Job Description
Monitor security event identification via the third-party security operations service. Triage, analyse, and investigate incidents to validate potential threats, anomalies, or policy violations. Coordinate incident response activities including containment, evidence collection, documentation, and recovery support. Contribute to threat hunting activities using KQL queries and intelligence-led techniques. Maintain accurate incident records, ensuring actions and outcomes are logged to a high standard. Facilitate security testing and awareness through threat simulations. Support the triage and processing of data subject rights (DSR) requests, including subject access requests (SARs). Conduct data discovery and collection across systems, ensuring completeness and accuracy. Support DPIA processes through data mapping, evidence gathering, and risk assessment input. Help maintain and tune Microsoft Defender, Sentinel, and Purview policies, analytics rules, alerts, and workflows. Support the development, testing, and maintenance of automated playbooks and response actions (e.g., Logic Apps). Verifying compliance with expected practice in the operation of technology services, including security baseline and access right reviews. Support vulnerability management by tracking remediation, validating fixes, and assisting with reporting. Gather and analyse data to help identify trends, gaps, and areas for control improvement. Assist with periodic control reviews, audits, and compliance checks as required. Prepare operational reports, dashboards, and metrics for the Team Lead and wider stakeholders. Develop and maintain playbooks, runbooks, and procedural documentation. Contribute to continuous improvement activities, including identifying opportunities to streamline operations. Ensure all actions adhere to internal policies, regulatory requirements, and industry best practice. 3+ years' experience working in a security operations, IT security, privacy operations, or related technical role. Familiarity with: + Microsoft Defender XDR + Microsoft Sentinel (SIEM/SOAR) + Privacy Management Solutions (e.g. Purview, OneTrust) Basic understanding of key cybersecurity and privacy concepts, such as: + Threat detection and analysis + Incident response lifecycle + Vulnerability and exposure management + Data privacy principles and data subject rights Experience analysing logs, alerts, or data from security tools Strong documentation, investigation, and analytical skills. Hands on experience writing KQL queries, PowerShell, or CLI commands. Exposure to automation or playbooks (Logic Apps, Defender workflows). Knowledge of frameworks such as MITRE ATT&CK or NIST CSF. Relevant certifications such as: + SC 900, SC 200 (or working toward), AZ 900, AZ 500 + CISSP, CIPP/E, CompTIA Security Foundation level data privacy certifications (e.g., BCS Certificate in Data Protection) Strong problem solving ability and attention to detail. Curious and proactive mindset with willingness to learn. Effective communicator able to document findings clearly and concisely. Highly organised and able to manage multiple tasks with competing priorities. Collaborative team player with a commitment to continuous improvement. Monitor security event identification via the third-party security operations service. Triage, analyse, and investigate incidents to validate potential threats, anomalies, or policy violations. Coordinate incident response activities including containment, evidence collection, documentation, and recovery support. Contribute to threat hunting activities using KQL queries and intelligence-led techniques. Maintain accurate incident records, ensuring actions and outcomes are logged to a high standard. Facilitate security testing and awareness through threat simulations. Support the triage and processing of data subject rights (DSR) requests, including subject access requests (SARs). Conduct data discovery and collection across systems, ensuring completeness and accuracy. Support DPIA processes through data mapping, evidence gathering, and risk assessment input. Help maintain and tune Microsoft Defender, Sentinel, and Purview policies, analytics rules, alerts, and workflows. Support the development, testing, and maintenance of automated playbooks and response actions (e.g., Logic Apps). Verifying compliance with expected practice in the operation of technology services, including security baseline and access right reviews. Support vulnerability management by tracking remediation, validating fixes, and assisting with reporting. Gather and analyse data to help identify trends, gaps, and areas for control improvement. Assist with periodic control reviews, audits, and compliance checks as required. Prepare operational reports, dashboards, and metrics for the Team Lead and wider stakeholders. Develop and maintain playbooks, runbooks, and procedural documentation. Contribute to continuous improvement activities, including identifying opportunities to streamline operations. Ensure all actions adhere to internal policies, regulatory requirements, and industry best practice. 3+ years' experience working in a security operations, IT security, privacy operations, or related technical role. Familiarity with: + Microsoft Defender XDR + Microsoft Sentinel (SIEM/SOAR) + Privacy Management Solutions (e.g. Purview, OneTrust) Basic understanding of key cybersecurity and privacy concepts, such as: + Threat detection and analysis + Incident response lifecycle + Vulnerability and exposure management + Data privacy principles and data subject rights Experience analysing logs, alerts, or data from security tools. Strong documentation, investigation, and analytical skills. Hands on experience writing KQL queries, PowerShell, or CLI commands. Exposure to automation or playbooks (Logic Apps, Defender workflows). Knowledge of frameworks such as MITRE ATT&CK or NIST CSF. Relevant certifications such as: + SC 900, SC 200 (or working toward), AZ 900, AZ 500 + CISSP, CIPP/E, CompTIA Security Foundation level data privacy certifications (e.g., BCS Certificate in Data Protection) Strong problem solving ability and attention to detail. Curious and proactive mindset with willingness to learn. Effective communicator able to document findings clearly and concisely. Highly organised and able to manage multiple tasks with competing priorities. Collaborative team player with a commitment to continuous improvement. Ability to work with sensitive data responsibly and confidentially.