender identity or expression, language, national origin, physical and mental ability, political affiliation, race, religion, sexual orientation, socio economic status, veteran status, and other protected characteristics. Compliance If access to export controlled technology or source code is required for performance of job duties, it is within Employer's discretion whether to apply for a U.S. government license for such positions, and Employer may decline to proceed with an applicant on this basis alone.
19/05/2026
Full time
Requisition ID: FEQ427R217 Sr. Solutions Architect (Lakewatch - EMEA) The Solutions Architect (Lakewatch) team executes on Databricks' strategic Product Operating Model that provides enhanced focus on earlier stage, highly prioritized product lines in order to establish product market fit, and set the course for rapid revenue growth. They are part of a global go to market team mandate, though individually will cover a specific, local region. Clients may span across one or more business units and verticals. By working in partnership with direct account teams, they will jointly engage clients, foster the necessary relationships, position in-depth the specific product line, so as to provide compelling reasons for clients to adopt and grow the usage of the given product. They understand the appropriate approach, the guardrails, and the steps needed to successfully adopt the product line, as clients deliver on their business objectives. The Solutions Architect (Lakewatch) is paired with an Account Executive aligned to the product line with specific targets accordingly. Together, they will devise and implement a strategy across their assigned set of accounts, develop presentations, demos and other assets and deliver them such that customers make an informed decision as they decide to adopt the product line in a meaningful way. The Lakewatch product line requires the following core technical competencies: 5+ years of cybersecurity engineering, security operations (SecOps), or security architecture expertise, with a proven track record of designing and delivering customer facing security solutions (of which 3+ years are in a customer facing, pre sales or consulting role). Experience with design and implementation of data and AI applications in cybersecurity, including anomaly detection, behavioral analytics, and agentic AI workflows for triage and investigation. Deep familiarity with SIEM platforms (Splunk, Microsoft Sentinel, QRadar, or similar), including deployment, tuning, detection engineering, and migration strategies. Familiarity with SOAR platforms is also desirable. Strong understanding of the security telemetry landscape: endpoint (EDR/XDR), network (firewall, DNS, proxy), identity (Okta, Entra ID), cloud (AWS CloudTrail, Azure Activity Log, GCP Audit), and SaaS application logs. Familiarity with standards such as OCSF. Experience with "detection as code" workflows, including rule authoring in SQL or YAML, CI/CD integration for detection pipelines, and MITRE ATT&CK framework mapping. Credibility in influencing security analytics products with the market insight needed to shape and prioritize roadmap capabilities. The impact you will have Provide technical leadership to guide strategic customers to successful implementations on big data projects, ranging from architectural design to data engineering to model deployment. Collaborate with GTM leadership and account teams to design and execute high impact engagement strategies across your territory, driving Lakewatch adoption from initial data offload through full SIEM augmentation or replacement. As a trusted advisor, serve as an expert Solutions Architect building technical credibility with CISOs, security architects, SOC leadership, and security analysts to drive product adoption and vision. Enable clients at scale through workshops, POC execution, and developing customer facing collateral that increases technical knowledge and demonstrates the value of an open agentic SIEM architecture. Influence product roadmap by translating field derived, data driven insights into strategic recommendations for Product and Engineering teams. Handle the most complex technical challenges in this product line by acting as the tier 3 escalation point for the field, ensuring customer success in mission critical security environments. Establish and refine the sales qualification and POC intake process, ensuring well scoped engagements that maximize customer success and minimize friction for R&D. Competencies & Responsibilities 5+ years in a customer facing, pre sales or consulting role influencing technical executives, driving high level security strategy and product adoption. Experience with design and implementation of data and AI applications in cybersecurity, including anomaly detection, behavioral analytics, and agentic AI workflows for triage and investigation. Proficient in programming, debugging, and problem solving using SQL and Python and with AI tools. Experience collaborating with Global System Integrators (GSIs) and third party consulting organizations to drive customer outcomes in cybersecurity. Hands on experience building solutions within major public cloud environments (AWS, Azure, or GCP), with an understanding of cloud native security logging and monitoring. Deep experience in security operations, with broad familiarity across one or more of the following: data engineering, data warehousing, AI/ML for security, data governance, and streaming. Undergraduate degree (or higher) in a technical field such as Computer Science, Cybersecurity, Applied Mathematics, Engineering or similar. Our Commitment to Diversity and Inclusion At Databricks, we are committed to fostering a diverse and inclusive culture where everyone can excel. We take great care to ensure that our hiring practices are inclusive and meet equal employment opportunity standards. Individuals looking for employment at Databricks are considered without regard to age, color, disability, ethnicity, family or marital status, gender identity or expression, language, national origin, physical and mental ability, political affiliation, race, religion, sexual orientation, socio economic status, veteran status, and other protected characteristics. Compliance If access to export controlled technology or source code is required for performance of job duties, it is within Employer's discretion whether to apply for a U.S. government license for such positions, and Employer may decline to proceed with an applicant on this basis alone.
Senior IT Support Analyst - Highly Regulated Engineering Environment Type: Full time, Permanent Clearance: Must be eligible for SC Clearance Driving Licence: Full UK licence required Are you an experienced Senior IT Support professional looking to step into a role where your technical expertise truly matters? We're supporting a leading organisation in a highly regulated engineering sector that is seeking a skilled Senior IT Support Analyst to join their team. This position offers the chance to work with cutting edge technologies, contribute to critical IT operations, and influence the stability and security of enterprise level systems. The Role Provide advanced support across hardware, software, networking, and security issues Administer Windows Server (), Active Directory, Entra ID, and RBAC Manage PAM solutions and maintain secure access controls Support and administer Microsoft 365, including Purview, Exchange Online, and Teams Work with VMware vSphere and Horizon VDI environments Ensure effective patching, maintenance, and compliance across systems Assist with backup and disaster recovery processes Support endpoint security and patching tools Provide network troubleshooting assistance Lead or participate in IT projects Maintain clear, accurate documentation Occasionally provide out of hours support when required What You'll Bring Essential Skills & Experience Strong experience in 2nd line or senior IT support roles within enterprise environments Deep understanding of Windows Server, Active Directory, and Microsoft 365 Good knowledge of networking fundamentals: TCP/IP, DNS, DHCP Hands on experience with VMware virtualisation Knowledge of backup and recovery processes Awareness of security and compliance frameworks such as: ISO 27001 Cyber Essentials Plus CAF 2.0 Excellent troubleshooting and analytical skills Experience supporting Autodesk software (desirable) UK national (required to meet SC clearance criteria) Full UK driving licence Desirable Skills Exposure to hybrid cloud environments (Azure/AWS) Experience with Nutanix AHV, Hyper V, or Azure based hypervisors Experience with endpoint management tools (e.g., Intune) Knowledge of disaster recovery planning and testing SAP S/4HANA exposure
17/05/2026
Full time
Senior IT Support Analyst - Highly Regulated Engineering Environment Type: Full time, Permanent Clearance: Must be eligible for SC Clearance Driving Licence: Full UK licence required Are you an experienced Senior IT Support professional looking to step into a role where your technical expertise truly matters? We're supporting a leading organisation in a highly regulated engineering sector that is seeking a skilled Senior IT Support Analyst to join their team. This position offers the chance to work with cutting edge technologies, contribute to critical IT operations, and influence the stability and security of enterprise level systems. The Role Provide advanced support across hardware, software, networking, and security issues Administer Windows Server (), Active Directory, Entra ID, and RBAC Manage PAM solutions and maintain secure access controls Support and administer Microsoft 365, including Purview, Exchange Online, and Teams Work with VMware vSphere and Horizon VDI environments Ensure effective patching, maintenance, and compliance across systems Assist with backup and disaster recovery processes Support endpoint security and patching tools Provide network troubleshooting assistance Lead or participate in IT projects Maintain clear, accurate documentation Occasionally provide out of hours support when required What You'll Bring Essential Skills & Experience Strong experience in 2nd line or senior IT support roles within enterprise environments Deep understanding of Windows Server, Active Directory, and Microsoft 365 Good knowledge of networking fundamentals: TCP/IP, DNS, DHCP Hands on experience with VMware virtualisation Knowledge of backup and recovery processes Awareness of security and compliance frameworks such as: ISO 27001 Cyber Essentials Plus CAF 2.0 Excellent troubleshooting and analytical skills Experience supporting Autodesk software (desirable) UK national (required to meet SC clearance criteria) Full UK driving licence Desirable Skills Exposure to hybrid cloud environments (Azure/AWS) Experience with Nutanix AHV, Hyper V, or Azure based hypervisors Experience with endpoint management tools (e.g., Intune) Knowledge of disaster recovery planning and testing SAP S/4HANA exposure
Profectus Recruitment is proud to be supporting a mature, highly regulated financial services organisation to recruit a Cyber Security Engineer. This role plays a key part in designing, implementing and maturing the organisation's cyber security capability. It is a hands on engineering position focused on security architecture, tool implementation, threat prevention, and continuous control improvement across a modern Microsoft-centric technology estate. You will work closely with Architecture, Infrastructure, Engineering and Risk teams, acting as a trusted security authority while ensuring controls are pragmatic, risk-based and aligned to regulatory expectations. This is an opportunity for someone who enjoys being technically close to security tooling and infrastructure, while also influencing how security is embedded into design decisions across the business. Hybrid working: 2 days per week on-site. The Role You will: Design and implement security solutions across cloud and on-prem environments Review and shape technical designs to ensure security patterns and principles are applied correctly Support and enhance core cyber processes including vulnerability management, incident response, monitoring, IAM, endpoint security and network protection Work closely with technology teams to embed security into change and project initiatives Assess risk and define appropriate mitigating controls using a pragmatic, business-aligned approach Contribute to the development of security standards, procedures and governance frameworks Act as a subject matter authority on security-related queries across technology and the wider business This role requires someone who can balance technical depth with risk-based judgement and communicate effectively with both engineers and senior stakeholders. What They're Looking For Strong hands on experience in a Cyber Security Engineer or Security Analyst role Experience designing and implementing security controls across modern infrastructure Strong knowledge of security architecture principles and secure design patterns Experience with Azure, Microsoft Defender, M365 security tooling and firewalls Understanding of vulnerability management, incident response, endpoint protection and identity & access management Familiarity with frameworks such as NIST, ISO27001, OWASP, MITRE, CIS Benchmarks Experience operating within a regulated environment (Financial Services preferred) Ability to take ownership, work independently and make risk-based security decisions Desirable Cloud native security and Zero Trust principles Exposure to regulatory environments such as PCI DSS, GDPR or Cyber Essentials Certifications such as CISSP, CISM, CEH or equivalent If you're looking for a role where you can take real ownership of security engineering, influence technical design decisions, and help mature cyber capability within a regulated financial services organisation, this is an excellent opportunity. Please apply for immediate consideration.
17/05/2026
Full time
Profectus Recruitment is proud to be supporting a mature, highly regulated financial services organisation to recruit a Cyber Security Engineer. This role plays a key part in designing, implementing and maturing the organisation's cyber security capability. It is a hands on engineering position focused on security architecture, tool implementation, threat prevention, and continuous control improvement across a modern Microsoft-centric technology estate. You will work closely with Architecture, Infrastructure, Engineering and Risk teams, acting as a trusted security authority while ensuring controls are pragmatic, risk-based and aligned to regulatory expectations. This is an opportunity for someone who enjoys being technically close to security tooling and infrastructure, while also influencing how security is embedded into design decisions across the business. Hybrid working: 2 days per week on-site. The Role You will: Design and implement security solutions across cloud and on-prem environments Review and shape technical designs to ensure security patterns and principles are applied correctly Support and enhance core cyber processes including vulnerability management, incident response, monitoring, IAM, endpoint security and network protection Work closely with technology teams to embed security into change and project initiatives Assess risk and define appropriate mitigating controls using a pragmatic, business-aligned approach Contribute to the development of security standards, procedures and governance frameworks Act as a subject matter authority on security-related queries across technology and the wider business This role requires someone who can balance technical depth with risk-based judgement and communicate effectively with both engineers and senior stakeholders. What They're Looking For Strong hands on experience in a Cyber Security Engineer or Security Analyst role Experience designing and implementing security controls across modern infrastructure Strong knowledge of security architecture principles and secure design patterns Experience with Azure, Microsoft Defender, M365 security tooling and firewalls Understanding of vulnerability management, incident response, endpoint protection and identity & access management Familiarity with frameworks such as NIST, ISO27001, OWASP, MITRE, CIS Benchmarks Experience operating within a regulated environment (Financial Services preferred) Ability to take ownership, work independently and make risk-based security decisions Desirable Cloud native security and Zero Trust principles Exposure to regulatory environments such as PCI DSS, GDPR or Cyber Essentials Certifications such as CISSP, CISM, CEH or equivalent If you're looking for a role where you can take real ownership of security engineering, influence technical design decisions, and help mature cyber capability within a regulated financial services organisation, this is an excellent opportunity. Please apply for immediate consideration.
Job Title Level 3 Security Analyst - Incident Response & Vulnerability Management Department Service Delivery / Security Reporting To Security Lead / Service Delivery Manager Operates under the direction of the Incident Manager during security incidents Location UK (Hybrid) Office in Cardiff 1-2 days per week, regular client site travel. Working Pattern Monday to Friday with participation in the on-call Security and Major Incident rota as required Role Purpose The Level 3 Security Analyst is responsible for the technical investigation, containment, remediation, and resolution of IT security incidents and vulnerabilities across a complex, multi-site customer estate supported by "the MSP". The role acts as a senior technical authority for security incidents, working alongside Incident Management, Infrastructure, Network, and Application teams to ensure security issues are resolved end-to-end, correctly documented, and do not reoccur. Key Accountabilities - Security Incident Investigation & Response Act as the technical lead for the investigation of security incidents across supported platforms. Investigate malware, ransomware, account compromise, unauthorised access, suspicious activity, and security misconfiguration. Perform detailed root cause analysis across endpoint, identity, network, and application layers. Advise the Incident Manager on incident scope, impact, containment, eradication strategy, and recovery validation. Drive incidents through to full technical resolution, not temporary mitigation. Key Accountabilities - Vulnerability Management Investigate vulnerabilities identified via scanning platforms, endpoint and cloud tooling, supplier disclosures, and audit activity. Assess risk based on exploitability, exposure, and operational impact. Own remediation actions end-to-end, coordinating with Infrastructure, Network, and third-party suppliers. Validate remediation and ensure appropriate evidence is captured for assurance and audit. Platforms & Technology Scope End-user devices including Windows, macOS, tablets, and peripherals. Microsoft 365 including Entra ID, Exchange, SharePoint, Defender, and endpoint protection. Identity and Access Management including privileged and service accounts. On-premises and cloud-hosted servers. Network infrastructure including firewalls, switches, wireless, and WAN connectivity. Cloud-hosted and supplier-managed applications. Documentation, Audit & Continuous Improvement Produce clear, technically accurate documentation covering incidents, root cause analysis, and corrective actions. Support governance, customer assurance, and audit requirements. Contribute to post-incident reviews and lessons learned. Identify recurring issues and recommend long-term improvements. Ensure incidents and vulnerabilities are correctly logged and tracked within ITSM systems. Collaboration & Escalation Work closely with Incident Managers, Security specialists, and Level 3 Infrastructure and Network teams. Act as a senior escalation point for Level 1 and Level 2 teams. Engage third-party suppliers to progress investigation and remediation. Participate in out-of-hours response as required. Knowledge, Skills & Experience - Essential Proven experience in a Level 3 or Senior Security Analyst or Incident Response role. Hands-on experience investigating and resolving incidents across endpoints, identity platforms, networks, and cloud services. Strong understanding of malware and ransomware response, identity compromise, and vulnerability remediation. Experience working within formal Security Incident and Major Incident processes. Strong written documentation and stakeholder communication skills. Knowledge, Skills & Experience - Desirable Experience supporting multi-site or operationally sensitive environments. Familiarity with Defender, SIEM, EDR, and vulnerability management tools. Understanding of regulated or PCI-adjacent environments. Relevant security certifications or equivalent experience. Behavioural Competencies Takes ownership from detection through to resolution. Investigates thoroughly and challenges incomplete fixes. Calm, methodical, and decisive during live incidents. Understands operational and business impact. Professional and confident when engaging customers and suppliers. Decision Making & Authority Makes technical decisions relating to investigation, containment, and remediation of security incidents. Escalates risk and decision points appropriately to Incident Management and Service Delivery leadership. Key Interfaces Incident Management Security Operations Infrastructure and Network Services Third-party suppliers Customer stakeholders via structured incident communications
13/05/2026
Full time
Job Title Level 3 Security Analyst - Incident Response & Vulnerability Management Department Service Delivery / Security Reporting To Security Lead / Service Delivery Manager Operates under the direction of the Incident Manager during security incidents Location UK (Hybrid) Office in Cardiff 1-2 days per week, regular client site travel. Working Pattern Monday to Friday with participation in the on-call Security and Major Incident rota as required Role Purpose The Level 3 Security Analyst is responsible for the technical investigation, containment, remediation, and resolution of IT security incidents and vulnerabilities across a complex, multi-site customer estate supported by "the MSP". The role acts as a senior technical authority for security incidents, working alongside Incident Management, Infrastructure, Network, and Application teams to ensure security issues are resolved end-to-end, correctly documented, and do not reoccur. Key Accountabilities - Security Incident Investigation & Response Act as the technical lead for the investigation of security incidents across supported platforms. Investigate malware, ransomware, account compromise, unauthorised access, suspicious activity, and security misconfiguration. Perform detailed root cause analysis across endpoint, identity, network, and application layers. Advise the Incident Manager on incident scope, impact, containment, eradication strategy, and recovery validation. Drive incidents through to full technical resolution, not temporary mitigation. Key Accountabilities - Vulnerability Management Investigate vulnerabilities identified via scanning platforms, endpoint and cloud tooling, supplier disclosures, and audit activity. Assess risk based on exploitability, exposure, and operational impact. Own remediation actions end-to-end, coordinating with Infrastructure, Network, and third-party suppliers. Validate remediation and ensure appropriate evidence is captured for assurance and audit. Platforms & Technology Scope End-user devices including Windows, macOS, tablets, and peripherals. Microsoft 365 including Entra ID, Exchange, SharePoint, Defender, and endpoint protection. Identity and Access Management including privileged and service accounts. On-premises and cloud-hosted servers. Network infrastructure including firewalls, switches, wireless, and WAN connectivity. Cloud-hosted and supplier-managed applications. Documentation, Audit & Continuous Improvement Produce clear, technically accurate documentation covering incidents, root cause analysis, and corrective actions. Support governance, customer assurance, and audit requirements. Contribute to post-incident reviews and lessons learned. Identify recurring issues and recommend long-term improvements. Ensure incidents and vulnerabilities are correctly logged and tracked within ITSM systems. Collaboration & Escalation Work closely with Incident Managers, Security specialists, and Level 3 Infrastructure and Network teams. Act as a senior escalation point for Level 1 and Level 2 teams. Engage third-party suppliers to progress investigation and remediation. Participate in out-of-hours response as required. Knowledge, Skills & Experience - Essential Proven experience in a Level 3 or Senior Security Analyst or Incident Response role. Hands-on experience investigating and resolving incidents across endpoints, identity platforms, networks, and cloud services. Strong understanding of malware and ransomware response, identity compromise, and vulnerability remediation. Experience working within formal Security Incident and Major Incident processes. Strong written documentation and stakeholder communication skills. Knowledge, Skills & Experience - Desirable Experience supporting multi-site or operationally sensitive environments. Familiarity with Defender, SIEM, EDR, and vulnerability management tools. Understanding of regulated or PCI-adjacent environments. Relevant security certifications or equivalent experience. Behavioural Competencies Takes ownership from detection through to resolution. Investigates thoroughly and challenges incomplete fixes. Calm, methodical, and decisive during live incidents. Understands operational and business impact. Professional and confident when engaging customers and suppliers. Decision Making & Authority Makes technical decisions relating to investigation, containment, and remediation of security incidents. Escalates risk and decision points appropriately to Incident Management and Service Delivery leadership. Key Interfaces Incident Management Security Operations Infrastructure and Network Services Third-party suppliers Customer stakeholders via structured incident communications
Senior Technical AnalystApplylocations: Warwicktime type: Full timeposted on: Posted Yesterdayjob requisition id: JR115360 Salary: Competitive Salary + Excellent Benefits Senior Technical Analyst - Technology - Warwick or Ripon (Hybrid Working) So, who are we? We are Wolseley, a leading specialist trade merchant across the UK and Ireland. We pride ourselves in putting our people and customers at the heart of everything we do - and best of all, provide opportunities to develop skills and build careers through our award-winning Wolseley Talent Guild. Also, did we mention? In addition to the competitive salary, there are also benefits on tap - including 10% allowance for being on call, 24 days annual leave (increasing with length of service), a generous pension scheme (matched up to 9%), enhanced maternity & paternity cover, potential to earn bonuses, and access to a great range of online and high street discounts. We also promote positive health and wellbeing by offering free access to healthcare, our popular YuLife app, our Cycle to Work scheme and more! As a Senior Technical Analyst based in Warwick or Ripon, you'll be responsible for: Leading the design, deployment and management of our endpoint and device estate, ensuring secure, consistent and high quality experiences across Windows, iOS, Android and macOS. Owning application packaging and deployment processes, making sure software is delivered reliably and efficiently across the business. Supporting and enhancing our Intune and SCCM environments, helping to modernise how we manage devices and move workloads to cloud first solutions. Acting as a senior escalation point for complex endpoint issues, maintaining strong documentation, and driving continuous improvement across our Digital Workplace services.This is a full-time, permanent role working 40 hours a week. And here's what we'd like you to have: Solid experience managing modern endpoints at scale - particularly Intune, SCCM and Windows - with the confidence to take ownership of complex technical areas. Strong software packaging and automation skills (Win32/MSI/MSIX, PowerShell), paired with a logical, analytical approach to problem solving. A clear, engaging communicator who can work effectively with technical and non technical colleagues, building trust and explaining complex topics simply. Detail driven, security minded and highly organised, with a proactive mindset and a passion for improving the modern workplace experience. Someone who collaborates well, stays curious, and brings energy, initiative and accountability to continuous improvement. We look forward to receiving your application!
11/05/2026
Full time
Senior Technical AnalystApplylocations: Warwicktime type: Full timeposted on: Posted Yesterdayjob requisition id: JR115360 Salary: Competitive Salary + Excellent Benefits Senior Technical Analyst - Technology - Warwick or Ripon (Hybrid Working) So, who are we? We are Wolseley, a leading specialist trade merchant across the UK and Ireland. We pride ourselves in putting our people and customers at the heart of everything we do - and best of all, provide opportunities to develop skills and build careers through our award-winning Wolseley Talent Guild. Also, did we mention? In addition to the competitive salary, there are also benefits on tap - including 10% allowance for being on call, 24 days annual leave (increasing with length of service), a generous pension scheme (matched up to 9%), enhanced maternity & paternity cover, potential to earn bonuses, and access to a great range of online and high street discounts. We also promote positive health and wellbeing by offering free access to healthcare, our popular YuLife app, our Cycle to Work scheme and more! As a Senior Technical Analyst based in Warwick or Ripon, you'll be responsible for: Leading the design, deployment and management of our endpoint and device estate, ensuring secure, consistent and high quality experiences across Windows, iOS, Android and macOS. Owning application packaging and deployment processes, making sure software is delivered reliably and efficiently across the business. Supporting and enhancing our Intune and SCCM environments, helping to modernise how we manage devices and move workloads to cloud first solutions. Acting as a senior escalation point for complex endpoint issues, maintaining strong documentation, and driving continuous improvement across our Digital Workplace services.This is a full-time, permanent role working 40 hours a week. And here's what we'd like you to have: Solid experience managing modern endpoints at scale - particularly Intune, SCCM and Windows - with the confidence to take ownership of complex technical areas. Strong software packaging and automation skills (Win32/MSI/MSIX, PowerShell), paired with a logical, analytical approach to problem solving. A clear, engaging communicator who can work effectively with technical and non technical colleagues, building trust and explaining complex topics simply. Detail driven, security minded and highly organised, with a proactive mindset and a passion for improving the modern workplace experience. Someone who collaborates well, stays curious, and brings energy, initiative and accountability to continuous improvement. We look forward to receiving your application!
Senior Technical AnalystApplylocations: Warwicktime type: Full timeposted on: Posted Yesterdayjob requisition id: JR115360 Salary: Competitive Salary + Excellent Benefits Senior Technical Analyst - Technology - Warwick or Ripon (Hybrid Working) So, who are we? We are Wolseley, a leading specialist trade merchant across the UK and Ireland. We pride ourselves in putting our people and customers at the heart of everything we do - and best of all, provide opportunities to develop skills and build careers through our award-winning Wolseley Talent Guild. Also, did we mention? In addition to the competitive salary, there are also benefits on tap - including 10% allowance for being on call, 24 days annual leave (increasing with length of service), a generous pension scheme (matched up to 9%), enhanced maternity & paternity cover, potential to earn bonuses, and access to a great range of online and high street discounts. We also promote positive health and wellbeing by offering free access to healthcare, our popular YuLife app, our Cycle to Work scheme and more! As a Senior Technical Analyst based in Warwick or Ripon, you'll be responsible for: Leading the design, deployment and management of our endpoint and device estate, ensuring secure, consistent and high quality experiences across Windows, iOS, Android and macOS. Owning application packaging and deployment processes, making sure software is delivered reliably and efficiently across the business. Supporting and enhancing our Intune and SCCM environments, helping to modernise how we manage devices and move workloads to cloud first solutions. Acting as a senior escalation point for complex endpoint issues, maintaining strong documentation, and driving continuous improvement across our Digital Workplace services.This is a full-time, permanent role working 40 hours a week. And here's what we'd like you to have: Solid experience managing modern endpoints at scale - particularly Intune, SCCM and Windows - with the confidence to take ownership of complex technical areas. Strong software packaging and automation skills (Win32/MSI/MSIX, PowerShell), paired with a logical, analytical approach to problem solving. A clear, engaging communicator who can work effectively with technical and non technical colleagues, building trust and explaining complex topics simply. Detail driven, security minded and highly organised, with a proactive mindset and a passion for improving the modern workplace experience. Someone who collaborates well, stays curious, and brings energy, initiative and accountability to continuous improvement. We look forward to receiving your application!
11/05/2026
Full time
Senior Technical AnalystApplylocations: Warwicktime type: Full timeposted on: Posted Yesterdayjob requisition id: JR115360 Salary: Competitive Salary + Excellent Benefits Senior Technical Analyst - Technology - Warwick or Ripon (Hybrid Working) So, who are we? We are Wolseley, a leading specialist trade merchant across the UK and Ireland. We pride ourselves in putting our people and customers at the heart of everything we do - and best of all, provide opportunities to develop skills and build careers through our award-winning Wolseley Talent Guild. Also, did we mention? In addition to the competitive salary, there are also benefits on tap - including 10% allowance for being on call, 24 days annual leave (increasing with length of service), a generous pension scheme (matched up to 9%), enhanced maternity & paternity cover, potential to earn bonuses, and access to a great range of online and high street discounts. We also promote positive health and wellbeing by offering free access to healthcare, our popular YuLife app, our Cycle to Work scheme and more! As a Senior Technical Analyst based in Warwick or Ripon, you'll be responsible for: Leading the design, deployment and management of our endpoint and device estate, ensuring secure, consistent and high quality experiences across Windows, iOS, Android and macOS. Owning application packaging and deployment processes, making sure software is delivered reliably and efficiently across the business. Supporting and enhancing our Intune and SCCM environments, helping to modernise how we manage devices and move workloads to cloud first solutions. Acting as a senior escalation point for complex endpoint issues, maintaining strong documentation, and driving continuous improvement across our Digital Workplace services.This is a full-time, permanent role working 40 hours a week. And here's what we'd like you to have: Solid experience managing modern endpoints at scale - particularly Intune, SCCM and Windows - with the confidence to take ownership of complex technical areas. Strong software packaging and automation skills (Win32/MSI/MSIX, PowerShell), paired with a logical, analytical approach to problem solving. A clear, engaging communicator who can work effectively with technical and non technical colleagues, building trust and explaining complex topics simply. Detail driven, security minded and highly organised, with a proactive mindset and a passion for improving the modern workplace experience. Someone who collaborates well, stays curious, and brings energy, initiative and accountability to continuous improvement. We look forward to receiving your application!
Overview What we're all about. Do you ever have the urge to do things better than the last time? We do. And it's this urge that drives us every day. Our environment of discovery and innovation means we're able to create deep and valuable relationships with our clients to create real change for them and their industries. It's what got us here - and it's what will make our future. At Quantexa, you'll experience autonomy and support in equal measures allowing you to form a career that matches your ambitions. 41% of our colleagues come from an ethnic or religious minority background. We speak over 20 languages across our 50+ nationalities, creating a sense of belonging for all. We're heading in one direction, the future. We'd love you to join us. The opportunity The Cyber Security Engineer is a hands-on operational role within the Security Operations team, protecting Quantexa. The role is responsible for the day-to-day operation, optimisation, and monitoring of core security platforms, with a focus on Wiz (Cloud monitoring), Zscaler (Web Security/Tunnel 2.0) and CrowdStrike (Endpoint Detection and Response). Working closely with the wider Security Operations team, you will ensure that security alerts, findings, and detections are promptly triaged, validated, logged and effectively remediated. The role contributes directly to improving Quantexa's security posture by reducing risk, strengthening detection capability, and supporting timely response to security events. This position is well suited to a highly technical, curious and observant practitioner who enjoys working with key security tooling, values disciplined execution and can operate confidently within established processes while identifying opportunities for continuous improvement. What you'll be doing Wiz (Cloud Security Posture Management) Monitor and triage Wiz findings daily, validating alerts and determining operational impact. Perform tuning and threat hunting within Wiz and other tooling. Identify misconfigurations, excessive permissions, and exposed assets, escalating where required. Track remediation progress with engineering owners and ensure closure of high-priority issues. Zscaler (Web Security / Tunnel 2.0) Review and triage Zscaler alerts and policy violations, following documented response procedures. Investigate suspicious traffic, access attempts, and user activity to determine legitimacy and risk. Support enforcement actions by validating policy alignment and working with IT and Cloud teams to remediate issues. Monitor coverage and configuration across users and locations, identifying gaps or misconfigurations. Support policy tuning by analysing false positives and recommending rule or policy adjustments. Contribute to playbook development, operational maturity, and ongoing service readiness. CrowdStrike (Endpoint Detection and Response) Review and triage endpoint detections, applying documented response steps. Execute containment actions, including network isolation and sensor troubleshooting. Validate full sensor coverage across the estate and address gaps in coordination with IT. Support tuning activities by analysing false positives and proposing rule refinements. Contribute to playbook improvements and operational readiness tasks. Security Operations Conduct initial investigation of security incidents, collect evidence, and escalate based on severity with a keen eye on the quality of the output. Perform daily review of alerts across SIEM, Wiz, CrowdStrike, and other platforms. Validate vulnerabilities and configuration weaknesses raised by scanning tools. Interpret and operationalise threat intelligence, understand how it informs detection, prioritisation, and response activities, and clearly communicate technical threat intelligence to non-technical stakeholders. Support cloud security controls, identity hygiene checks, and network policy reviews. Contribute to the ongoing maturity and documentation of operational processes. Collaboration and Ways of Working Act as a trusted operational partner to the Cyber Security Manager and the wider Information Security team, providing proactive support and consistent engagement. Partner closely with DevOps, IT, and Engineering teams to drive timely and effective remediation actions. Deliver clear and concise updates on incidents and operational activities proactively, without the need for prompting. Actively participate in team stand ups, contributing constructively to continuous improvement and operational maturity. Support senior engineers with platform enhancements, integrations, and controlled change activities. What you'll bring Required Demonstrated hands-on experience with security operations, incident triage, or vulnerability management. Familiarity with EDR platforms (ideally CrowdStrike) and security telemetry analysis. Knowledge of cloud environments, particularly Azure including Entra and Conditional Access, and a good understanding of cloud security concepts. Ability to understand alert context, assess impact, and follow structured response processes. Strong attention to detail, disciplined documentation, and good communication skills. Mandatory Proficiency in the Following Platforms Practical experience with core security platforms, including Wiz for cloud posture and workload visibility, CrowdStrike for endpoint detection and response, and Zscaler for secure access and traffic inspection. Familiarity with insider risk and secret detection tooling, such as CyberHaven and GitGuardian, with the ability to support basic investigations and configuration checks. Working knowledge of CI/CD pipelines and DevOps tooling, including the ability to follow established security checks within delivery workflows. Exposure to native cloud security services (e.g. Azure Security Center, Google Cloud Command Center) for posture review, alert triage, and configuration validation. Education & Certifications Minimum of 8 years of professional experience in cybersecurity Master's degree in information security, Computer Science, or related discipline. Preferred Industry Certifications (Evidence required): GIAC certifications such as GCIA, GCED, GCIH, GDAT, GDSA or GMON, Microsoft Certified Identity and Access Administrator Associate (SC-300), Microsoft Certified Security Operations Analyst Associate (SC-200) Expectations and Mindset Proactiveness: Take initiative, seek out information, do not sit back and wait, drive your own knowledge alongside that of other guidance provided by the team, and always ask questions. Communication: Keep stakeholders informed, ask questions, and ensure clarity in all interactions. Forward thinking: Anticipate challenges and issues, think strategically, and look for opportunities for improvement. Team Communication: Follow up with the team and make sure you are seen and known, be heard and build strong relationships and establish your presence. Perks and our culture Our mission, perks, and quirks. We offer a range of benefits to support your work and well-being, including competitive salary, bonus, hybrid work options, private healthcare, generous leave, and more. Our mission We have one mission: to help businesses grow, to make data easier, and to make the world a better place. We're not a start-up, but we are a collection of bright, passionate minds harnessing complexities and helping our clients and their communities. One culture, made of many. Heading in one direction - the future. It's all about you We are an Equal Opportunity Employer. We value inclusion and diversity in our work environment. Regardless of race, beliefs, color, national origin, gender, sexual orientation, age, marital status, neurodiversity or ableness - if you are passionate, curious and caring, we want to hear from you. Start. Don't stop - Apply
09/05/2026
Full time
Overview What we're all about. Do you ever have the urge to do things better than the last time? We do. And it's this urge that drives us every day. Our environment of discovery and innovation means we're able to create deep and valuable relationships with our clients to create real change for them and their industries. It's what got us here - and it's what will make our future. At Quantexa, you'll experience autonomy and support in equal measures allowing you to form a career that matches your ambitions. 41% of our colleagues come from an ethnic or religious minority background. We speak over 20 languages across our 50+ nationalities, creating a sense of belonging for all. We're heading in one direction, the future. We'd love you to join us. The opportunity The Cyber Security Engineer is a hands-on operational role within the Security Operations team, protecting Quantexa. The role is responsible for the day-to-day operation, optimisation, and monitoring of core security platforms, with a focus on Wiz (Cloud monitoring), Zscaler (Web Security/Tunnel 2.0) and CrowdStrike (Endpoint Detection and Response). Working closely with the wider Security Operations team, you will ensure that security alerts, findings, and detections are promptly triaged, validated, logged and effectively remediated. The role contributes directly to improving Quantexa's security posture by reducing risk, strengthening detection capability, and supporting timely response to security events. This position is well suited to a highly technical, curious and observant practitioner who enjoys working with key security tooling, values disciplined execution and can operate confidently within established processes while identifying opportunities for continuous improvement. What you'll be doing Wiz (Cloud Security Posture Management) Monitor and triage Wiz findings daily, validating alerts and determining operational impact. Perform tuning and threat hunting within Wiz and other tooling. Identify misconfigurations, excessive permissions, and exposed assets, escalating where required. Track remediation progress with engineering owners and ensure closure of high-priority issues. Zscaler (Web Security / Tunnel 2.0) Review and triage Zscaler alerts and policy violations, following documented response procedures. Investigate suspicious traffic, access attempts, and user activity to determine legitimacy and risk. Support enforcement actions by validating policy alignment and working with IT and Cloud teams to remediate issues. Monitor coverage and configuration across users and locations, identifying gaps or misconfigurations. Support policy tuning by analysing false positives and recommending rule or policy adjustments. Contribute to playbook development, operational maturity, and ongoing service readiness. CrowdStrike (Endpoint Detection and Response) Review and triage endpoint detections, applying documented response steps. Execute containment actions, including network isolation and sensor troubleshooting. Validate full sensor coverage across the estate and address gaps in coordination with IT. Support tuning activities by analysing false positives and proposing rule refinements. Contribute to playbook improvements and operational readiness tasks. Security Operations Conduct initial investigation of security incidents, collect evidence, and escalate based on severity with a keen eye on the quality of the output. Perform daily review of alerts across SIEM, Wiz, CrowdStrike, and other platforms. Validate vulnerabilities and configuration weaknesses raised by scanning tools. Interpret and operationalise threat intelligence, understand how it informs detection, prioritisation, and response activities, and clearly communicate technical threat intelligence to non-technical stakeholders. Support cloud security controls, identity hygiene checks, and network policy reviews. Contribute to the ongoing maturity and documentation of operational processes. Collaboration and Ways of Working Act as a trusted operational partner to the Cyber Security Manager and the wider Information Security team, providing proactive support and consistent engagement. Partner closely with DevOps, IT, and Engineering teams to drive timely and effective remediation actions. Deliver clear and concise updates on incidents and operational activities proactively, without the need for prompting. Actively participate in team stand ups, contributing constructively to continuous improvement and operational maturity. Support senior engineers with platform enhancements, integrations, and controlled change activities. What you'll bring Required Demonstrated hands-on experience with security operations, incident triage, or vulnerability management. Familiarity with EDR platforms (ideally CrowdStrike) and security telemetry analysis. Knowledge of cloud environments, particularly Azure including Entra and Conditional Access, and a good understanding of cloud security concepts. Ability to understand alert context, assess impact, and follow structured response processes. Strong attention to detail, disciplined documentation, and good communication skills. Mandatory Proficiency in the Following Platforms Practical experience with core security platforms, including Wiz for cloud posture and workload visibility, CrowdStrike for endpoint detection and response, and Zscaler for secure access and traffic inspection. Familiarity with insider risk and secret detection tooling, such as CyberHaven and GitGuardian, with the ability to support basic investigations and configuration checks. Working knowledge of CI/CD pipelines and DevOps tooling, including the ability to follow established security checks within delivery workflows. Exposure to native cloud security services (e.g. Azure Security Center, Google Cloud Command Center) for posture review, alert triage, and configuration validation. Education & Certifications Minimum of 8 years of professional experience in cybersecurity Master's degree in information security, Computer Science, or related discipline. Preferred Industry Certifications (Evidence required): GIAC certifications such as GCIA, GCED, GCIH, GDAT, GDSA or GMON, Microsoft Certified Identity and Access Administrator Associate (SC-300), Microsoft Certified Security Operations Analyst Associate (SC-200) Expectations and Mindset Proactiveness: Take initiative, seek out information, do not sit back and wait, drive your own knowledge alongside that of other guidance provided by the team, and always ask questions. Communication: Keep stakeholders informed, ask questions, and ensure clarity in all interactions. Forward thinking: Anticipate challenges and issues, think strategically, and look for opportunities for improvement. Team Communication: Follow up with the team and make sure you are seen and known, be heard and build strong relationships and establish your presence. Perks and our culture Our mission, perks, and quirks. We offer a range of benefits to support your work and well-being, including competitive salary, bonus, hybrid work options, private healthcare, generous leave, and more. Our mission We have one mission: to help businesses grow, to make data easier, and to make the world a better place. We're not a start-up, but we are a collection of bright, passionate minds harnessing complexities and helping our clients and their communities. One culture, made of many. Heading in one direction - the future. It's all about you We are an Equal Opportunity Employer. We value inclusion and diversity in our work environment. Regardless of race, beliefs, color, national origin, gender, sexual orientation, age, marital status, neurodiversity or ableness - if you are passionate, curious and caring, we want to hear from you. Start. Don't stop - Apply
SOC Lead 6 months Bath - hybrid x3 days onsite x2 remote Active SC/DV clearance required 700 per day outside IR35 The SOC Lead - Threat Hunting & Investigations is responsible for leading advanced threat detection, proactive threat hunting, and complex security investigations across the enterprise. This role focuses on identifying unknown threats, coordinating deep-dive investigations, and elevating the maturity of SOC investigative and hunting capabilities. The role combines technical leadership, hands-on expertise, and mentorship of analysts. Key Responsibilities Threat Hunting Lead proactive, hypothesis-driven threat hunting activities across endpoint, network, cloud, identity, and SaaS environments Develop and maintain threat hunting playbooks aligned to MITRE ATT&CK techniques Identify stealthy, low-and-slow, and novel attack patterns not detected by automated controls Translate threat intelligence into actionable hunt hypotheses Continuously refine detection logic based on hunt outcomes and emerging threats Investigations & Incident Response Lead complex and high-severity security investigations from triage through containment and remediation Act as the technical escalation point for advanced SOC investigations Conduct root cause analysis and attacker kill-chain reconstruction Produce clear, defensible investigation documentation suitable for executive, legal, and regulatory audiences Coordinate incident response activities with IR, IT, Legal, Risk, and external partners as required SOC Technical Leadership Define investigation standards, workflows, and quality benchmarks Mentor and upskill SOC analysts in hunting methodologies and investigative techniques Review and improve alert fidelity, detection coverage, and response effectiveness Provide technical oversight for tooling such as SIEM, EDR/XDR, NDR, SOAR, and cloud-native security platforms Detection Engineering & Improvement Collaborate with detection engineers to convert hunt findings into new or improved detections Identify visibility gaps and recommend logging, telemetry, and tooling improvements Validate detection performance through purple team activities and simulation Threat Intelligence & Collaboration Consume and operationalise internal and external threat intelligence Maintain awareness of attacker tactics, tools, and campaigns relevant to the organisation Act as a key interface between SOC, Threat Intel, Red Team, and Vulnerability Management Reporting & Metrics Track and report on hunt coverage, outcomes, dwell time, MTTR, and investigation quality Provide regular insights to senior leadership on threat trends and risk posture Required Skills & Experience Technical Experience 7+ years in Security Operations, Threat Hunting, or Incident Response Proven experience leading investigations involving advanced persistent threats, insider threats, or targeted attacks Strong hands-on expertise with: SIEM platforms (e.g. Sentinel, Splunk, Elastic) EDR/XDR solutions (e.g. Defender, CrowdStrike, SentinelOne) Network and cloud security telemetry Strong understanding of: MITRE ATT&CK Windows, Linux, and cloud attack techniques Malware behaviours, credential abuse, lateral movement, and persistence mechanisms Leadership & Soft Skills Demonstrated ability to lead and mentor technical teams Strong investigative mindset with attention to detail Excellent written and verbal communication skills Ability to translate technical findings into business and risk context Desirable Skills Experience with detection engineering or SOAR automation Purple team or red team collaboration experience Forensic analysis experience (memory, disk, network) Exposure to regulatory environments (e.g. ISO 27001, NIST, GDPR) Apply now to be part of this impactful opportunity!
01/05/2026
Contractor
SOC Lead 6 months Bath - hybrid x3 days onsite x2 remote Active SC/DV clearance required 700 per day outside IR35 The SOC Lead - Threat Hunting & Investigations is responsible for leading advanced threat detection, proactive threat hunting, and complex security investigations across the enterprise. This role focuses on identifying unknown threats, coordinating deep-dive investigations, and elevating the maturity of SOC investigative and hunting capabilities. The role combines technical leadership, hands-on expertise, and mentorship of analysts. Key Responsibilities Threat Hunting Lead proactive, hypothesis-driven threat hunting activities across endpoint, network, cloud, identity, and SaaS environments Develop and maintain threat hunting playbooks aligned to MITRE ATT&CK techniques Identify stealthy, low-and-slow, and novel attack patterns not detected by automated controls Translate threat intelligence into actionable hunt hypotheses Continuously refine detection logic based on hunt outcomes and emerging threats Investigations & Incident Response Lead complex and high-severity security investigations from triage through containment and remediation Act as the technical escalation point for advanced SOC investigations Conduct root cause analysis and attacker kill-chain reconstruction Produce clear, defensible investigation documentation suitable for executive, legal, and regulatory audiences Coordinate incident response activities with IR, IT, Legal, Risk, and external partners as required SOC Technical Leadership Define investigation standards, workflows, and quality benchmarks Mentor and upskill SOC analysts in hunting methodologies and investigative techniques Review and improve alert fidelity, detection coverage, and response effectiveness Provide technical oversight for tooling such as SIEM, EDR/XDR, NDR, SOAR, and cloud-native security platforms Detection Engineering & Improvement Collaborate with detection engineers to convert hunt findings into new or improved detections Identify visibility gaps and recommend logging, telemetry, and tooling improvements Validate detection performance through purple team activities and simulation Threat Intelligence & Collaboration Consume and operationalise internal and external threat intelligence Maintain awareness of attacker tactics, tools, and campaigns relevant to the organisation Act as a key interface between SOC, Threat Intel, Red Team, and Vulnerability Management Reporting & Metrics Track and report on hunt coverage, outcomes, dwell time, MTTR, and investigation quality Provide regular insights to senior leadership on threat trends and risk posture Required Skills & Experience Technical Experience 7+ years in Security Operations, Threat Hunting, or Incident Response Proven experience leading investigations involving advanced persistent threats, insider threats, or targeted attacks Strong hands-on expertise with: SIEM platforms (e.g. Sentinel, Splunk, Elastic) EDR/XDR solutions (e.g. Defender, CrowdStrike, SentinelOne) Network and cloud security telemetry Strong understanding of: MITRE ATT&CK Windows, Linux, and cloud attack techniques Malware behaviours, credential abuse, lateral movement, and persistence mechanisms Leadership & Soft Skills Demonstrated ability to lead and mentor technical teams Strong investigative mindset with attention to detail Excellent written and verbal communication skills Ability to translate technical findings into business and risk context Desirable Skills Experience with detection engineering or SOAR automation Purple team or red team collaboration experience Forensic analysis experience (memory, disk, network) Exposure to regulatory environments (e.g. ISO 27001, NIST, GDPR) Apply now to be part of this impactful opportunity!
Cyber Security Operations Manager Liverpool (Hybrid) 75,000 We're working with a growing UK business looking to hire a Cyber Security Operations Manager to take full ownership of its security operations function, ensuring the organisation is protected, resilient, and continuously improving against an increasingly complex threat landscape. This is a high-impact position where you'll lead the security operations function end-to-end, driving improvements across threat detection, incident response, and overall security posture within a complex, evolving environment. The Role You'll take ownership of security operations, ensuring the business is protected against evolving threats while continuously improving processes, tooling, and team capability. Key responsibilities include: Leading the day-to-day operations of the Security Operations function, including oversight of any outsourced SOC Managing the full incident response lifecycle (detection through to recovery and post-incident review) Overseeing threat detection, vulnerability management, and cyber defence capabilities Driving improvements across SIEM, SOAR, EDR/XDR, and security tooling Ensuring robust monitoring, alerting, and response across cloud, network, and endpoint environments Partnering with Infrastructure, Cloud, and Risk teams to strengthen security across the business Leading and developing a team of cyber engineers and analysts Driving automation initiatives to improve response times and operational efficiency Supporting governance, compliance, and audit requirements Reporting on security performance, risks, and KPIs to senior stakeholders What We're Looking For Proven experience leading a Security Operations or SOC function Strong understanding of SIEM, SOAR, EDR/XDR, IDS/IPS, and security tooling Experience managing incident response and threat management in complex environments Strong knowledge of frameworks such as NIST, ISO 27001, or CIS Controls Experience working in cloud environments (Azure, AWS, or GCP) Strong leadership and stakeholder management skills Ability to balance hands-on technical understanding with strategic oversight Why Join? Opportunity to lead and shape the security operations function High visibility role across technology and leadership teams Business actively investing in cyber security and resilience If you're looking for a role where you can lead, influence, and strengthen cyber security at scale, we'd love to hear from you. Apply today with your most up to date CV. BH36094
29/04/2026
Full time
Cyber Security Operations Manager Liverpool (Hybrid) 75,000 We're working with a growing UK business looking to hire a Cyber Security Operations Manager to take full ownership of its security operations function, ensuring the organisation is protected, resilient, and continuously improving against an increasingly complex threat landscape. This is a high-impact position where you'll lead the security operations function end-to-end, driving improvements across threat detection, incident response, and overall security posture within a complex, evolving environment. The Role You'll take ownership of security operations, ensuring the business is protected against evolving threats while continuously improving processes, tooling, and team capability. Key responsibilities include: Leading the day-to-day operations of the Security Operations function, including oversight of any outsourced SOC Managing the full incident response lifecycle (detection through to recovery and post-incident review) Overseeing threat detection, vulnerability management, and cyber defence capabilities Driving improvements across SIEM, SOAR, EDR/XDR, and security tooling Ensuring robust monitoring, alerting, and response across cloud, network, and endpoint environments Partnering with Infrastructure, Cloud, and Risk teams to strengthen security across the business Leading and developing a team of cyber engineers and analysts Driving automation initiatives to improve response times and operational efficiency Supporting governance, compliance, and audit requirements Reporting on security performance, risks, and KPIs to senior stakeholders What We're Looking For Proven experience leading a Security Operations or SOC function Strong understanding of SIEM, SOAR, EDR/XDR, IDS/IPS, and security tooling Experience managing incident response and threat management in complex environments Strong knowledge of frameworks such as NIST, ISO 27001, or CIS Controls Experience working in cloud environments (Azure, AWS, or GCP) Strong leadership and stakeholder management skills Ability to balance hands-on technical understanding with strategic oversight Why Join? Opportunity to lead and shape the security operations function High visibility role across technology and leadership teams Business actively investing in cyber security and resilience If you're looking for a role where you can lead, influence, and strengthen cyber security at scale, we'd love to hear from you. Apply today with your most up to date CV. BH36094
Principal Cyber Security Incident Response Analyst 60,000 - 70,000 Full Time / Permanent West Midlands / Hybrid (1-2 days a month in the office ideally) The Role I am looking for a driven and experienced Principal Cyber Security Incident Response Analyst to join a large nationally recognised brand head quartered in the West Midlands. As a Principal Cyber Security Incident Response Analyst, you will play a pivotal role in protecting critical systems, assets, and people from cyber security threats. You'll be part of a world-class team, working at the forefront of threat detection and response. We are ideally looking for someone Midlands based who can be on site in Warwickshire 1-2 days a month on average. Responsibilities: Provide leadership and mentorship to Analysts and Senior Analysts, fostering a culture of excellence and continuous development. Drive the evolution and enhancement of the Cyber Security Incident Response function, ensuring the team consistently meets and exceeds key performance indicators. Lead investigations and remediation efforts for cyber security incidents and alerts across diverse sources, including network, endpoint, cloud environments, and threat intelligence feeds. Perform in-depth trend analysis to identify patterns and inform improvements in organisational controls and threat detection capabilities. Develop, maintain, and continuously improve documentation and reporting frameworks to support transparency, consistency, and strategic decision-making. Experience required: Previous experience in a similar Cyber Incident Response Analyst role, preferably in a senior or lead capacity. Strong experience in security monitoring across diverse systems and environments, including cloud and on-premises. Proven leadership in incident response within SOC settings. Deep understanding of the cyber threat landscape, attack vectors, and detection techniques. Proficient in cybersecurity tools, regulations, and compliance standards. Excellent communication and stakeholder engagement skills, with the ability to convey technical insights to varied audiences. Please apply via the link or contact (url removed) for more information Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law. Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers. By applying for this role your details will be submitted to Modis International Ltd and/ or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.
04/10/2025
Full time
Principal Cyber Security Incident Response Analyst 60,000 - 70,000 Full Time / Permanent West Midlands / Hybrid (1-2 days a month in the office ideally) The Role I am looking for a driven and experienced Principal Cyber Security Incident Response Analyst to join a large nationally recognised brand head quartered in the West Midlands. As a Principal Cyber Security Incident Response Analyst, you will play a pivotal role in protecting critical systems, assets, and people from cyber security threats. You'll be part of a world-class team, working at the forefront of threat detection and response. We are ideally looking for someone Midlands based who can be on site in Warwickshire 1-2 days a month on average. Responsibilities: Provide leadership and mentorship to Analysts and Senior Analysts, fostering a culture of excellence and continuous development. Drive the evolution and enhancement of the Cyber Security Incident Response function, ensuring the team consistently meets and exceeds key performance indicators. Lead investigations and remediation efforts for cyber security incidents and alerts across diverse sources, including network, endpoint, cloud environments, and threat intelligence feeds. Perform in-depth trend analysis to identify patterns and inform improvements in organisational controls and threat detection capabilities. Develop, maintain, and continuously improve documentation and reporting frameworks to support transparency, consistency, and strategic decision-making. Experience required: Previous experience in a similar Cyber Incident Response Analyst role, preferably in a senior or lead capacity. Strong experience in security monitoring across diverse systems and environments, including cloud and on-premises. Proven leadership in incident response within SOC settings. Deep understanding of the cyber threat landscape, attack vectors, and detection techniques. Proficient in cybersecurity tools, regulations, and compliance standards. Excellent communication and stakeholder engagement skills, with the ability to convey technical insights to varied audiences. Please apply via the link or contact (url removed) for more information Modis International Ltd acts as an employment agency for permanent recruitment and an employment business for the supply of temporary workers in the UK. Modis Europe Ltd provide a variety of international solutions that connect clients to the best talent in the world. For all positions based in Switzerland, Modis Europe Ltd works with its licensed Swiss partner Accurity GmbH to ensure that candidate applications are handled in accordance with Swiss law. Both Modis International Ltd and Modis Europe Ltd are Equal Opportunities Employers. By applying for this role your details will be submitted to Modis International Ltd and/ or Modis Europe Ltd. Our Candidate Privacy Information Statement which explains how we will use your information is available on the Modis website.
Cybersecurity Vulnerability Lead - £700 per day - Inside IR35 - Remote - 6 Months initial contract. Our client, the UKs leading producer of Zero Carbon energy, is looking for a Cybersecurity Vulnerability Lead to join them on a contract basis. This is a senior role with responsibility for the organisation s vulnerability management programme across multiple business units, technologies, and regulatory environments. The organisation has made significant investment in Tenable as its core vulnerability management platform. You ll be expected to lead its strategic and day-to-day usage, ensuring vulnerabilities are accurately identified, prioritised, and remediated while driving continuous improvement in how the platform is integrated and utilised. Candidates with strong Tenable expertise, particularly those who have embedded it at scale in large or regulated environments such as financial services, will be especially attractive for this role. Security Clearance - Due to the sensitive nature of the work, candidates must be eligible for SC clearance. Candidates with active or recently lapsed SC clearance will be prioritised. Applicants without clearance must be willing and eligible to undergo vetting. The Role - As Cybersecurity Vulnerability Lead, you will: Own the end-to-end vulnerability management programme, with Tenable One at the core. Define and deliver the strategy, policies, SLAs, and operating rhythm. Lead on risk-based prioritisation using exploit intelligence, asset criticality, and business impact. Translate scan data into clear, actionable remediation plans for technical teams. Build dashboards and executive reports (ServiceNow, Power BI). Provide rapid risk assessments and emergency patch governance during incidents. Support audits and regulatory compliance (ISO27001, CE+, GDPR, NIS2, ONR). Drive automation, integrating tools and workflows to improve efficiency. Act as subject matter expert for Tenable and related tooling, ensuring platforms are fully leveraged. Mentor analysts and security champions, building maturity across the team. About You - You will bring experience leading vulnerability management at enterprise scale, ideally in financial services or similarly regulated industries. You should also have hands-on knowledge of the following: Core Vulnerability Management - Tenable One (Exposure Management, Attack Surface Management, Attack Paths, Identity) AWS Inspector Agent-based and network-based scanning Cloud integrations (AWS, Azure, GCP) Dashboards and risk-based prioritisation Patch & Endpoint Management - Microsoft Intune / SCCM / WSUS Jamf Workflow & ITSM Integration - ServiceNow (dashboards, SOAR) Jira Cloud & Application Security - AWS Security Hub Azure Defender for Cloud Veracode Threat Intelligence & Exploit Context - Tenable Threat Intelligence Exploit DB Metasploit SIEM, SOAR & Monitoring - Microsoft Sentinel SOAR platforms (ServiceNow SOAR) Automation & Scripting - Python, PowerShell, Bash, Ansible Reporting & Metrics - Power BI ServiceNow dashboards Excel (advanced analysis) Frameworks & Standards - NIST CSF, ISO 27001, OWASP, CE / CE+, GDPR, NIS2, ONR Security Domains / Capabilities - Identity and Access Management (IAM) Network Security Data Protection Cloud Security Controls Application Security Security Monitoring Processes & Practices - Vulnerability Management Programmes Incident Response and Threat Assessment Emergency Patch Governance Risk-based Prioritisation (CVEs, exploit intelligence, asset criticality, business impact) Audit Support (internal assurance, penetration test follow-ups, external audits) Exception and exemption management Automation of manual tasks Dashboarding for risk and SLA metrics What's on Offer - A leadership role with significant influence across a major UK organisation. Opportunity to work with a forward-thinking Cyber Services function pushing boundaries in vulnerability management.
04/10/2025
Contractor
Cybersecurity Vulnerability Lead - £700 per day - Inside IR35 - Remote - 6 Months initial contract. Our client, the UKs leading producer of Zero Carbon energy, is looking for a Cybersecurity Vulnerability Lead to join them on a contract basis. This is a senior role with responsibility for the organisation s vulnerability management programme across multiple business units, technologies, and regulatory environments. The organisation has made significant investment in Tenable as its core vulnerability management platform. You ll be expected to lead its strategic and day-to-day usage, ensuring vulnerabilities are accurately identified, prioritised, and remediated while driving continuous improvement in how the platform is integrated and utilised. Candidates with strong Tenable expertise, particularly those who have embedded it at scale in large or regulated environments such as financial services, will be especially attractive for this role. Security Clearance - Due to the sensitive nature of the work, candidates must be eligible for SC clearance. Candidates with active or recently lapsed SC clearance will be prioritised. Applicants without clearance must be willing and eligible to undergo vetting. The Role - As Cybersecurity Vulnerability Lead, you will: Own the end-to-end vulnerability management programme, with Tenable One at the core. Define and deliver the strategy, policies, SLAs, and operating rhythm. Lead on risk-based prioritisation using exploit intelligence, asset criticality, and business impact. Translate scan data into clear, actionable remediation plans for technical teams. Build dashboards and executive reports (ServiceNow, Power BI). Provide rapid risk assessments and emergency patch governance during incidents. Support audits and regulatory compliance (ISO27001, CE+, GDPR, NIS2, ONR). Drive automation, integrating tools and workflows to improve efficiency. Act as subject matter expert for Tenable and related tooling, ensuring platforms are fully leveraged. Mentor analysts and security champions, building maturity across the team. About You - You will bring experience leading vulnerability management at enterprise scale, ideally in financial services or similarly regulated industries. You should also have hands-on knowledge of the following: Core Vulnerability Management - Tenable One (Exposure Management, Attack Surface Management, Attack Paths, Identity) AWS Inspector Agent-based and network-based scanning Cloud integrations (AWS, Azure, GCP) Dashboards and risk-based prioritisation Patch & Endpoint Management - Microsoft Intune / SCCM / WSUS Jamf Workflow & ITSM Integration - ServiceNow (dashboards, SOAR) Jira Cloud & Application Security - AWS Security Hub Azure Defender for Cloud Veracode Threat Intelligence & Exploit Context - Tenable Threat Intelligence Exploit DB Metasploit SIEM, SOAR & Monitoring - Microsoft Sentinel SOAR platforms (ServiceNow SOAR) Automation & Scripting - Python, PowerShell, Bash, Ansible Reporting & Metrics - Power BI ServiceNow dashboards Excel (advanced analysis) Frameworks & Standards - NIST CSF, ISO 27001, OWASP, CE / CE+, GDPR, NIS2, ONR Security Domains / Capabilities - Identity and Access Management (IAM) Network Security Data Protection Cloud Security Controls Application Security Security Monitoring Processes & Practices - Vulnerability Management Programmes Incident Response and Threat Assessment Emergency Patch Governance Risk-based Prioritisation (CVEs, exploit intelligence, asset criticality, business impact) Audit Support (internal assurance, penetration test follow-ups, external audits) Exception and exemption management Automation of manual tasks Dashboarding for risk and SLA metrics What's on Offer - A leadership role with significant influence across a major UK organisation. Opportunity to work with a forward-thinking Cyber Services function pushing boundaries in vulnerability management.
*Senior Cyber Security Analyst - £600-800pd (experience dependent) INSIDE IR35 - 3 month initial contract - London (3 days per week onsite)* Please note: Due to the nature of the role, we are ideally looking for candidates to hold an active SC clearance. We are looking for a SC Cleared Senior Cyber Security Analyst with SPLUNK experience to join our central government client on an initial 3-month contract. You must have experience investigating and responding to cyber incidents, co-ordinating incident response in a large organisation. We have both a Senior and mid-level role available. Main responsibilities: As a senior security analyst with responsibility for incident response, you will: Lead the investigation of security alerts to understand the nature and extent of possible cyber incidents Lead the forensic analysis of systems, files, network traffic and cloud environment Lead the technical response to cyber incidents by identifying and implementing (or coordinating the implementation of) containment, eradication and recovery actions Support the wider coordination of cyber incidents Review previous incidents to identify lessons and actions Identify and deliver opportunities for continual improvement of the incident response capability Work closely alongside other Cyber Defence functions, supporting the continual improvement of wider capabilities Develop and update internal plans, playbooks and knowledge base articles Act as an escalation point for, and provide coaching and mentoring to, security analysts Be responsible for leadership and line management of security analysts Cyber incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join. Essential skills and experience: SPLUNK EDR (Endpoint Detection and Response) Significant experience investigating and responding to cyber incidents Significant experience using security tools (eg, EDR, SIEM) to support the investigation and response to cyber incidents Experience managing and coordinating the response to cyber incidents Experience coaching and mentoring junior staff An in-depth understanding of the tools, techniques and procedures used by threat actors Damia Group Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept our Data Protection Policy which can be found on our website. Please note that no terminology in this advert is intended to discriminate on the grounds of a person's gender, marital status, race, religion, colour, age, disability or sexual orientation. Every candidate will be assessed only in accordance with their merits, qualifications and ability to perform the duties of the job. Damia Group is acting as an Employment Business in relation to this vacancy and in accordance to Conduct Regulations 2003.
03/10/2025
Contractor
*Senior Cyber Security Analyst - £600-800pd (experience dependent) INSIDE IR35 - 3 month initial contract - London (3 days per week onsite)* Please note: Due to the nature of the role, we are ideally looking for candidates to hold an active SC clearance. We are looking for a SC Cleared Senior Cyber Security Analyst with SPLUNK experience to join our central government client on an initial 3-month contract. You must have experience investigating and responding to cyber incidents, co-ordinating incident response in a large organisation. We have both a Senior and mid-level role available. Main responsibilities: As a senior security analyst with responsibility for incident response, you will: Lead the investigation of security alerts to understand the nature and extent of possible cyber incidents Lead the forensic analysis of systems, files, network traffic and cloud environment Lead the technical response to cyber incidents by identifying and implementing (or coordinating the implementation of) containment, eradication and recovery actions Support the wider coordination of cyber incidents Review previous incidents to identify lessons and actions Identify and deliver opportunities for continual improvement of the incident response capability Work closely alongside other Cyber Defence functions, supporting the continual improvement of wider capabilities Develop and update internal plans, playbooks and knowledge base articles Act as an escalation point for, and provide coaching and mentoring to, security analysts Be responsible for leadership and line management of security analysts Cyber incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join. Essential skills and experience: SPLUNK EDR (Endpoint Detection and Response) Significant experience investigating and responding to cyber incidents Significant experience using security tools (eg, EDR, SIEM) to support the investigation and response to cyber incidents Experience managing and coordinating the response to cyber incidents Experience coaching and mentoring junior staff An in-depth understanding of the tools, techniques and procedures used by threat actors Damia Group Limited acts as an employment agency for permanent recruitment and employment business for the supply of temporary workers. By applying for this job you accept our Data Protection Policy which can be found on our website. Please note that no terminology in this advert is intended to discriminate on the grounds of a person's gender, marital status, race, religion, colour, age, disability or sexual orientation. Every candidate will be assessed only in accordance with their merits, qualifications and ability to perform the duties of the job. Damia Group is acting as an Employment Business in relation to this vacancy and in accordance to Conduct Regulations 2003.
