What do we do? Introducing Thinkproject Platform Pioneering a new era and offering a cohesive alternative to the fragmented landscape of construction software, Thinkproject seamlessly integrates the most extensive portfolio of mature solutions with an innovative platform, providing unparalleled features, integrations, user experiences, and synergies. By combining information management expertise and in-depth knowledge of the building, infrastructure, and energy industries, Thinkproject empowers customers to efficiently deliver, operate, regenerate, and dispose of their built assets across their entire lifecycle through a Connected Data Ecosystem. What your day will look like We are looking for a highly experienced and technically skilled Lead Security Operations Centre (SOC) Analyst to join our team and take ownership of the day to day operation and continuous improvement of our Security Operations Centre. This role combines deep technical expertise with operational leadership, people management, and project delivery responsibilities, ensuring the SOC remains effective in identifying, investigating, and responding to advanced security threats, issues, and vulnerabilities across the organisation. As the lead member of the team, you will oversee SOC operations, manage and coordinate complex security investigations, and provide technical leadership during all incidents. You will lead investigations into sophisticated threats such as advanced persistent threats (APTs), malware outbreaks, and targeted attacks, whilst performing hands on analysis of security events, forensic evidence collection, and root cause analysis. You will also drive the development and enhancement of detection capabilities across SIEM, EDR, and other monitoring technologies, while continuously improving SOC processes, procedures, workflows, automation, and playbooks to increase operational effectiveness and maturity. You will actively engage in threat hunting, leveraging your deep understanding of application code, infrastructure and hosting architectures (cloud and on premises), the software development lifecycle (SDLC), and CI/CD pipeline solutions to identify risks that span traditional and cloud native environments. You will collaborate closely with Security Engineering, IT, DevOps, and application teams to improve detection coverage, enhance monitoring capabilities, and strengthen the organisation's overall security posture. Alongside your technical responsibilities, you will provide line management for SOC analysts, including mentoring, coaching, performance management, and professional development, whilst overseeing workload prioritisation, SOC reporting, and the successful delivery of projects associated with SOC tooling, automation, compliance, and operational maturity. This role encompasses reactive incident response, proactive detection engineering, threat hunting, vulnerability management, and operational leadership. You will also contribute to strategic initiatives including penetration testing coordination, security assessments, audit preparation, threat intelligence activities, and the maintenance of SOC documentation and reporting. This role sits within the Product Operations and Corporate IT branch, reporting to the Director of Cyber Security and Networking, and operates as part of the broader Cyber Security, Network, and Security Engineering teams. Main responsibilities: Independently investigate and respond to security alerts and events from SIEM, EDR, and other security tools across endpoints, networks, cloud platforms, and applications. Lead proactive threat hunting activities, leveraging threat intelligence, application logs, and infrastructure telemetry to uncover indicators of compromise or stealthy threat activity. Perform in-depth analysis of logs, API configurations and traffic, container environments, network data, application and infrastructure architecture, as well as data center hosting environments to support threat detection, incident investigation, and root cause analysis. Manage complex cybersecurity incidents end-to-end, including containment, eradication, recovery, and post-incident analysis, while coordinating closely with cross-functional stakeholders. Deploy, operate, configure, and tune SIEM platforms and detection tools to enhance signal accuracy, reduce alert fatigue, and maintain effective detection coverage. Design, build, and maintain incident response playbooks and automation workflows to increase the efficiency, speed, and consistency of incident response processes. Simultaneously manage multiple active investigations and day-to-day SOC operations, effectively prioritising tasks and managing time under pressure. Conduct forensic analysis during investigations, including evidence preservation, malware analysis, memory examination, and root cause identification. Collaborate with DevOps, IT, and development teams to ensure timely containment, mitigation, and remediation of vulnerabilities and threats. Coordinate outputs from security assessment tools and penetration tests, ensuring clear ownership and timely closure of identified issues. Participate in and lead security testing exercises to evaluate and strengthen detection capabilities and response procedures. Drive continuous improvement of SOC operations by identifying logging gaps, proposing monitoring enhancements, and introducing new detection or response technologies. Maintain comprehensive documentation of investigations, incidents, tuning efforts, and threat intelligence to support reporting, knowledge sharing, and audit readiness. Stay current with evolving threat landscapes, adversary techniques, and emerging security tools and practices to strengthen SOC capabilities. Adapt SOC processes, solutions, and procedures to enhance the monitoring of the organization's IT network health. Ensure security operations and incident response practices are aligned with industry-recognized frameworks such as ISO 27001. Implement solutions within CI/CD pipelines to identify and block security issues reaching production environments Support the development and refinement of SOC procedures, training materials, and operational standards to enhance maturity and consistency across the team. Act as the operational lead for the SOC, overseeing day-to-day activities, workload prioritisation, incident coordination, and service delivery to ensure effective security monitoring and response capabilities. Provide line management, coaching, mentoring, and professional development support to SOC analysts, fostering a high-performing and collaborative security operations culture. What you need to fulfill the role You Must Have: Language & Communication Proficiency in spoken and written English, with the ability to communicate effectively across both technical and non-technical audiences The ability to communicate difficult or sensitive information tactfully Education & Experience: Bachelor's degree in cyber security or a related field, or equivalent professional experience Strong knowledge of cybersecurity principles, threat landscapes, and incident response procedures Awareness of current and emerging cyber threats affecting SaaS organisations Technical Skills: Hands-on experience with implementation, ongoing management and maturing of Security Information and Event Management (SIEM) tools, Endpoint Detection and Response (EDR) platforms, threat intelligence platforms, and vulnerability identification tools Experience integrating custom-built applications into SIEM platforms Experience with implementation of automation solutions, enhancing SOC efficiency and speeding incident response Familiarity with Security Orchestration, Automation, and Response (SOAR) platforms, including developing and maintaining automated response playbooks Experience with threat hunting focused on application code, application, infrastructure and hosting architecture, leveraging coding skills and a solid understanding of the software development lifecycle (SDLC) and infrastructure components Experience managing security issues identified through internal tools and external assessments, ensuring remediation is completed in line with company policies and standards Knowledge of common security frameworks and best practices Experience implementing solutions to detect and block security risks in CI/CD pipelines to prevent vulnerable code from being deployed into production SOC Operations: Experience in complex incident response and investigation, including forensic evidence handling and root cause analysis Experience managing business-as-usual (BAU) security operations workload alongside project-based work, both independently and in coordination with other team members Experience managing outputs from cybersecurity assessment tools, coordinating timely mitigation and remediation with key stakeholders. Experience coordinating outsourced penetration tests, ensuring smooth execution without service disruption Experience conducting security assessment exercises to evaluate SOC operational effectiveness and the organization's ability to respond to cybersecurity incidents Experience in tuning detection rules and alerts to improve accuracy and reduce false positives in security monitoring Technical Expertise: Experience with Azure, Azure AD, and AWS technologies and services Experience conducting forensic analysis of cybersecurity incidents Teamwork & Leadership: . click apply for full job details
18/06/2026
Full time
What do we do? Introducing Thinkproject Platform Pioneering a new era and offering a cohesive alternative to the fragmented landscape of construction software, Thinkproject seamlessly integrates the most extensive portfolio of mature solutions with an innovative platform, providing unparalleled features, integrations, user experiences, and synergies. By combining information management expertise and in-depth knowledge of the building, infrastructure, and energy industries, Thinkproject empowers customers to efficiently deliver, operate, regenerate, and dispose of their built assets across their entire lifecycle through a Connected Data Ecosystem. What your day will look like We are looking for a highly experienced and technically skilled Lead Security Operations Centre (SOC) Analyst to join our team and take ownership of the day to day operation and continuous improvement of our Security Operations Centre. This role combines deep technical expertise with operational leadership, people management, and project delivery responsibilities, ensuring the SOC remains effective in identifying, investigating, and responding to advanced security threats, issues, and vulnerabilities across the organisation. As the lead member of the team, you will oversee SOC operations, manage and coordinate complex security investigations, and provide technical leadership during all incidents. You will lead investigations into sophisticated threats such as advanced persistent threats (APTs), malware outbreaks, and targeted attacks, whilst performing hands on analysis of security events, forensic evidence collection, and root cause analysis. You will also drive the development and enhancement of detection capabilities across SIEM, EDR, and other monitoring technologies, while continuously improving SOC processes, procedures, workflows, automation, and playbooks to increase operational effectiveness and maturity. You will actively engage in threat hunting, leveraging your deep understanding of application code, infrastructure and hosting architectures (cloud and on premises), the software development lifecycle (SDLC), and CI/CD pipeline solutions to identify risks that span traditional and cloud native environments. You will collaborate closely with Security Engineering, IT, DevOps, and application teams to improve detection coverage, enhance monitoring capabilities, and strengthen the organisation's overall security posture. Alongside your technical responsibilities, you will provide line management for SOC analysts, including mentoring, coaching, performance management, and professional development, whilst overseeing workload prioritisation, SOC reporting, and the successful delivery of projects associated with SOC tooling, automation, compliance, and operational maturity. This role encompasses reactive incident response, proactive detection engineering, threat hunting, vulnerability management, and operational leadership. You will also contribute to strategic initiatives including penetration testing coordination, security assessments, audit preparation, threat intelligence activities, and the maintenance of SOC documentation and reporting. This role sits within the Product Operations and Corporate IT branch, reporting to the Director of Cyber Security and Networking, and operates as part of the broader Cyber Security, Network, and Security Engineering teams. Main responsibilities: Independently investigate and respond to security alerts and events from SIEM, EDR, and other security tools across endpoints, networks, cloud platforms, and applications. Lead proactive threat hunting activities, leveraging threat intelligence, application logs, and infrastructure telemetry to uncover indicators of compromise or stealthy threat activity. Perform in-depth analysis of logs, API configurations and traffic, container environments, network data, application and infrastructure architecture, as well as data center hosting environments to support threat detection, incident investigation, and root cause analysis. Manage complex cybersecurity incidents end-to-end, including containment, eradication, recovery, and post-incident analysis, while coordinating closely with cross-functional stakeholders. Deploy, operate, configure, and tune SIEM platforms and detection tools to enhance signal accuracy, reduce alert fatigue, and maintain effective detection coverage. Design, build, and maintain incident response playbooks and automation workflows to increase the efficiency, speed, and consistency of incident response processes. Simultaneously manage multiple active investigations and day-to-day SOC operations, effectively prioritising tasks and managing time under pressure. Conduct forensic analysis during investigations, including evidence preservation, malware analysis, memory examination, and root cause identification. Collaborate with DevOps, IT, and development teams to ensure timely containment, mitigation, and remediation of vulnerabilities and threats. Coordinate outputs from security assessment tools and penetration tests, ensuring clear ownership and timely closure of identified issues. Participate in and lead security testing exercises to evaluate and strengthen detection capabilities and response procedures. Drive continuous improvement of SOC operations by identifying logging gaps, proposing monitoring enhancements, and introducing new detection or response technologies. Maintain comprehensive documentation of investigations, incidents, tuning efforts, and threat intelligence to support reporting, knowledge sharing, and audit readiness. Stay current with evolving threat landscapes, adversary techniques, and emerging security tools and practices to strengthen SOC capabilities. Adapt SOC processes, solutions, and procedures to enhance the monitoring of the organization's IT network health. Ensure security operations and incident response practices are aligned with industry-recognized frameworks such as ISO 27001. Implement solutions within CI/CD pipelines to identify and block security issues reaching production environments Support the development and refinement of SOC procedures, training materials, and operational standards to enhance maturity and consistency across the team. Act as the operational lead for the SOC, overseeing day-to-day activities, workload prioritisation, incident coordination, and service delivery to ensure effective security monitoring and response capabilities. Provide line management, coaching, mentoring, and professional development support to SOC analysts, fostering a high-performing and collaborative security operations culture. What you need to fulfill the role You Must Have: Language & Communication Proficiency in spoken and written English, with the ability to communicate effectively across both technical and non-technical audiences The ability to communicate difficult or sensitive information tactfully Education & Experience: Bachelor's degree in cyber security or a related field, or equivalent professional experience Strong knowledge of cybersecurity principles, threat landscapes, and incident response procedures Awareness of current and emerging cyber threats affecting SaaS organisations Technical Skills: Hands-on experience with implementation, ongoing management and maturing of Security Information and Event Management (SIEM) tools, Endpoint Detection and Response (EDR) platforms, threat intelligence platforms, and vulnerability identification tools Experience integrating custom-built applications into SIEM platforms Experience with implementation of automation solutions, enhancing SOC efficiency and speeding incident response Familiarity with Security Orchestration, Automation, and Response (SOAR) platforms, including developing and maintaining automated response playbooks Experience with threat hunting focused on application code, application, infrastructure and hosting architecture, leveraging coding skills and a solid understanding of the software development lifecycle (SDLC) and infrastructure components Experience managing security issues identified through internal tools and external assessments, ensuring remediation is completed in line with company policies and standards Knowledge of common security frameworks and best practices Experience implementing solutions to detect and block security risks in CI/CD pipelines to prevent vulnerable code from being deployed into production SOC Operations: Experience in complex incident response and investigation, including forensic evidence handling and root cause analysis Experience managing business-as-usual (BAU) security operations workload alongside project-based work, both independently and in coordination with other team members Experience managing outputs from cybersecurity assessment tools, coordinating timely mitigation and remediation with key stakeholders. Experience coordinating outsourced penetration tests, ensuring smooth execution without service disruption Experience conducting security assessment exercises to evaluate SOC operational effectiveness and the organization's ability to respond to cybersecurity incidents Experience in tuning detection rules and alerts to improve accuracy and reduce false positives in security monitoring Technical Expertise: Experience with Azure, Azure AD, and AWS technologies and services Experience conducting forensic analysis of cybersecurity incidents Teamwork & Leadership: . click apply for full job details
Are you a dynamic and driven cyber security professional ready to make a real impact? Join Enfield Council at a critical point in strengthening our cyber resilience. As an Information Cyber Security Analyst, you will play a key role in protecting vital systems and services that support thousands of residents. This is an exciting opportunity for a proactive professional to take ownership, influence how security is embedded across the organisation, and be at the forefront of defending against an evolving threat landscape. About the Role Cyber security is fundamental to everything we do at Enfield Council. As an Information Cyber Security Analyst, you will play a critical and highly visible role in protecting the systems, data, and services that support residents, frontline services, and the wider community. This is far more than a monitoring role. You will be at the centre of our cyber defence capability, taking ownership of day to day operational security while contributing to wider strategic improvements across our digital estate. You will help ensure the confidentiality, integrity, and availability of key systems, working across infrastructure, applications, and cloud platforms. Operating within a fast paced and evolving threat landscape, you will be trusted to identify risks, respond decisively to incidents, and influence how security is embedded across the organisation. Why this role is important This role is business critical to maintaining safe, resilient, and compliant services. You will: Protect critical systems and sensitive data across the Council Act as a frontline defence against cyber threats, responding quickly and effectively to incidents Support and strengthen compliance with key frameworks such as ISO27001, NIST, Cyber Essentials and GDPR Contribute to both operational service delivery and strategic security initiatives across Digital Services Your work will have a direct impact on the Council's ability to deliver trusted, secure services to residents. Key Responsibilities You will operate across the full cyber security lifecycle, with responsibilities including: Threat Detection and Incident Response Monitoring, analysing, and responding to security alerts using Microsoft Sentinel and Defender, ensuring timely containment and resolution of incidents Security Operations and Tooling Configuring, managing, and optimising security solutions including SIEM, endpoint protection, firewalls, and privileged access management systems Risk, Compliance and Assurance Conducting vulnerability assessments, audits, and risk reviews, supporting adherence to security standards and data protection regulations Monitoring and Continuous Improvement Developing monitoring and alerting processes, researching new technologies, and contributing to initiatives that enhance cyber resilience Business Engagement and Advice Working closely with colleagues across Digital Services and the wider Council, providing expert guidance on security risks and best practice Leadership Support Deputising for the Senior Security Manager when required and supporting wider team development and activities About You You will be a proactive, analytical, and solution focused professional who thrives in a dynamic and challenging environment. You will bring: Proven experience in cyber security operations, incident response, and vulnerability management Strong understanding of security frameworks such as ISO27001, NIST, Cyber Essentials and GDPR Hands on experience with Microsoft security tooling (e.g. Sentinel, Defender) and cloud security (Azure/M365) The ability to identify root causes, make informed decisions, and respond effectively under pressure Excellent communication and stakeholder engagement skills, with the confidence to influence and advise You will be passionate about cyber security, committed to continuous improvement, and motivated to stay ahead of evolving threats. What Makes This a Great Opportunity A role with real purpose and impact, protecting services that directly support residents and communities Exposure to a wide range of technologies, security challenges, and strategic initiatives The opportunity to influence how cyber security is embedded across the organisation A dynamic working environment where no two days are the same The chance to develop your skills and progress within a supportive Digital Services team Additional Information Based at the Civic Centre, with a requirement to attend the office a non negotiable minimum of two days per week Participation in out of hours support and on call arrangements may be required Why it's great to work for Enfield Council An excellent pension through the Local Government Pension Scheme (LGPS). Up to 32 days annual leave depending on grade and length of service. You will also get eight public holidays per year and an extra day off at Christmas. A blend of remote and office based working for most roles. Interest free season ticket loan repayable over three or ten months. Career development and learning experiences from a range of training courses and learning methods. Employee Assistance Programme to provide advice and counselling services. This is a free and confidential service available to staff and members of their family. Health and leisure discounts and tax free bikes for work. 1 month's paid sabbatical for registered Social Workers working in Children's Social Care.
18/06/2026
Full time
Are you a dynamic and driven cyber security professional ready to make a real impact? Join Enfield Council at a critical point in strengthening our cyber resilience. As an Information Cyber Security Analyst, you will play a key role in protecting vital systems and services that support thousands of residents. This is an exciting opportunity for a proactive professional to take ownership, influence how security is embedded across the organisation, and be at the forefront of defending against an evolving threat landscape. About the Role Cyber security is fundamental to everything we do at Enfield Council. As an Information Cyber Security Analyst, you will play a critical and highly visible role in protecting the systems, data, and services that support residents, frontline services, and the wider community. This is far more than a monitoring role. You will be at the centre of our cyber defence capability, taking ownership of day to day operational security while contributing to wider strategic improvements across our digital estate. You will help ensure the confidentiality, integrity, and availability of key systems, working across infrastructure, applications, and cloud platforms. Operating within a fast paced and evolving threat landscape, you will be trusted to identify risks, respond decisively to incidents, and influence how security is embedded across the organisation. Why this role is important This role is business critical to maintaining safe, resilient, and compliant services. You will: Protect critical systems and sensitive data across the Council Act as a frontline defence against cyber threats, responding quickly and effectively to incidents Support and strengthen compliance with key frameworks such as ISO27001, NIST, Cyber Essentials and GDPR Contribute to both operational service delivery and strategic security initiatives across Digital Services Your work will have a direct impact on the Council's ability to deliver trusted, secure services to residents. Key Responsibilities You will operate across the full cyber security lifecycle, with responsibilities including: Threat Detection and Incident Response Monitoring, analysing, and responding to security alerts using Microsoft Sentinel and Defender, ensuring timely containment and resolution of incidents Security Operations and Tooling Configuring, managing, and optimising security solutions including SIEM, endpoint protection, firewalls, and privileged access management systems Risk, Compliance and Assurance Conducting vulnerability assessments, audits, and risk reviews, supporting adherence to security standards and data protection regulations Monitoring and Continuous Improvement Developing monitoring and alerting processes, researching new technologies, and contributing to initiatives that enhance cyber resilience Business Engagement and Advice Working closely with colleagues across Digital Services and the wider Council, providing expert guidance on security risks and best practice Leadership Support Deputising for the Senior Security Manager when required and supporting wider team development and activities About You You will be a proactive, analytical, and solution focused professional who thrives in a dynamic and challenging environment. You will bring: Proven experience in cyber security operations, incident response, and vulnerability management Strong understanding of security frameworks such as ISO27001, NIST, Cyber Essentials and GDPR Hands on experience with Microsoft security tooling (e.g. Sentinel, Defender) and cloud security (Azure/M365) The ability to identify root causes, make informed decisions, and respond effectively under pressure Excellent communication and stakeholder engagement skills, with the confidence to influence and advise You will be passionate about cyber security, committed to continuous improvement, and motivated to stay ahead of evolving threats. What Makes This a Great Opportunity A role with real purpose and impact, protecting services that directly support residents and communities Exposure to a wide range of technologies, security challenges, and strategic initiatives The opportunity to influence how cyber security is embedded across the organisation A dynamic working environment where no two days are the same The chance to develop your skills and progress within a supportive Digital Services team Additional Information Based at the Civic Centre, with a requirement to attend the office a non negotiable minimum of two days per week Participation in out of hours support and on call arrangements may be required Why it's great to work for Enfield Council An excellent pension through the Local Government Pension Scheme (LGPS). Up to 32 days annual leave depending on grade and length of service. You will also get eight public holidays per year and an extra day off at Christmas. A blend of remote and office based working for most roles. Interest free season ticket loan repayable over three or ten months. Career development and learning experiences from a range of training courses and learning methods. Employee Assistance Programme to provide advice and counselling services. This is a free and confidential service available to staff and members of their family. Health and leisure discounts and tax free bikes for work. 1 month's paid sabbatical for registered Social Workers working in Children's Social Care.
Cyber Security Analyst (Tier 2) Hybrid working from client site in Bradford A bit about us At Gamma, we're more than just a leader in Unified Communications as a Service (UCaaS) - we're a dynamic, forward-thinking team revolutionizing the way businesses connect and communicate. We provide voice, data, and mobile solutions to businesses across the UK, Germany, Spain, and the Benelux region, and we're expanding rapidly to bring digital automation and Gamma-powered services to SMEs through a growing network of channel partners. We move fast with a start-up mindset, but we have the stability of a leading European business. Our team thrives on collaboration, innovation, and the belief that diverse perspectives make us stronger. Join us, and you'll have the opportunity to make an impact, grow your career, and be part of a company that celebrates inclusivity and fresh ideas. What will you be doing? We are seeking a proficient and motivated Cyber Security Analyst - Tier 2 to join our dynamic Security Operations Centre (SOC) team. You will play a crucial role in monitoring and responding to cybersecurity incidents for one of large enterprise customers. Your main responsibilities will include detecting, investigating, and resolving security incidents while leveraging your advanced technical skills and security knowledge. As a Cyber Security Analyst - Tier 2, you will act as a senior analyst conducting regular threat hunting investigations. Stay updated on the latest cyber security trends, contribute to the SOC team's efficiency and support the proactive detection of new vulnerabilities disclosures. You will report to the Security Operations Manager, support our Managed Detection and Response (MDR) technologies and security incident handling. The ideal candidate will have a strong understanding of security principles, networking, threat actors, and threat vectors. Exceptional problem-solving and communication skills are a must to proactively identify areas for customer security improvements. Previous knowledge and experience managing and utilizing technologies such as Rapid 7 IDM, IVM and Cortex EDR. What will you be doing day-to-day? Analysis: Utilize SIEM and other security tools to monitor and analyze security alerts, triage incidents, and investigate breaches and vulnerabilities. Threat Hunts: Responsible for conducting proactive investigations beyond security tool alerts, identify anomalous behaviour, and derive patterns in log data to detect new Tactics, Techniques and Procedures (TTPs). Vulnerability Disclosures: Regularly document new vulnerability disclosures and communicate findings to stakeholders at all levels. Documentation: Record incidents, actions taken, and resolutions in accordance with company procedures. Customer Support: Address security and technical queries from customers and elevate issues as necessary. Training: Continuously update your knowledge on cyber security trends through ongoing training. Collaboration: Work closely with team members to enhance security protocols and improve incident response strategies. Incident Handling: Triage security alerts, elevate incidents to customers and senior management when applicable, and ensure timely resolution. Security Measures: Identify and support the management of implementing security measures, such as tuning and use case development. Communication: Collaborate with cross-functional teams, communicate security requirements to stakeholders, and ensure successful handovers to support teams. Research: Stay informed and lead internal and external customer communications about emerging threats, technologies, and regulatory changes to maintain cutting edge security practices. About you Previous experience working in a SOC leveraging SIEM and EDR technologies; including Rapid 7, Microsoft Sentinel, Cortex EDR and Defender Experience conducting deep diving investigations and compiling post analysis reports Good understanding of regulatory standards and compliance (e.g., GDPR, ISO 27001, PCI DSS) Experience with Sentinel, Rapid 7 IDR, IVM, Cortex EDR, or similar Strong understanding of network security, endpoint protection, IAM, and data protection concepts Ability to communicate complex technical concepts to both technical and non technical stakeholders effectively A good understanding of Cloud concepts, Microsoft Windows and Linux based operating systems Passionate about the industry with the drive to stay up to date with the latest industry trends and solutions Qualifications Bachelor's degree in Cyber Security, Computer Science, Information Security, or related field preferred Relevant certifications such as CompTIA CySA+, Certified Ethical Hacker (CEH), Microsoft SC 200, or similar Security Cleared or able to obtain Security Clearance What do we offer you? At Gamma, we believe in work life balance, which is why we offer 25 days of annual leave, plus an extra day off for your birthday. Giving back is important to us, so we also provide a volunteer day to support a charity that matters to you. Family matters, too. With enhanced maternity and paternity pay, we're here to support you as a parent and help you thrive in your career. We offer a contributory pension plan to help you save for the years ahead, with Gamma's contribution varying depending on yours. Your well being is our priority. We offer group income protection and life assurance (four times your salary) to ensure peace of mind for you and your loved ones. We want you to share in our success. That's why we offer tax efficient share save and share incentive plans, giving you the opportunity to benefit from Gamma's growth. We're committed to health, both physical and mental, and provide private medical insurance through Vitality, which extends to your immediate family. And, because we care about the environment, we offer an Electric Vehicle scheme through Octopus and a Cycle to Work scheme, making it easier to get around sustainably. A few things to note Unfortunately, we can't offer visa sponsorship or relocation support for this role. This role requires hybrid working from our client site in their Bradford office. If you feel you could be a good fit for Gamma but do not think that you meet all the requirements, we still encourage you to apply as you could be the person that we are looking for. Gamma is an equal opportunity employer. We care about inclusion and believe in having diverse teams where everyone can be their true authentic selves. We value each person and their range of backgrounds and actively encourage people from underrepresented backgrounds to apply. We don't discriminate based on any protected characteristics e.g., race, colour, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, marital status, disability, or age. We are a family friendly employer with a culture based on trust, autonomy, and flexibility to help you create a work life balance and enjoy working here at Gamma. For recruitment agencies - we have a network of fantastic partners that support us in our hiring from time to time. We're not looking to increase that network currently, so please don't send speculative CVs.
18/06/2026
Full time
Cyber Security Analyst (Tier 2) Hybrid working from client site in Bradford A bit about us At Gamma, we're more than just a leader in Unified Communications as a Service (UCaaS) - we're a dynamic, forward-thinking team revolutionizing the way businesses connect and communicate. We provide voice, data, and mobile solutions to businesses across the UK, Germany, Spain, and the Benelux region, and we're expanding rapidly to bring digital automation and Gamma-powered services to SMEs through a growing network of channel partners. We move fast with a start-up mindset, but we have the stability of a leading European business. Our team thrives on collaboration, innovation, and the belief that diverse perspectives make us stronger. Join us, and you'll have the opportunity to make an impact, grow your career, and be part of a company that celebrates inclusivity and fresh ideas. What will you be doing? We are seeking a proficient and motivated Cyber Security Analyst - Tier 2 to join our dynamic Security Operations Centre (SOC) team. You will play a crucial role in monitoring and responding to cybersecurity incidents for one of large enterprise customers. Your main responsibilities will include detecting, investigating, and resolving security incidents while leveraging your advanced technical skills and security knowledge. As a Cyber Security Analyst - Tier 2, you will act as a senior analyst conducting regular threat hunting investigations. Stay updated on the latest cyber security trends, contribute to the SOC team's efficiency and support the proactive detection of new vulnerabilities disclosures. You will report to the Security Operations Manager, support our Managed Detection and Response (MDR) technologies and security incident handling. The ideal candidate will have a strong understanding of security principles, networking, threat actors, and threat vectors. Exceptional problem-solving and communication skills are a must to proactively identify areas for customer security improvements. Previous knowledge and experience managing and utilizing technologies such as Rapid 7 IDM, IVM and Cortex EDR. What will you be doing day-to-day? Analysis: Utilize SIEM and other security tools to monitor and analyze security alerts, triage incidents, and investigate breaches and vulnerabilities. Threat Hunts: Responsible for conducting proactive investigations beyond security tool alerts, identify anomalous behaviour, and derive patterns in log data to detect new Tactics, Techniques and Procedures (TTPs). Vulnerability Disclosures: Regularly document new vulnerability disclosures and communicate findings to stakeholders at all levels. Documentation: Record incidents, actions taken, and resolutions in accordance with company procedures. Customer Support: Address security and technical queries from customers and elevate issues as necessary. Training: Continuously update your knowledge on cyber security trends through ongoing training. Collaboration: Work closely with team members to enhance security protocols and improve incident response strategies. Incident Handling: Triage security alerts, elevate incidents to customers and senior management when applicable, and ensure timely resolution. Security Measures: Identify and support the management of implementing security measures, such as tuning and use case development. Communication: Collaborate with cross-functional teams, communicate security requirements to stakeholders, and ensure successful handovers to support teams. Research: Stay informed and lead internal and external customer communications about emerging threats, technologies, and regulatory changes to maintain cutting edge security practices. About you Previous experience working in a SOC leveraging SIEM and EDR technologies; including Rapid 7, Microsoft Sentinel, Cortex EDR and Defender Experience conducting deep diving investigations and compiling post analysis reports Good understanding of regulatory standards and compliance (e.g., GDPR, ISO 27001, PCI DSS) Experience with Sentinel, Rapid 7 IDR, IVM, Cortex EDR, or similar Strong understanding of network security, endpoint protection, IAM, and data protection concepts Ability to communicate complex technical concepts to both technical and non technical stakeholders effectively A good understanding of Cloud concepts, Microsoft Windows and Linux based operating systems Passionate about the industry with the drive to stay up to date with the latest industry trends and solutions Qualifications Bachelor's degree in Cyber Security, Computer Science, Information Security, or related field preferred Relevant certifications such as CompTIA CySA+, Certified Ethical Hacker (CEH), Microsoft SC 200, or similar Security Cleared or able to obtain Security Clearance What do we offer you? At Gamma, we believe in work life balance, which is why we offer 25 days of annual leave, plus an extra day off for your birthday. Giving back is important to us, so we also provide a volunteer day to support a charity that matters to you. Family matters, too. With enhanced maternity and paternity pay, we're here to support you as a parent and help you thrive in your career. We offer a contributory pension plan to help you save for the years ahead, with Gamma's contribution varying depending on yours. Your well being is our priority. We offer group income protection and life assurance (four times your salary) to ensure peace of mind for you and your loved ones. We want you to share in our success. That's why we offer tax efficient share save and share incentive plans, giving you the opportunity to benefit from Gamma's growth. We're committed to health, both physical and mental, and provide private medical insurance through Vitality, which extends to your immediate family. And, because we care about the environment, we offer an Electric Vehicle scheme through Octopus and a Cycle to Work scheme, making it easier to get around sustainably. A few things to note Unfortunately, we can't offer visa sponsorship or relocation support for this role. This role requires hybrid working from our client site in their Bradford office. If you feel you could be a good fit for Gamma but do not think that you meet all the requirements, we still encourage you to apply as you could be the person that we are looking for. Gamma is an equal opportunity employer. We care about inclusion and believe in having diverse teams where everyone can be their true authentic selves. We value each person and their range of backgrounds and actively encourage people from underrepresented backgrounds to apply. We don't discriminate based on any protected characteristics e.g., race, colour, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, marital status, disability, or age. We are a family friendly employer with a culture based on trust, autonomy, and flexibility to help you create a work life balance and enjoy working here at Gamma. For recruitment agencies - we have a network of fantastic partners that support us in our hiring from time to time. We're not looking to increase that network currently, so please don't send speculative CVs.
Cyber Security Analyst (Tier 2) Hybrid working from client site in Bradford A bit about us At Gamma, we're more than just a leader in Unified Communications as a Service (UCaaS) - we're a dynamic, forward-thinking team revolutionizing the way businesses connect and communicate. We provide voice, data, and mobile solutions to businesses across the UK, Germany, Spain, and the Benelux region, and we're expanding rapidly to bring digital automation and Gamma-powered services to SMEs through a growing network of channel partners. We move fast with a start-up mindset, but we have the stability of a leading European business. Our team thrives on collaboration, innovation, and the belief that diverse perspectives make us stronger. Join us, and you'll have the opportunity to make an impact, grow your career, and be part of a company that celebrates inclusivity and fresh ideas. What will you be doing? We are seeking a proficient and motivated Cyber Security Analyst - Tier 2 to join our dynamic Security Operations Centre (SOC) team. You will play a crucial role in monitoring and responding to cybersecurity incidents for one of large enterprise customers. Your main responsibilities will include detecting, investigating, and resolving security incidents while leveraging your advanced technical skills and security knowledge. As a Cyber Security Analyst - Tier 2, you will act as a senior analyst conducting regular threat hunting investigations. Stay updated on the latest cyber security trends, contribute to the SOC team's efficiency and support the proactive detection of new vulnerabilities disclosures. You will report to the Security Operations Manager, support our Managed Detection and Response (MDR) technologies and security incident handling. The ideal candidate will have a strong understanding of security principles, networking, threat actors, and threat vectors. Exceptional problem-solving and communication skills are a must to proactively identify areas for customer security improvements. Previous knowledge and experience managing and utilizing technologies such as Rapid 7 IDM, IVM and Cortex EDR. What will you be doing day-to-day? Analysis: Utilize SIEM and other security tools to monitor and analyze security alerts, triage incidents, and investigate breaches and vulnerabilities. Threat Hunts: Responsible for conducting proactive investigations beyond security tool alerts, identify anomalous behaviour, and derive patterns in log data to detect new Tactics, Techniques and Procedures (TTPs). Vulnerability Disclosures: Regularly document new vulnerability disclosures and communicate findings to stakeholders at all levels. Documentation: Record incidents, actions taken, and resolutions in accordance with company procedures. Customer Support: Address security and technical queries from customers and elevate issues as necessary. Training: Continuously update your knowledge on cyber security trends through ongoing training. Collaboration: Work closely with team members to enhance security protocols and improve incident response strategies. Incident Handling: Triage security alerts, elevate incidents to customers and senior management when applicable, and ensure timely resolution. Security Measures: Identify and support the management of implementing security measures, such as tuning and use case development. Communication: Collaborate with cross-functional teams, communicate security requirements to stakeholders, and ensure successful handovers to support teams. Research: Stay informed and lead internal and external customer communications about emerging threats, technologies, and regulatory changes to maintain cutting edge security practices. About you Previous experience working in a SOC leveraging SIEM and EDR technologies; including Rapid 7, Microsoft Sentinel, Cortex EDR and Defender Experience conducting deep diving investigations and compiling post analysis reports Good understanding of regulatory standards and compliance (e.g., GDPR, ISO 27001, PCI DSS) Experience with Sentinel, Rapid 7 IDR, IVM, Cortex EDR, or similar Strong understanding of network security, endpoint protection, IAM, and data protection concepts Ability to communicate complex technical concepts to both technical and non technical stakeholders effectively A good understanding of Cloud concepts, Microsoft Windows and Linux based operating systems Passionate about the industry with the drive to stay up to date with the latest industry trends and solutions Qualifications Bachelor's degree in Cyber Security, Computer Science, Information Security, or related field preferred Relevant certifications such as CompTIA CySA+, Certified Ethical Hacker (CEH), Microsoft SC 200, or similar Security Cleared or able to obtain Security Clearance What do we offer you? At Gamma, we believe in work life balance, which is why we offer 25 days of annual leave, plus an extra day off for your birthday. Giving back is important to us, so we also provide a volunteer day to support a charity that matters to you. Family matters, too. With enhanced maternity and paternity pay, we're here to support you as a parent and help you thrive in your career. We offer a contributory pension plan to help you save for the years ahead, with Gamma's contribution varying depending on yours. Your well being is our priority. We offer group income protection and life assurance (four times your salary) to ensure peace of mind for you and your loved ones. We want you to share in our success. That's why we offer tax efficient share save and share incentive plans, giving you the opportunity to benefit from Gamma's growth. We're committed to health, both physical and mental, and provide private medical insurance through Vitality, which extends to your immediate family. And, because we care about the environment, we offer an Electric Vehicle scheme through Octopus and a Cycle to Work scheme, making it easier to get around sustainably. A few things to note Unfortunately, we can't offer visa sponsorship or relocation support for this role. This role requires hybrid working from our client site in their Bradford office. If you feel you could be a good fit for Gamma but do not think that you meet all the requirements, we still encourage you to apply as you could be the person that we are looking for. Gamma is an equal opportunity employer. We care about inclusion and believe in having diverse teams where everyone can be their true authentic selves. We value each person and their range of backgrounds and actively encourage people from underrepresented backgrounds to apply. We don't discriminate based on any protected characteristics e.g., race, colour, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, marital status, disability, or age. We are a family friendly employer with a culture based on trust, autonomy, and flexibility to help you create a work life balance and enjoy working here at Gamma. For recruitment agencies - we have a network of fantastic partners that support us in our hiring from time to time. We're not looking to increase that network currently, so please don't send speculative CVs.
17/06/2026
Full time
Cyber Security Analyst (Tier 2) Hybrid working from client site in Bradford A bit about us At Gamma, we're more than just a leader in Unified Communications as a Service (UCaaS) - we're a dynamic, forward-thinking team revolutionizing the way businesses connect and communicate. We provide voice, data, and mobile solutions to businesses across the UK, Germany, Spain, and the Benelux region, and we're expanding rapidly to bring digital automation and Gamma-powered services to SMEs through a growing network of channel partners. We move fast with a start-up mindset, but we have the stability of a leading European business. Our team thrives on collaboration, innovation, and the belief that diverse perspectives make us stronger. Join us, and you'll have the opportunity to make an impact, grow your career, and be part of a company that celebrates inclusivity and fresh ideas. What will you be doing? We are seeking a proficient and motivated Cyber Security Analyst - Tier 2 to join our dynamic Security Operations Centre (SOC) team. You will play a crucial role in monitoring and responding to cybersecurity incidents for one of large enterprise customers. Your main responsibilities will include detecting, investigating, and resolving security incidents while leveraging your advanced technical skills and security knowledge. As a Cyber Security Analyst - Tier 2, you will act as a senior analyst conducting regular threat hunting investigations. Stay updated on the latest cyber security trends, contribute to the SOC team's efficiency and support the proactive detection of new vulnerabilities disclosures. You will report to the Security Operations Manager, support our Managed Detection and Response (MDR) technologies and security incident handling. The ideal candidate will have a strong understanding of security principles, networking, threat actors, and threat vectors. Exceptional problem-solving and communication skills are a must to proactively identify areas for customer security improvements. Previous knowledge and experience managing and utilizing technologies such as Rapid 7 IDM, IVM and Cortex EDR. What will you be doing day-to-day? Analysis: Utilize SIEM and other security tools to monitor and analyze security alerts, triage incidents, and investigate breaches and vulnerabilities. Threat Hunts: Responsible for conducting proactive investigations beyond security tool alerts, identify anomalous behaviour, and derive patterns in log data to detect new Tactics, Techniques and Procedures (TTPs). Vulnerability Disclosures: Regularly document new vulnerability disclosures and communicate findings to stakeholders at all levels. Documentation: Record incidents, actions taken, and resolutions in accordance with company procedures. Customer Support: Address security and technical queries from customers and elevate issues as necessary. Training: Continuously update your knowledge on cyber security trends through ongoing training. Collaboration: Work closely with team members to enhance security protocols and improve incident response strategies. Incident Handling: Triage security alerts, elevate incidents to customers and senior management when applicable, and ensure timely resolution. Security Measures: Identify and support the management of implementing security measures, such as tuning and use case development. Communication: Collaborate with cross-functional teams, communicate security requirements to stakeholders, and ensure successful handovers to support teams. Research: Stay informed and lead internal and external customer communications about emerging threats, technologies, and regulatory changes to maintain cutting edge security practices. About you Previous experience working in a SOC leveraging SIEM and EDR technologies; including Rapid 7, Microsoft Sentinel, Cortex EDR and Defender Experience conducting deep diving investigations and compiling post analysis reports Good understanding of regulatory standards and compliance (e.g., GDPR, ISO 27001, PCI DSS) Experience with Sentinel, Rapid 7 IDR, IVM, Cortex EDR, or similar Strong understanding of network security, endpoint protection, IAM, and data protection concepts Ability to communicate complex technical concepts to both technical and non technical stakeholders effectively A good understanding of Cloud concepts, Microsoft Windows and Linux based operating systems Passionate about the industry with the drive to stay up to date with the latest industry trends and solutions Qualifications Bachelor's degree in Cyber Security, Computer Science, Information Security, or related field preferred Relevant certifications such as CompTIA CySA+, Certified Ethical Hacker (CEH), Microsoft SC 200, or similar Security Cleared or able to obtain Security Clearance What do we offer you? At Gamma, we believe in work life balance, which is why we offer 25 days of annual leave, plus an extra day off for your birthday. Giving back is important to us, so we also provide a volunteer day to support a charity that matters to you. Family matters, too. With enhanced maternity and paternity pay, we're here to support you as a parent and help you thrive in your career. We offer a contributory pension plan to help you save for the years ahead, with Gamma's contribution varying depending on yours. Your well being is our priority. We offer group income protection and life assurance (four times your salary) to ensure peace of mind for you and your loved ones. We want you to share in our success. That's why we offer tax efficient share save and share incentive plans, giving you the opportunity to benefit from Gamma's growth. We're committed to health, both physical and mental, and provide private medical insurance through Vitality, which extends to your immediate family. And, because we care about the environment, we offer an Electric Vehicle scheme through Octopus and a Cycle to Work scheme, making it easier to get around sustainably. A few things to note Unfortunately, we can't offer visa sponsorship or relocation support for this role. This role requires hybrid working from our client site in their Bradford office. If you feel you could be a good fit for Gamma but do not think that you meet all the requirements, we still encourage you to apply as you could be the person that we are looking for. Gamma is an equal opportunity employer. We care about inclusion and believe in having diverse teams where everyone can be their true authentic selves. We value each person and their range of backgrounds and actively encourage people from underrepresented backgrounds to apply. We don't discriminate based on any protected characteristics e.g., race, colour, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, marital status, disability, or age. We are a family friendly employer with a culture based on trust, autonomy, and flexibility to help you create a work life balance and enjoy working here at Gamma. For recruitment agencies - we have a network of fantastic partners that support us in our hiring from time to time. We're not looking to increase that network currently, so please don't send speculative CVs.
As part of this evolution, we are looking for an Internal Cyber Defence Consultant to strengthen our defensive posture, lead the maturity of our Blue Team capability, and ensure Ricoh remains resilient against an ever evolving threat landscape. This is a high impact individual contributor role with virtual leadership responsibilities and working closely with security, technology and business teams across Europe. What you will be doing The Internal Cyber Defence Consultant will be responsible for shaping and maturing Ricoh's defensive security operations. This includes overseeing detection engineering, incident response, threat hunting, and vulnerability management. You will guide the virtual Blue Team, set the direction for defensive strategy, and ensure security controls, processes, and technologies deliver protection across Ricoh's systems, networks and data. Operating in a complex and fast paced environment, you will be accountable for the design and continual improvement of detection and response capabilities, while ensuring alignment with industry standards, regulatory requirements and Ricoh's risk appetite. This role blends technical expertise, leadership, analysis and communication, requiring someone who can influence without direct authority and act decisively when incidents occur. Key Responsibilities Include: Blue Team Leadership & Operations Leading and coordinating the virtual Blue Team, including SOC analysts, incident responders, threat hunters and defensive engineers Setting strategic direction, improving processes, and supporting skill development across the defensive capability Acting as a senior escalation point during investigations and major incidents Designing, implementing and tuning detection rules across SIEM, SOAR, EDR and NDR platforms Managing log ingestion, telemetry pipelines and data quality to ensure visibility across all environments Identifying gaps in logging, coverage or monitoring and driving improvements Managing incident response processes, including playbooks, tabletop exercises and post incident reviews Leading investigations, coordinating cross functional teams and ensuring effective containment, eradication and recovery Embedding lessons learned into future detection, tooling and process enhancements Threat Hunting & Proactive Defence Conducting hypothesis driven threat hunts informed by threat intelligence Identifying stealthy or emerging threats not caught by automated detection Collaborating with Red Team operators to validate detection gaps and enhance Blue Team response Vulnerability & Exposure Management Overseeing vulnerability management processes and coordinating risk based remediation Working with infrastructure and application teams to prioritise and address high risk weaknesses Reporting remediation progress and exposure trends to senior leadership Governance, Reporting & Culture Ensuring compliance with ISO 27001, GDPR, NIS2 and internal security policies Providing clear reporting on threat trends, risk indicators, detection maturity and incident metrics Championing a security first culture through guidance, awareness and training initiatives You will ideally have Technical Expertise Strong hands on experience across SIEM, SOAR, EDR and NDR technologies - covering the Microsoft suite. Zero Trust experience, ideally with zScaler. Proficiency in detection engineering, alert tuning, log analysis and data correlation Solid understanding of MITRE ATT&CK, cyber kill chain and threat actor TTPs Experience conducting or leading incident response and digital forensics investigations Skilled in threat hunting techniques, anomaly detection and behavioural analytics Strong knowledge of vulnerability management processes and tooling Understanding of enterprise networks, cloud environments, endpoints and identity systems Leadership & Interpersonal Skills Experience guiding virtual or multidisciplinary security teams Strong communicator, comfortable engaging senior stakeholders across technical and non technical functions Able to influence decision making, challenge assumptions and advocate for necessary security improvements Skilled at maintaining calm, clarity and leadership during high pressure security incidents Capable of building trust, fostering collaboration and promoting continuous improvement Business & Strategic Acumen Understanding of Ricoh's business context, regulatory environment and operational dependencies Ability to translate technical risk into meaningful business impact Awareness of sector specific risks and organisational priorities Experience working in or with regulated enterprise environments Qualifications & Experience Bachelor's degree in Cybersecurity, Computer Science, IT or related field Relevant certifications such as GCIH, GCIA, GMON or CISSP Extensive proven experience in defensive cyber security roles Proven experience in a leadership or senior operational position Hands on experience leading major incident investigations in enterprise environments Exposure to red/purple team exercises, detection tuning and threat driven defence In return for your commitment, you can expect At Ricoh, work should feel meaningful, supportive and fulfilling. The Ricoh Promise shapes your experience through four pillars that bring our culture to life. Love to Connect You become part of a global community built on openness, inclusion and genuine collaboration. Across teams, countries and roles, you'll find people who listen, involve and encourage you - helping you feel valued and able to be yourself every day. Love to Grow Your development truly matters to us. With access to learning pathways, mentoring and career opportunities across functions and countries, you'll be supported to stretch your skills, explore new directions and stay future ready in a changing world. Love to Give Back Purpose is part of how we work. You'll have opportunities to make a difference through volunteering, sustainability initiatives and community programmes that reflect our shared values and commitment to positive impact. Love to Succeed Success at Ricoh is something we pursue together. You'll benefit from fair rewards, flexible working, wellbeing resources and real recognition - including programmes such as the Imagine. Change. Awards, where colleagues celebrate each other's achievements. We are an equal opportunities employer We believe that diverse perspectives make us stronger, and we welcome applications from people of all backgrounds, identities, and experiences. Our hiring decisions are based on skills, experience and potential, and we are committed to creating a fair and inclusive recruitment process. If you require any reasonable adjustments at any stage of the recruitment journey, please let us know and we will support you to bring your best self forward.
17/06/2026
Full time
As part of this evolution, we are looking for an Internal Cyber Defence Consultant to strengthen our defensive posture, lead the maturity of our Blue Team capability, and ensure Ricoh remains resilient against an ever evolving threat landscape. This is a high impact individual contributor role with virtual leadership responsibilities and working closely with security, technology and business teams across Europe. What you will be doing The Internal Cyber Defence Consultant will be responsible for shaping and maturing Ricoh's defensive security operations. This includes overseeing detection engineering, incident response, threat hunting, and vulnerability management. You will guide the virtual Blue Team, set the direction for defensive strategy, and ensure security controls, processes, and technologies deliver protection across Ricoh's systems, networks and data. Operating in a complex and fast paced environment, you will be accountable for the design and continual improvement of detection and response capabilities, while ensuring alignment with industry standards, regulatory requirements and Ricoh's risk appetite. This role blends technical expertise, leadership, analysis and communication, requiring someone who can influence without direct authority and act decisively when incidents occur. Key Responsibilities Include: Blue Team Leadership & Operations Leading and coordinating the virtual Blue Team, including SOC analysts, incident responders, threat hunters and defensive engineers Setting strategic direction, improving processes, and supporting skill development across the defensive capability Acting as a senior escalation point during investigations and major incidents Designing, implementing and tuning detection rules across SIEM, SOAR, EDR and NDR platforms Managing log ingestion, telemetry pipelines and data quality to ensure visibility across all environments Identifying gaps in logging, coverage or monitoring and driving improvements Managing incident response processes, including playbooks, tabletop exercises and post incident reviews Leading investigations, coordinating cross functional teams and ensuring effective containment, eradication and recovery Embedding lessons learned into future detection, tooling and process enhancements Threat Hunting & Proactive Defence Conducting hypothesis driven threat hunts informed by threat intelligence Identifying stealthy or emerging threats not caught by automated detection Collaborating with Red Team operators to validate detection gaps and enhance Blue Team response Vulnerability & Exposure Management Overseeing vulnerability management processes and coordinating risk based remediation Working with infrastructure and application teams to prioritise and address high risk weaknesses Reporting remediation progress and exposure trends to senior leadership Governance, Reporting & Culture Ensuring compliance with ISO 27001, GDPR, NIS2 and internal security policies Providing clear reporting on threat trends, risk indicators, detection maturity and incident metrics Championing a security first culture through guidance, awareness and training initiatives You will ideally have Technical Expertise Strong hands on experience across SIEM, SOAR, EDR and NDR technologies - covering the Microsoft suite. Zero Trust experience, ideally with zScaler. Proficiency in detection engineering, alert tuning, log analysis and data correlation Solid understanding of MITRE ATT&CK, cyber kill chain and threat actor TTPs Experience conducting or leading incident response and digital forensics investigations Skilled in threat hunting techniques, anomaly detection and behavioural analytics Strong knowledge of vulnerability management processes and tooling Understanding of enterprise networks, cloud environments, endpoints and identity systems Leadership & Interpersonal Skills Experience guiding virtual or multidisciplinary security teams Strong communicator, comfortable engaging senior stakeholders across technical and non technical functions Able to influence decision making, challenge assumptions and advocate for necessary security improvements Skilled at maintaining calm, clarity and leadership during high pressure security incidents Capable of building trust, fostering collaboration and promoting continuous improvement Business & Strategic Acumen Understanding of Ricoh's business context, regulatory environment and operational dependencies Ability to translate technical risk into meaningful business impact Awareness of sector specific risks and organisational priorities Experience working in or with regulated enterprise environments Qualifications & Experience Bachelor's degree in Cybersecurity, Computer Science, IT or related field Relevant certifications such as GCIH, GCIA, GMON or CISSP Extensive proven experience in defensive cyber security roles Proven experience in a leadership or senior operational position Hands on experience leading major incident investigations in enterprise environments Exposure to red/purple team exercises, detection tuning and threat driven defence In return for your commitment, you can expect At Ricoh, work should feel meaningful, supportive and fulfilling. The Ricoh Promise shapes your experience through four pillars that bring our culture to life. Love to Connect You become part of a global community built on openness, inclusion and genuine collaboration. Across teams, countries and roles, you'll find people who listen, involve and encourage you - helping you feel valued and able to be yourself every day. Love to Grow Your development truly matters to us. With access to learning pathways, mentoring and career opportunities across functions and countries, you'll be supported to stretch your skills, explore new directions and stay future ready in a changing world. Love to Give Back Purpose is part of how we work. You'll have opportunities to make a difference through volunteering, sustainability initiatives and community programmes that reflect our shared values and commitment to positive impact. Love to Succeed Success at Ricoh is something we pursue together. You'll benefit from fair rewards, flexible working, wellbeing resources and real recognition - including programmes such as the Imagine. Change. Awards, where colleagues celebrate each other's achievements. We are an equal opportunities employer We believe that diverse perspectives make us stronger, and we welcome applications from people of all backgrounds, identities, and experiences. Our hiring decisions are based on skills, experience and potential, and we are committed to creating a fair and inclusive recruitment process. If you require any reasonable adjustments at any stage of the recruitment journey, please let us know and we will support you to bring your best self forward.
Senior Information Security Analyst, UK page is loaded Senior Information Security Analyst, UKlocations: London, United Kingdomtime type: Full timeposted on: Posted 3 Days Agojob requisition id: R-100213Realty Income aims to be a globally recognized leader in the S&P 100, committed to creating long-term value for all stakeholders. These stakeholders include our dedicated team members, who embody our purpose: building enduring relationships and brighter financial futures. This guiding principle serves as a beacon for our team, influencing every action we take. Our employees consistently invest their time, commitment, and dedication into the company, and in turn, they receive investment returns in the form of purpose, belonging, and opportunities for advancement. We are committed to best-in-class corporate responsibility practices through environmental initiatives, governance programs, and community outreach projects. From the boardroom to the breakroom, our team members make a difference every day.Realty Income (NYSE: O), an S&P 500 company, is a real estate partner to the world's leading companies. Founded in 1969, we invest in diversified commercial real estate and have a portfolio of 15,500 properties in all 50 U.S. states, the UK and eight other countries in Europe, with a gross book value $58bn. We are known as "The Monthly Dividend Company(R)" and have a mission to deliver stockholders dependable monthly dividends that grow over time. Since our founding, we have declared 656 consecutive monthly dividends and are a member of the S&P 500 Dividend Aristocrats(R) index, having increased our dividend for the last 31 consecutive years.The European portfolio, including the UK, has grown significantly since our first international acquisition, a £429m 12-property portfolio from Sainsbury's in 2019. In just five years the portfolio now includes investments of over €11bn, and 483 distinct properties.Be a part of this growth story for a world leading Real Estate Investment Trust! Working in this global role you will contribute to the Info Sec team's expansion in Europe, empowering your career and allowing you to take on additional responsibility and challenges, whilst you broaden your experience and skillsets. Position Overview: Reporting to the Associate Director, European IT and operating under the supervision of the global Information Security program, the Senior Information Security Analyst supports the day-to-day operations of the global Information Security program, with a focus on security alert triage, incident investigation, and operational effectiveness across the environment.This role is responsible for monitoring and responding to security alerts, performing assigned operational tasks, and optimizing security tooling to improve detection quality and reduce false positives. The position operates within a centralized global security function and collaborates across regions to ensure consistent handling of security incidents.The Senior Information Security Analyst contributes to the continuous improvement of information security processes and procedures, supporting compliance activities aligned with frameworks and standards such as the NIST Cybersecurity Framework, GDPR and SOX. Key Responsibilities: Monitor, triage, and investigate security alerts in coordination with the Security Operations Center (SOC) and internal teams. Analyze and validate potential security incidents, ensuring accurate classification, documentation, and escalation. Perform daily operational information security tasks, including the management and resolution of ServiceNow incidents assigned to the Information Security team. Support incident response efforts through investigation, coordination, and detailed documentation of findings. Participate occasionally in an on-call rotation as required to support timely response and escalation of security incidents outside of business hours, ensuring appropriate handover, documentation, and continuity of incident management. Tune and optimize security tools, including SIEM and endpoint protection platforms, to improve alert fidelity and reduce false positives. Collaborate with internal technology teams to ensure appropriate logging, monitoring, and alerting capabilities are in place across systems. Work closely with the IT Service Desk, Operations, and development teams to support vulnerability identification and ensure remediation is prioritised and delivered within agreed SLAs. Work closely with global and regional stakeholders to support consistent security operations and incident handling across time zones. Support security awareness initiatives through participation in training, workshops, and knowledge-sharing activities. Partner with the global Information Security team to review, streamline, and develop security processes, procedures, and incident response playbooks, while maintaining accurate, current documentation aligned with approved standards. Promote a culture of security across the organization through engagement and collaboration. Performs other duties as assigned. Candidate Requirements Knowledge, Skills, and Abilities Must have for the role: Suitable experience in an Information Security role. Some previous relevant experience in a technical IT role (System Administration/Network Administration/DevOps). While we do not set upper or lower limits of experience for any of our vacancies, candidates with at least 4 - 8 years' suitable experience are likely to have the right level of knowledge and experience. Combination of education, training, experience, skills and other characteristics that would provide the requisite knowledge and abilities in support of the essential job functions. Must have Cybersecurity certification(s) (CISSP, Sec+, CCSP, CEH) or equivalent Knowledge of security frameworks and regulatory compliance standards (NIST CSF, SOX ITGC, GDPR, etc.). Hands-on experience with security technologies including Microsoft Defender, Zscaler, SIEM platforms (e.g. Google SecOps), and identity platforms (e.g. Azure/Entra, Okta).Hands on experience in incident response, threat detection, and vulnerability management within an enterprise environment. Strong ability to analyze, prioritize, and respond to security alerts and vulnerabilities within the context of business operations and risk tolerance. Experience with incident response processes and best practices, including investigation, escalation, and documentation. Knowledge of cloud security principles, particularly within Microsoft Azure environments. Working technical knowledge of IT systems including Active Directory, Microsoft 365 and Windows OS. Strong written and verbal communication skills include the ability to clearly document findings and risks to technical and non-technical stakeholders. Demonstrate commitment to continuous learning, staying current with emerging threats, technologies and industry trends. Hybrid working arrangements, in the office Monday / Tuesday / Wednesday / Thursday May require infrequent travel to remote sites. Make yourself available outside of normal working hours for security incidents Desirable but not essential: Experience working in the financial services or investment industries. Bachelor's degree in information security or related field or equivalent combination of education and experience. Our Mission & Values For more than 50 years, Realty Income has been guided by our mission to invest in people and places to deliver dependable monthly dividends that increase over time. We do this by nurturing long-term, meaningful relationships that enable people to achieve a better financial outlook. We understand that when individuals succeed financially, they are able to provide for their families, support local businesses and pursue their greatest ambitions-creating a lasting positive impact
16/06/2026
Full time
Senior Information Security Analyst, UK page is loaded Senior Information Security Analyst, UKlocations: London, United Kingdomtime type: Full timeposted on: Posted 3 Days Agojob requisition id: R-100213Realty Income aims to be a globally recognized leader in the S&P 100, committed to creating long-term value for all stakeholders. These stakeholders include our dedicated team members, who embody our purpose: building enduring relationships and brighter financial futures. This guiding principle serves as a beacon for our team, influencing every action we take. Our employees consistently invest their time, commitment, and dedication into the company, and in turn, they receive investment returns in the form of purpose, belonging, and opportunities for advancement. We are committed to best-in-class corporate responsibility practices through environmental initiatives, governance programs, and community outreach projects. From the boardroom to the breakroom, our team members make a difference every day.Realty Income (NYSE: O), an S&P 500 company, is a real estate partner to the world's leading companies. Founded in 1969, we invest in diversified commercial real estate and have a portfolio of 15,500 properties in all 50 U.S. states, the UK and eight other countries in Europe, with a gross book value $58bn. We are known as "The Monthly Dividend Company(R)" and have a mission to deliver stockholders dependable monthly dividends that grow over time. Since our founding, we have declared 656 consecutive monthly dividends and are a member of the S&P 500 Dividend Aristocrats(R) index, having increased our dividend for the last 31 consecutive years.The European portfolio, including the UK, has grown significantly since our first international acquisition, a £429m 12-property portfolio from Sainsbury's in 2019. In just five years the portfolio now includes investments of over €11bn, and 483 distinct properties.Be a part of this growth story for a world leading Real Estate Investment Trust! Working in this global role you will contribute to the Info Sec team's expansion in Europe, empowering your career and allowing you to take on additional responsibility and challenges, whilst you broaden your experience and skillsets. Position Overview: Reporting to the Associate Director, European IT and operating under the supervision of the global Information Security program, the Senior Information Security Analyst supports the day-to-day operations of the global Information Security program, with a focus on security alert triage, incident investigation, and operational effectiveness across the environment.This role is responsible for monitoring and responding to security alerts, performing assigned operational tasks, and optimizing security tooling to improve detection quality and reduce false positives. The position operates within a centralized global security function and collaborates across regions to ensure consistent handling of security incidents.The Senior Information Security Analyst contributes to the continuous improvement of information security processes and procedures, supporting compliance activities aligned with frameworks and standards such as the NIST Cybersecurity Framework, GDPR and SOX. Key Responsibilities: Monitor, triage, and investigate security alerts in coordination with the Security Operations Center (SOC) and internal teams. Analyze and validate potential security incidents, ensuring accurate classification, documentation, and escalation. Perform daily operational information security tasks, including the management and resolution of ServiceNow incidents assigned to the Information Security team. Support incident response efforts through investigation, coordination, and detailed documentation of findings. Participate occasionally in an on-call rotation as required to support timely response and escalation of security incidents outside of business hours, ensuring appropriate handover, documentation, and continuity of incident management. Tune and optimize security tools, including SIEM and endpoint protection platforms, to improve alert fidelity and reduce false positives. Collaborate with internal technology teams to ensure appropriate logging, monitoring, and alerting capabilities are in place across systems. Work closely with the IT Service Desk, Operations, and development teams to support vulnerability identification and ensure remediation is prioritised and delivered within agreed SLAs. Work closely with global and regional stakeholders to support consistent security operations and incident handling across time zones. Support security awareness initiatives through participation in training, workshops, and knowledge-sharing activities. Partner with the global Information Security team to review, streamline, and develop security processes, procedures, and incident response playbooks, while maintaining accurate, current documentation aligned with approved standards. Promote a culture of security across the organization through engagement and collaboration. Performs other duties as assigned. Candidate Requirements Knowledge, Skills, and Abilities Must have for the role: Suitable experience in an Information Security role. Some previous relevant experience in a technical IT role (System Administration/Network Administration/DevOps). While we do not set upper or lower limits of experience for any of our vacancies, candidates with at least 4 - 8 years' suitable experience are likely to have the right level of knowledge and experience. Combination of education, training, experience, skills and other characteristics that would provide the requisite knowledge and abilities in support of the essential job functions. Must have Cybersecurity certification(s) (CISSP, Sec+, CCSP, CEH) or equivalent Knowledge of security frameworks and regulatory compliance standards (NIST CSF, SOX ITGC, GDPR, etc.). Hands-on experience with security technologies including Microsoft Defender, Zscaler, SIEM platforms (e.g. Google SecOps), and identity platforms (e.g. Azure/Entra, Okta).Hands on experience in incident response, threat detection, and vulnerability management within an enterprise environment. Strong ability to analyze, prioritize, and respond to security alerts and vulnerabilities within the context of business operations and risk tolerance. Experience with incident response processes and best practices, including investigation, escalation, and documentation. Knowledge of cloud security principles, particularly within Microsoft Azure environments. Working technical knowledge of IT systems including Active Directory, Microsoft 365 and Windows OS. Strong written and verbal communication skills include the ability to clearly document findings and risks to technical and non-technical stakeholders. Demonstrate commitment to continuous learning, staying current with emerging threats, technologies and industry trends. Hybrid working arrangements, in the office Monday / Tuesday / Wednesday / Thursday May require infrequent travel to remote sites. Make yourself available outside of normal working hours for security incidents Desirable but not essential: Experience working in the financial services or investment industries. Bachelor's degree in information security or related field or equivalent combination of education and experience. Our Mission & Values For more than 50 years, Realty Income has been guided by our mission to invest in people and places to deliver dependable monthly dividends that increase over time. We do this by nurturing long-term, meaningful relationships that enable people to achieve a better financial outlook. We understand that when individuals succeed financially, they are able to provide for their families, support local businesses and pursue their greatest ambitions-creating a lasting positive impact
Working Pattern: Monday to Friday, 09:00-17:00 (early Friday finish at 16:00, workload permitting) Clearance: SC We are seeking a Senior Cyber Security Analyst to join the Security Operations Centre (SOC) at Computer Network Defence Ltd (CND). This is a key role within our Managed Security Services Provider (MSSP) environment, where you will lead on the analysis and response to security incidents across multiple client environments. Working closely with the SOC Team Lead, you will support day to day monitoring and investigation activities, engage directly with clients to communicate findings and trends, and contribute to the ongoing improvement of SOC processes and capabilities. You will also play an important role in mentoring junior analysts and helping to shape the future direction of our security services. Key Responsibilities Monitor, triage and investigate security alerts across multiple platforms Conduct in-depth incident analysis and support ongoing client investigations Act as deputy to the SOC Team Lead when required Review and assess escalated Tier 2 alerts for urgency and impact Deliver weekly and monthly reporting to clients and stakeholders Communicate security findings and trends directly to clients Support vulnerability management analysis and remediation efforts Lead false positive reduction and SIEM tuning activities Mentor and support development of Tier 1 and junior analysts Contribute to SOC process improvement and operational efficiency Participate in incident response activities as part of the wider team Lead internal SOC initiatives and projects where required Create and deliver presentations for clients and internal teams What We're Looking For Strong experience within a SOC or cyber security operations environment Proven ability to investigate and analyse complex security incidents Experience with SIEM platforms, threat intelligence, and security tooling Strong stakeholder and client communication skills Ability to mentor and develop junior team members Proactive approach to problem solving and continuous improvement Good understanding of current cyber threats, tactics and trends Please note that we cannot sponsor visas to work in the UK.
16/06/2026
Full time
Working Pattern: Monday to Friday, 09:00-17:00 (early Friday finish at 16:00, workload permitting) Clearance: SC We are seeking a Senior Cyber Security Analyst to join the Security Operations Centre (SOC) at Computer Network Defence Ltd (CND). This is a key role within our Managed Security Services Provider (MSSP) environment, where you will lead on the analysis and response to security incidents across multiple client environments. Working closely with the SOC Team Lead, you will support day to day monitoring and investigation activities, engage directly with clients to communicate findings and trends, and contribute to the ongoing improvement of SOC processes and capabilities. You will also play an important role in mentoring junior analysts and helping to shape the future direction of our security services. Key Responsibilities Monitor, triage and investigate security alerts across multiple platforms Conduct in-depth incident analysis and support ongoing client investigations Act as deputy to the SOC Team Lead when required Review and assess escalated Tier 2 alerts for urgency and impact Deliver weekly and monthly reporting to clients and stakeholders Communicate security findings and trends directly to clients Support vulnerability management analysis and remediation efforts Lead false positive reduction and SIEM tuning activities Mentor and support development of Tier 1 and junior analysts Contribute to SOC process improvement and operational efficiency Participate in incident response activities as part of the wider team Lead internal SOC initiatives and projects where required Create and deliver presentations for clients and internal teams What We're Looking For Strong experience within a SOC or cyber security operations environment Proven ability to investigate and analyse complex security incidents Experience with SIEM platforms, threat intelligence, and security tooling Strong stakeholder and client communication skills Ability to mentor and develop junior team members Proactive approach to problem solving and continuous improvement Good understanding of current cyber threats, tactics and trends Please note that we cannot sponsor visas to work in the UK.
Base Location: You'll be expected to spend 50% of your working week in one of the following locations: Reading or Havant Salary: £49,004 - £57,728 and a range of benefits to support your finances, wellbeing and family. Working Pattern: 12 month fixed Term Contract Full Time Flexible First options available The Role We are looking for an experienced Business Analyst to join our Cyber Defence and IT/OT Security team. In this role, you will shape and drive the delivery of cyber security outcomes by analysing business needs, security product requirements, and process improvements across a complex, regulated technical landscape. You will work closely with Cyber Defence, Architecture, IT/OT operations, and product owners to ensure cyber tooling, security controls, and monitoring capabilities meet business, regulatory, and operational needs. You Will Lead requirements analysis for cyber security products, tooling, and services (e.g., EDR, SIEM, identity, network monitoring, vulnerability management, OT security solutions). Translate cyber, regulatory, and operational needs into clear product requirements, user stories, and acceptance criteria for security engineering and SOC teams. Work with stakeholders across Cyber Defence, IT, OT and business units to clarify, validate, and prioritise security requirements and improvements. Conduct detailed process and data-flow analysis for areas such as incident response, access controls, telemetry, logging, and security event lifecycle. Present complex cyber and technical concepts to both technical colleagues and senior business stakeholders in clear, accessible language. Facilitate workshops and cross functional sessions, ensuring alignment between product, engineering, SOC, and business teams. You Have Proven experience as a Business Analyst in complex IT environments Strong knowledge of business analysis methods, including requirements gathering, process mapping, stakeholder engagement, and delivery support Excellent analytical, facilitation, and communication skills, with experience across agile and waterfall delivery models Proactive and delivery-focused, with strong ownership, clear documentation, and the ability to produce high quality outputs under pressure Desirable: experience in cyber security, IT security operations, or regulated environments, with awareness of security controls, frameworks, and cross functional stakeholder management Flexible benefits to fit your life Enjoy discounts on private healthcare and gym memberships. Wellbeing benefits like a free online GP and 24/7 counselling service. Interest free loans on tech and transport season tickets, or a new bike with our Cycle to Work scheme. As well as generous family entitlements such as maternity and adoption pay, and paternity leave. Work with an equal opportunity employer SSE will make any reasonable adjustments you need to ensure that your application and experience with us is positive. Please contact / to discuss how we can support you. We're dedicated to fostering an open and inclusive workplace where people from all backgrounds can thrive. We create equal opportunities for everyone to succeed and especially welcome applications from those who may not be well represented in our workforce or industry.
14/06/2026
Full time
Base Location: You'll be expected to spend 50% of your working week in one of the following locations: Reading or Havant Salary: £49,004 - £57,728 and a range of benefits to support your finances, wellbeing and family. Working Pattern: 12 month fixed Term Contract Full Time Flexible First options available The Role We are looking for an experienced Business Analyst to join our Cyber Defence and IT/OT Security team. In this role, you will shape and drive the delivery of cyber security outcomes by analysing business needs, security product requirements, and process improvements across a complex, regulated technical landscape. You will work closely with Cyber Defence, Architecture, IT/OT operations, and product owners to ensure cyber tooling, security controls, and monitoring capabilities meet business, regulatory, and operational needs. You Will Lead requirements analysis for cyber security products, tooling, and services (e.g., EDR, SIEM, identity, network monitoring, vulnerability management, OT security solutions). Translate cyber, regulatory, and operational needs into clear product requirements, user stories, and acceptance criteria for security engineering and SOC teams. Work with stakeholders across Cyber Defence, IT, OT and business units to clarify, validate, and prioritise security requirements and improvements. Conduct detailed process and data-flow analysis for areas such as incident response, access controls, telemetry, logging, and security event lifecycle. Present complex cyber and technical concepts to both technical colleagues and senior business stakeholders in clear, accessible language. Facilitate workshops and cross functional sessions, ensuring alignment between product, engineering, SOC, and business teams. You Have Proven experience as a Business Analyst in complex IT environments Strong knowledge of business analysis methods, including requirements gathering, process mapping, stakeholder engagement, and delivery support Excellent analytical, facilitation, and communication skills, with experience across agile and waterfall delivery models Proactive and delivery-focused, with strong ownership, clear documentation, and the ability to produce high quality outputs under pressure Desirable: experience in cyber security, IT security operations, or regulated environments, with awareness of security controls, frameworks, and cross functional stakeholder management Flexible benefits to fit your life Enjoy discounts on private healthcare and gym memberships. Wellbeing benefits like a free online GP and 24/7 counselling service. Interest free loans on tech and transport season tickets, or a new bike with our Cycle to Work scheme. As well as generous family entitlements such as maternity and adoption pay, and paternity leave. Work with an equal opportunity employer SSE will make any reasonable adjustments you need to ensure that your application and experience with us is positive. Please contact / to discuss how we can support you. We're dedicated to fostering an open and inclusive workplace where people from all backgrounds can thrive. We create equal opportunities for everyone to succeed and especially welcome applications from those who may not be well represented in our workforce or industry.
Cyber Operations Senior Engineer & Team Leader Would you like to kick start your career in a supportive, collaborative and innovative company? Do you enjoy working as part of an enthusiastic, passionate, and collaborative team? Join our Cyber Operations Team! The Softcat Cyber Operations teams provide our customers with cyber security monitoring, analysis, assessment and remediation. It is our job to design and deploy effective security monitoring and assessment tools into customer IT systems to provide monitoring and detection capabilities against cyber threats. Our Engineering team is responsible for ensuring these tools are properly configured, deployed and maintained to deliver the service effectively. Success. The Softcat Way. Passion. Intelligence. Fun. Responsible; these are the core values which define Softcat. We are one of the UK's leading IT infrastructure providers and a FTSE 250 listed company. The business is based on two key principles: outstanding customer service and employee satisfaction- both of which inspire our flexible, friendly approach to business. Working as part of our Cyber Operations team, you will lead a team of SOC Analysts and Incident Responders, and work as a key member of the Engineering team responsible for delivering the engineering strategy defined by the Cyber Operations Manager and Lead Engineer. This includes ensuring best practice is applied to both Incident Response and Engineering activities, the continual development of platforms and services, and maintaining high standards across the function. Responsibilities Lead an Incident Response Team of technology-focused Analysts and Incident Responders, managing team workload, responsibilities and SLA adherence. Performance management of the team, including mentoring and coaching across the team as required, to develop and baseline skills against current and emerging threats within the Cyber threat landscape. Work with your line manager to agree and report on SLAs, OLAs, KPIs. Act as first escalation point - including but not limited to, technical and customer escalations. Qualifications Knowledge and understanding of incident Response frameworks such as NIST CSF, SOC2 or equivalent. Knowledge and understanding of information security architecture and IT security policies relevant to logging (secure transport, retention, privacy by design). Organised, with strong communication skills both written and oral, and with the ability to translate and deliver technical information (standards, runbooks, feed specs) to a non-technical audience. Customer focused and proactive in resolving technical issues and challenges. Prior experience working within a Managed Service Provider or MSSP organisation is strongly preferred. Candidates who have performed a similar role but not necessarily in a SOC will be considered. Experience with other SIEM and related information security management platforms desirable, such as AlienVault, Elastic, EDR/MDR tools, vulnerability management platforms etc. Demonstrable knowledge of SIEM data modelling, event normalization, and enrichment strategies. Benefits Share incentive plan Life Assurance Holiday Trips Vouchers Partner/family Benefits Maternity, Paternity and Adoption support Pension We recognise that everyone is different and that the way in which people want to work and deliver at their best is different for everyone too. In this role, we can offer the following flexible working patterns: Hybrid working - 3 days in the office and 2 days working from home. Working flexible hours - flexing the times you start and finish during the day. Flexibility around school pick up and drop offs. If you have a disability or neurodiversity, we can provide support or adjustments that you may need throughout our recruitment process or any mitigating circumstance you wish for us to consider. Any information you share on your application will be treated in confidence. You can find out more about life at Softcat and our commitments to diversity and inclusion at We offer a competitive salary and benefits package and will provide you with opportunities to grow, flourish, and achieve great things.
13/06/2026
Full time
Cyber Operations Senior Engineer & Team Leader Would you like to kick start your career in a supportive, collaborative and innovative company? Do you enjoy working as part of an enthusiastic, passionate, and collaborative team? Join our Cyber Operations Team! The Softcat Cyber Operations teams provide our customers with cyber security monitoring, analysis, assessment and remediation. It is our job to design and deploy effective security monitoring and assessment tools into customer IT systems to provide monitoring and detection capabilities against cyber threats. Our Engineering team is responsible for ensuring these tools are properly configured, deployed and maintained to deliver the service effectively. Success. The Softcat Way. Passion. Intelligence. Fun. Responsible; these are the core values which define Softcat. We are one of the UK's leading IT infrastructure providers and a FTSE 250 listed company. The business is based on two key principles: outstanding customer service and employee satisfaction- both of which inspire our flexible, friendly approach to business. Working as part of our Cyber Operations team, you will lead a team of SOC Analysts and Incident Responders, and work as a key member of the Engineering team responsible for delivering the engineering strategy defined by the Cyber Operations Manager and Lead Engineer. This includes ensuring best practice is applied to both Incident Response and Engineering activities, the continual development of platforms and services, and maintaining high standards across the function. Responsibilities Lead an Incident Response Team of technology-focused Analysts and Incident Responders, managing team workload, responsibilities and SLA adherence. Performance management of the team, including mentoring and coaching across the team as required, to develop and baseline skills against current and emerging threats within the Cyber threat landscape. Work with your line manager to agree and report on SLAs, OLAs, KPIs. Act as first escalation point - including but not limited to, technical and customer escalations. Qualifications Knowledge and understanding of incident Response frameworks such as NIST CSF, SOC2 or equivalent. Knowledge and understanding of information security architecture and IT security policies relevant to logging (secure transport, retention, privacy by design). Organised, with strong communication skills both written and oral, and with the ability to translate and deliver technical information (standards, runbooks, feed specs) to a non-technical audience. Customer focused and proactive in resolving technical issues and challenges. Prior experience working within a Managed Service Provider or MSSP organisation is strongly preferred. Candidates who have performed a similar role but not necessarily in a SOC will be considered. Experience with other SIEM and related information security management platforms desirable, such as AlienVault, Elastic, EDR/MDR tools, vulnerability management platforms etc. Demonstrable knowledge of SIEM data modelling, event normalization, and enrichment strategies. Benefits Share incentive plan Life Assurance Holiday Trips Vouchers Partner/family Benefits Maternity, Paternity and Adoption support Pension We recognise that everyone is different and that the way in which people want to work and deliver at their best is different for everyone too. In this role, we can offer the following flexible working patterns: Hybrid working - 3 days in the office and 2 days working from home. Working flexible hours - flexing the times you start and finish during the day. Flexibility around school pick up and drop offs. If you have a disability or neurodiversity, we can provide support or adjustments that you may need throughout our recruitment process or any mitigating circumstance you wish for us to consider. Any information you share on your application will be treated in confidence. You can find out more about life at Softcat and our commitments to diversity and inclusion at We offer a competitive salary and benefits package and will provide you with opportunities to grow, flourish, and achieve great things.
Cyber Operations Senior Engineer & Team Leader Would you like to kick start your career in a supportive, collaborative and innovative company? Do you enjoy working as part of an enthusiastic, passionate, and collaborative team? Join our Cyber Operations Team! The Softcat Cyber Operations teams provide our customers with cyber security monitoring, analysis, assessment and remediation. It is our job to design and deploy effective security monitoring and assessment tools into customer IT systems to provide monitoring and detection capabilities against cyber threats. Our Engineering team is responsible for ensuring these tools are properly configured, deployed and maintained to deliver the service effectively. Success. The Softcat Way. Passion. Intelligence. Fun. Responsible; these are the core values which define Softcat. We are one of the UK's leading IT infrastructure providers and a FTSE 250 listed company. The business is based on two key principles: outstanding customer service and employee satisfaction- both of which inspire our flexible, friendly approach to business. Working as part of our Cyber Operations team, you will lead a team of SOC Analysts and Incident Responders, and work as a key member of the Engineering team responsible for delivering the engineering strategy defined by the Cyber Operations Manager and Lead Engineer. This includes ensuring best practice is applied to both Incident Response and Engineering activities, the continual development of platforms and services, and maintaining high standards across the function. Responsibilities Lead an Incident Response Team of technology-focused Analysts and Incident Responders, managing team workload, responsibilities and SLA adherence. Performance management of the team, including mentoring and coaching across the team as required, to develop and baseline skills against current and emerging threats within the Cyber threat landscape. Work with your line manager to agree and report on SLAs, OLAs, KPIs. Act as first escalation point - including but not limited to, technical and customer escalations. Qualifications Knowledge and understanding of incident Response frameworks such as NIST CSF, SOC2 or equivalent. Knowledge and understanding of information security architecture and IT security policies relevant to logging (secure transport, retention, privacy by design). Organised, with strong communication skills both written and oral, and with the ability to translate and deliver technical information (standards, runbooks, feed specs) to a non-technical audience. Customer focused and proactive in resolving technical issues and challenges. Prior experience working within a Managed Service Provider or MSSP organisation is strongly preferred. Candidates who have performed a similar role but not necessarily in a SOC will be considered. Experience with other SIEM and related information security management platforms desirable, such as AlienVault, Elastic, EDR/MDR tools, vulnerability management platforms etc. Demonstrable knowledge of SIEM data modelling, event normalization, and enrichment strategies. Benefits Share incentive plan Life Assurance Holiday Trips Vouchers Partner/family Benefits Maternity, Paternity and Adoption support Pension We recognise that everyone is different and that the way in which people want to work and deliver at their best is different for everyone too. In this role, we can offer the following flexible working patterns: Hybrid working - 3 days in the office and 2 days working from home. Working flexible hours - flexing the times you start and finish during the day. Flexibility around school pick up and drop offs. If you have a disability or neurodiversity, we can provide support or adjustments that you may need throughout our recruitment process or any mitigating circumstance you wish for us to consider. Any information you share on your application will be treated in confidence. You can find out more about life at Softcat and our commitments to diversity and inclusion at We offer a competitive salary and benefits package and will provide you with opportunities to grow, flourish, and achieve great things.
13/06/2026
Full time
Cyber Operations Senior Engineer & Team Leader Would you like to kick start your career in a supportive, collaborative and innovative company? Do you enjoy working as part of an enthusiastic, passionate, and collaborative team? Join our Cyber Operations Team! The Softcat Cyber Operations teams provide our customers with cyber security monitoring, analysis, assessment and remediation. It is our job to design and deploy effective security monitoring and assessment tools into customer IT systems to provide monitoring and detection capabilities against cyber threats. Our Engineering team is responsible for ensuring these tools are properly configured, deployed and maintained to deliver the service effectively. Success. The Softcat Way. Passion. Intelligence. Fun. Responsible; these are the core values which define Softcat. We are one of the UK's leading IT infrastructure providers and a FTSE 250 listed company. The business is based on two key principles: outstanding customer service and employee satisfaction- both of which inspire our flexible, friendly approach to business. Working as part of our Cyber Operations team, you will lead a team of SOC Analysts and Incident Responders, and work as a key member of the Engineering team responsible for delivering the engineering strategy defined by the Cyber Operations Manager and Lead Engineer. This includes ensuring best practice is applied to both Incident Response and Engineering activities, the continual development of platforms and services, and maintaining high standards across the function. Responsibilities Lead an Incident Response Team of technology-focused Analysts and Incident Responders, managing team workload, responsibilities and SLA adherence. Performance management of the team, including mentoring and coaching across the team as required, to develop and baseline skills against current and emerging threats within the Cyber threat landscape. Work with your line manager to agree and report on SLAs, OLAs, KPIs. Act as first escalation point - including but not limited to, technical and customer escalations. Qualifications Knowledge and understanding of incident Response frameworks such as NIST CSF, SOC2 or equivalent. Knowledge and understanding of information security architecture and IT security policies relevant to logging (secure transport, retention, privacy by design). Organised, with strong communication skills both written and oral, and with the ability to translate and deliver technical information (standards, runbooks, feed specs) to a non-technical audience. Customer focused and proactive in resolving technical issues and challenges. Prior experience working within a Managed Service Provider or MSSP organisation is strongly preferred. Candidates who have performed a similar role but not necessarily in a SOC will be considered. Experience with other SIEM and related information security management platforms desirable, such as AlienVault, Elastic, EDR/MDR tools, vulnerability management platforms etc. Demonstrable knowledge of SIEM data modelling, event normalization, and enrichment strategies. Benefits Share incentive plan Life Assurance Holiday Trips Vouchers Partner/family Benefits Maternity, Paternity and Adoption support Pension We recognise that everyone is different and that the way in which people want to work and deliver at their best is different for everyone too. In this role, we can offer the following flexible working patterns: Hybrid working - 3 days in the office and 2 days working from home. Working flexible hours - flexing the times you start and finish during the day. Flexibility around school pick up and drop offs. If you have a disability or neurodiversity, we can provide support or adjustments that you may need throughout our recruitment process or any mitigating circumstance you wish for us to consider. Any information you share on your application will be treated in confidence. You can find out more about life at Softcat and our commitments to diversity and inclusion at We offer a competitive salary and benefits package and will provide you with opportunities to grow, flourish, and achieve great things.
Free travel EMR services and 75% discount on all other train operators ClosingDate: Friday 19 June 2026 Reference: 2026-56 Protect the railway that keeps the East Midlands moving. At East Midlands Railway, every journey matters. Millions of customers rely on us to travel safely, reliably and sustainably across the region. Behind every train departure, customer interaction and operational decision sits a complex technology landscape that must be protected from an ever evolving cyber threat environment. We're looking for an experienced and passionate Lead Information Security Analyst to help safeguard our people, systems and operations. This is more than a technical security role. It's an opportunity to lead cyber resilience across a critical national infrastructure organisation, shaping security strategy, influencing stakeholders at every level and protecting the services that our customers depend on every day. Why this role matters As our Lead Information Security Analyst, you'll play a pivotal role in strengthening EMR's cyber security capability. You'll lead security operations, manage incident response activities, develop security controls and drive a security first culture across the business. From threat hunting and vulnerability management to advising senior leaders on emerging risks, you'll be at the forefront of protecting our organisation from cyber threats while enabling innovation and business change. What you'll be doing Leading and developing a team of Information Security Analysts Managing and optimising key security technologies including SIEM, XDR, anti virus, email security and vulnerability management platforms Driving proactive threat hunting and threat intelligence activities Leading cyber incident response and working closely with Security Operations Centre partners Identifying, assessing and helping mitigate information security risks across the organisation Supporting security governance through ISO27001 aligned controls, policies and procedures Providing expert security advice on new technologies, projects and operational systems Supporting operational technology (OT) cyber security initiatives across our fleet and wider railway environment Promoting a positive security culture and increasing cyber awareness throughout EMR Producing insightful reporting, KPIs and trend analysis to inform decision making at all levels What we're looking for You'll be an experienced cyber security professional who combines strong technical expertise with the ability to influence and engage stakeholders across the business. You'll bring Significant experience in a senior Information Security or Cyber Security role Strong knowledge of security operations, risk management and security governance Experience working with ISO27001 controls, policies and frameworks Hands on experience with enterprise security technologies and security monitoring platforms Excellent analytical and problem solving skills Strong communication skills with the ability to explain complex security concepts to both technical and non technical audiences A proactive, organised and customer focused approach Professional certifications such as ISC2 CISSP and ISACA CISM are highly desirable. In return, you'll receive Free standard leisure travel on EMR, Transport UK and LNER services Friends and Family discounted travel on the EMR network 75% discount on national leisure rail travel for you, your partner and dependants Up to 32 days annual leave The chance to make a real impact within a critical public service organisation Diversity & Inclusion At EMR, we are committed to building a workforce that reflects the communities we serve. We recognise that women and people from ethnic minority backgrounds are currently under represented within our workforce. We actively encourage applications from these groups and welcome talented individuals from all backgrounds, experiences and perspectives. We welcome applicants from diverse backgrounds. We promote equal opportunities for all. East Midlands Railway is a non discriminatory employer committed to the recruitment and promotion of all on the basis of ability and merit irrespective of disability, race, gender, health, social class, sexual preference, marital status, nationality, religion, employment status or age. We'll treat your application fairly and assess you for the job based on merit and skills. If you're passionate about cyber security, leadership and protecting a business that connects communities across the East Midlands, we'd love to hear from you.
11/06/2026
Full time
Free travel EMR services and 75% discount on all other train operators ClosingDate: Friday 19 June 2026 Reference: 2026-56 Protect the railway that keeps the East Midlands moving. At East Midlands Railway, every journey matters. Millions of customers rely on us to travel safely, reliably and sustainably across the region. Behind every train departure, customer interaction and operational decision sits a complex technology landscape that must be protected from an ever evolving cyber threat environment. We're looking for an experienced and passionate Lead Information Security Analyst to help safeguard our people, systems and operations. This is more than a technical security role. It's an opportunity to lead cyber resilience across a critical national infrastructure organisation, shaping security strategy, influencing stakeholders at every level and protecting the services that our customers depend on every day. Why this role matters As our Lead Information Security Analyst, you'll play a pivotal role in strengthening EMR's cyber security capability. You'll lead security operations, manage incident response activities, develop security controls and drive a security first culture across the business. From threat hunting and vulnerability management to advising senior leaders on emerging risks, you'll be at the forefront of protecting our organisation from cyber threats while enabling innovation and business change. What you'll be doing Leading and developing a team of Information Security Analysts Managing and optimising key security technologies including SIEM, XDR, anti virus, email security and vulnerability management platforms Driving proactive threat hunting and threat intelligence activities Leading cyber incident response and working closely with Security Operations Centre partners Identifying, assessing and helping mitigate information security risks across the organisation Supporting security governance through ISO27001 aligned controls, policies and procedures Providing expert security advice on new technologies, projects and operational systems Supporting operational technology (OT) cyber security initiatives across our fleet and wider railway environment Promoting a positive security culture and increasing cyber awareness throughout EMR Producing insightful reporting, KPIs and trend analysis to inform decision making at all levels What we're looking for You'll be an experienced cyber security professional who combines strong technical expertise with the ability to influence and engage stakeholders across the business. You'll bring Significant experience in a senior Information Security or Cyber Security role Strong knowledge of security operations, risk management and security governance Experience working with ISO27001 controls, policies and frameworks Hands on experience with enterprise security technologies and security monitoring platforms Excellent analytical and problem solving skills Strong communication skills with the ability to explain complex security concepts to both technical and non technical audiences A proactive, organised and customer focused approach Professional certifications such as ISC2 CISSP and ISACA CISM are highly desirable. In return, you'll receive Free standard leisure travel on EMR, Transport UK and LNER services Friends and Family discounted travel on the EMR network 75% discount on national leisure rail travel for you, your partner and dependants Up to 32 days annual leave The chance to make a real impact within a critical public service organisation Diversity & Inclusion At EMR, we are committed to building a workforce that reflects the communities we serve. We recognise that women and people from ethnic minority backgrounds are currently under represented within our workforce. We actively encourage applications from these groups and welcome talented individuals from all backgrounds, experiences and perspectives. We welcome applicants from diverse backgrounds. We promote equal opportunities for all. East Midlands Railway is a non discriminatory employer committed to the recruitment and promotion of all on the basis of ability and merit irrespective of disability, race, gender, health, social class, sexual preference, marital status, nationality, religion, employment status or age. We'll treat your application fairly and assess you for the job based on merit and skills. If you're passionate about cyber security, leadership and protecting a business that connects communities across the East Midlands, we'd love to hear from you.
Role: Senior Cybersecurity Analyst Location: Horwich, BL6 6JW Contract: Full Time Hours / Permanent Salary: Up to £55,000 Company: EG Group About the Role EG Group are looking for a Senior Cybersecurity Analyst to play a key role in protecting the organisation's technology estate across multiple regions. Reporting to the Head of Information Security, you will lead day to day security operations, acting as a technical escalation point for incidents and ensuring threats are effectively identified, investigated, and resolved. This is a hands on role where you will take ownership during high severity incidents, working closely with IT, infrastructure, and compliance teams to ensure security controls are effective and aligned with business needs. You will also contribute to the ongoing development of security processes, supporting the organisation in strengthening its overall security posture within a complex, fast paced environment. Why Join EG Group? Discretionary performance-based bonus scheme Grow your career - gain accredited qualifications, apprenticeships, and progression opportunities within a global organisation Hybrid working - up to 2 days per week (dependent on role and business needs) Salary Sacrifice Schemes - Cycle to Work and Car Scheme available Enhanced Maternity & Paternity leave Generous annual leave entitlement Annual leave buy back scheme - purchase up to 5 additional days Discounted gym membership - stay healthy and save on fitness costs One paid volunteering day per year Wellbeing facilities - space to relax and recharge Free secure on-site parking Dress Down Fridays Free VDU eye test What you'll be doing Leading the investigation and response to security incidents, acting as the escalation point for complex or high severity events. Monitoring and optimising security tooling, including SIEM and endpoint protection platforms, to improve detection and response capabilities. Conducting threat hunting, root cause analysis, and forensic investigations to identify risks and control weaknesses. Developing and maintaining incident response processes, playbooks, and detection rules aligned to best practice frameworks. Translating threat intelligence into actionable controls to strengthen detection and prevention measures. Supporting vulnerability management activities, including identifying, prioritising, and tracking remediation of risks. Collaborating with IT, infrastructure, and compliance teams to embed secure by design principles and improve overall security maturity. This list is not exhaustive and may be added to or amended from time to time. What we're looking for Proven experience in a cybersecurity or security operations role, with exposure to incident response and threat investigation. Strong understanding of security technologies such as SIEM, EDR/XDR, and vulnerability management tools. Experience working with Microsoft security technologies (e.g. Sentinel, Defender, Azure security tools). Strong analytical skills, with the ability to assess risk and make sound decisions under pressure. Experience supporting security frameworks or regulatory requirements (e.g. ISO 27001, NIS2, PCI DSS). Confident communicator, able to engage with both technical and non technical stakeholders. Experience mentoring or supporting junior team members is desirable. A proactive, detail oriented, and solutions focused approach in a fast paced environment. Who is EG Group? EG Group is a leading global convenience retailer, operating a wide range of brands across multiple sectors including fuel, foodservice, and grocery retail. With a presence in over 7 countries and a commitment to innovation and customer service, EG Group continues to expand its portfolio and reach. Our company is focused on delivering value to its customers, partners, and stakeholders through efficient operations and strategic growth. Please note - the successful applicant will be subject to a DBS check which will be funded by EG Group.
11/06/2026
Full time
Role: Senior Cybersecurity Analyst Location: Horwich, BL6 6JW Contract: Full Time Hours / Permanent Salary: Up to £55,000 Company: EG Group About the Role EG Group are looking for a Senior Cybersecurity Analyst to play a key role in protecting the organisation's technology estate across multiple regions. Reporting to the Head of Information Security, you will lead day to day security operations, acting as a technical escalation point for incidents and ensuring threats are effectively identified, investigated, and resolved. This is a hands on role where you will take ownership during high severity incidents, working closely with IT, infrastructure, and compliance teams to ensure security controls are effective and aligned with business needs. You will also contribute to the ongoing development of security processes, supporting the organisation in strengthening its overall security posture within a complex, fast paced environment. Why Join EG Group? Discretionary performance-based bonus scheme Grow your career - gain accredited qualifications, apprenticeships, and progression opportunities within a global organisation Hybrid working - up to 2 days per week (dependent on role and business needs) Salary Sacrifice Schemes - Cycle to Work and Car Scheme available Enhanced Maternity & Paternity leave Generous annual leave entitlement Annual leave buy back scheme - purchase up to 5 additional days Discounted gym membership - stay healthy and save on fitness costs One paid volunteering day per year Wellbeing facilities - space to relax and recharge Free secure on-site parking Dress Down Fridays Free VDU eye test What you'll be doing Leading the investigation and response to security incidents, acting as the escalation point for complex or high severity events. Monitoring and optimising security tooling, including SIEM and endpoint protection platforms, to improve detection and response capabilities. Conducting threat hunting, root cause analysis, and forensic investigations to identify risks and control weaknesses. Developing and maintaining incident response processes, playbooks, and detection rules aligned to best practice frameworks. Translating threat intelligence into actionable controls to strengthen detection and prevention measures. Supporting vulnerability management activities, including identifying, prioritising, and tracking remediation of risks. Collaborating with IT, infrastructure, and compliance teams to embed secure by design principles and improve overall security maturity. This list is not exhaustive and may be added to or amended from time to time. What we're looking for Proven experience in a cybersecurity or security operations role, with exposure to incident response and threat investigation. Strong understanding of security technologies such as SIEM, EDR/XDR, and vulnerability management tools. Experience working with Microsoft security technologies (e.g. Sentinel, Defender, Azure security tools). Strong analytical skills, with the ability to assess risk and make sound decisions under pressure. Experience supporting security frameworks or regulatory requirements (e.g. ISO 27001, NIS2, PCI DSS). Confident communicator, able to engage with both technical and non technical stakeholders. Experience mentoring or supporting junior team members is desirable. A proactive, detail oriented, and solutions focused approach in a fast paced environment. Who is EG Group? EG Group is a leading global convenience retailer, operating a wide range of brands across multiple sectors including fuel, foodservice, and grocery retail. With a presence in over 7 countries and a commitment to innovation and customer service, EG Group continues to expand its portfolio and reach. Our company is focused on delivering value to its customers, partners, and stakeholders through efficient operations and strategic growth. Please note - the successful applicant will be subject to a DBS check which will be funded by EG Group.
Select how often (in days) to receive an alert: Role: Senior Cybersecurity Analyst Location: Horwich, BL6 6JW Contract: Full-Time Hours / Permanent Salary: Up to £55,000 Company: EG Group About the Role: EG Group are looking for a Senior Cybersecurity Analyst to play a key role in protecting the organisation's technology estate across multiple regions. Reporting to the Head of Information Security, you will lead day-to-day security operations, acting as a technical escalation point for incidents and ensuring threats are effectively identified, investigated, and resolved. This is a hands-on role where you will take ownership during high-severity incidents, working closely with IT, infrastructure, and compliance teams to ensure security controls are effective and aligned with business needs. You will also contribute to the ongoing development of security processes, supporting the organisation in strengthening its overall security posture within a complex, fast-paced environment. Why Join EG Group? Discretionary performance-based bonus scheme Grow your career - gain accredited qualifications, apprenticeships, and progression opportunities within a global organisation Hybrid working - up to 2 days per week (dependent on role and business needs) Salary Sacrifice Schemes - Cycle to Work and Car Scheme available Enhanced Maternity & Paternity leave Generous annual leave entitlement Annual leave buy back scheme - purchase up to 5 additional days Discounted gym membership - stay healthy and save on fitness costs One paid volunteering day per year Wellbeing facilities - space to relax and recharge Free secure on-site parking Dress Down Fridays Free VDU eye test What you'll be doing: Leading the investigation and response to security incidents, acting as the escalation point for complex or high-severity events. Monitoring and optimising security tooling, including SIEM and endpoint protection platforms, to improve detection and response capabilities. Conducting threat hunting, root cause analysis, and forensic investigations to identify risks and control weaknesses. Developing and maintaining incident response processes, playbooks, and detection rules aligned to best practice frameworks. Translating threat intelligence into actionable controls to strengthen detection and prevention measures. Supporting vulnerability management activities, including identifying, prioritising, and tracking remediation of risks. Collaborating with IT, infrastructure, and compliance teams to embed secure-by-design principles and improve overall security maturity. This list is not exhaustive and may be added to or amended from time to time. What we're looking for: Proven experience in a cybersecurity or security operations role, with exposure to incident response and threat investigation. Strong understanding of security technologies such as SIEM, EDR/XDR, and vulnerability management tools. Experience working with Microsoft security technologies (e.g. Sentinel, Defender, Azure security tools). Strong analytical skills, with the ability to assess risk and make sound decisions under pressure. Experience supporting security frameworks or regulatory requirements (e.g. ISO 27001, NIS2, PCI DSS). Confident communicator, able to engage with both technical and non-technical stakeholders. Experience mentoring or supporting junior team members is desirable. A proactive, detail-oriented, and solutions-focused approach in a fast-paced environment. Who is EG Group? EG Group is a leading global convenience retailer, operating a wide range of brands across multiple sectors including fuel, foodservice, and grocery retail. With a presence in over 7 countries and a commitment to innovation and customer service, EG Group continues to expand its portfolio and reach. Our company is focused on delivering value to its customers, partners, and stakeholders through efficient operations and strategic growth. Please note - the successful applicant will be subject to a DBS check which will be funded by EG Group. Screen readers cannot read the following searchable map. To activate drag with keyboard, press Alt + Enter. Once in keyboard drag state, use the arrow keys to move the marker. To complete the drag, press the Enter key. To cancel, press Escape. 2 Jobs 1 Job 1 Job 1 Job 1 Job
09/06/2026
Full time
Select how often (in days) to receive an alert: Role: Senior Cybersecurity Analyst Location: Horwich, BL6 6JW Contract: Full-Time Hours / Permanent Salary: Up to £55,000 Company: EG Group About the Role: EG Group are looking for a Senior Cybersecurity Analyst to play a key role in protecting the organisation's technology estate across multiple regions. Reporting to the Head of Information Security, you will lead day-to-day security operations, acting as a technical escalation point for incidents and ensuring threats are effectively identified, investigated, and resolved. This is a hands-on role where you will take ownership during high-severity incidents, working closely with IT, infrastructure, and compliance teams to ensure security controls are effective and aligned with business needs. You will also contribute to the ongoing development of security processes, supporting the organisation in strengthening its overall security posture within a complex, fast-paced environment. Why Join EG Group? Discretionary performance-based bonus scheme Grow your career - gain accredited qualifications, apprenticeships, and progression opportunities within a global organisation Hybrid working - up to 2 days per week (dependent on role and business needs) Salary Sacrifice Schemes - Cycle to Work and Car Scheme available Enhanced Maternity & Paternity leave Generous annual leave entitlement Annual leave buy back scheme - purchase up to 5 additional days Discounted gym membership - stay healthy and save on fitness costs One paid volunteering day per year Wellbeing facilities - space to relax and recharge Free secure on-site parking Dress Down Fridays Free VDU eye test What you'll be doing: Leading the investigation and response to security incidents, acting as the escalation point for complex or high-severity events. Monitoring and optimising security tooling, including SIEM and endpoint protection platforms, to improve detection and response capabilities. Conducting threat hunting, root cause analysis, and forensic investigations to identify risks and control weaknesses. Developing and maintaining incident response processes, playbooks, and detection rules aligned to best practice frameworks. Translating threat intelligence into actionable controls to strengthen detection and prevention measures. Supporting vulnerability management activities, including identifying, prioritising, and tracking remediation of risks. Collaborating with IT, infrastructure, and compliance teams to embed secure-by-design principles and improve overall security maturity. This list is not exhaustive and may be added to or amended from time to time. What we're looking for: Proven experience in a cybersecurity or security operations role, with exposure to incident response and threat investigation. Strong understanding of security technologies such as SIEM, EDR/XDR, and vulnerability management tools. Experience working with Microsoft security technologies (e.g. Sentinel, Defender, Azure security tools). Strong analytical skills, with the ability to assess risk and make sound decisions under pressure. Experience supporting security frameworks or regulatory requirements (e.g. ISO 27001, NIS2, PCI DSS). Confident communicator, able to engage with both technical and non-technical stakeholders. Experience mentoring or supporting junior team members is desirable. A proactive, detail-oriented, and solutions-focused approach in a fast-paced environment. Who is EG Group? EG Group is a leading global convenience retailer, operating a wide range of brands across multiple sectors including fuel, foodservice, and grocery retail. With a presence in over 7 countries and a commitment to innovation and customer service, EG Group continues to expand its portfolio and reach. Our company is focused on delivering value to its customers, partners, and stakeholders through efficient operations and strategic growth. Please note - the successful applicant will be subject to a DBS check which will be funded by EG Group. Screen readers cannot read the following searchable map. To activate drag with keyboard, press Alt + Enter. Once in keyboard drag state, use the arrow keys to move the marker. To complete the drag, press the Enter key. To cancel, press Escape. 2 Jobs 1 Job 1 Job 1 Job 1 Job
CBSbutler Ltd. is seeking a Senior SOC Analyst to join a high-performing Cyber Security Operations Centre in Corsham. The role involves leading threat detection, incident response, and vulnerability management. Candidates should have strong experience with SIEM/ SOAR platforms and current DV clearance. The position offers a salary of £575 - £650 per day and focuses on enhancing security monitoring capabilities.
09/06/2026
Full time
CBSbutler Ltd. is seeking a Senior SOC Analyst to join a high-performing Cyber Security Operations Centre in Corsham. The role involves leading threat detection, incident response, and vulnerability management. Candidates should have strong experience with SIEM/ SOAR platforms and current DV clearance. The position offers a salary of £575 - £650 per day and focuses on enhancing security monitoring capabilities.
Senior SOC Analyst +9 months + +DV cleared role - current active DV clearance is essential +Inside IR35 +£575 - £650 a day +Corsham / Portsmouth We are seeking an experienced Senior SOC Analyst to join a high-performing Cyber Security Operations Centre supporting critical national security environments. This is an opportunity to work at the forefront of cyber defence, leading threat detection, incident response, vulnerability management, and continuous improvement of security monitoring capabilities. As a Senior SOC Analyst, you will play a key role in protecting complex enterprise environments through the management and optimisation of security tooling, threat detection, incident response, and forensic investigations. You will work closely with internal and external stakeholders to enhance SOC capabilities, improve security visibility, and strengthen cyber resilience. Key Responsibilities Maintain and optimise SOC Protect, Detect and Respond tooling. Configure, implement and support new security monitoring technologies. Develop detection rules, correlation logic, automation scripts and response playbooks. Manage vulnerability scanning platforms and contribute to wider SOC strategy. Integrate and onboard standard and non-standard log sources into SIEM platforms. Monitor, investigate and respond to security incidents and emerging threats. Conduct forensic investigations and malware analysis, producing actionable intelligence and Indicators of Compromise (IoCs). Tune and enhance SIEM, SOAR, EDR, DLP, email security and intrusion detection technologies. Analyse attacker tactics, techniques and procedures (TTPs) using frameworks such as MITRE ATT&CK. Produce dashboards, reports and recommendations to improve security posture. Ensure adherence to operational processes, SLAs, KPIs and security policies. Drive continuous improvement across SOC processes, tooling and service delivery. Essential Skills & Experience Current Developed Vetting (DV) Clearance. Strong experience administering and tuning SIEM and SOAR platforms. Hands on experience with technologies such as Elastic, Trend Micro, Tripwire, Tanium, Clearswift and SolarWinds. Experience in threat hunting, incident response, digital forensics and malware analysis. Strong understanding of Windows and Linux environments. Experience writing and tuning detection signatures, correlation rules and monitoring use cases. Knowledge of log collection, aggregation and analysis technologies including ELK Stack, Syslog and Windows Event Forwarding. Experience with scripting and automation using Python, PowerShell, Bash, Perl or similar. Understanding of network forensics, threat intelligence and cyber threat detection methodologies. Knowledge of ISO 27001:2022, MITRE ATT&CK, and IT Service Management principles.
09/06/2026
Full time
Senior SOC Analyst +9 months + +DV cleared role - current active DV clearance is essential +Inside IR35 +£575 - £650 a day +Corsham / Portsmouth We are seeking an experienced Senior SOC Analyst to join a high-performing Cyber Security Operations Centre supporting critical national security environments. This is an opportunity to work at the forefront of cyber defence, leading threat detection, incident response, vulnerability management, and continuous improvement of security monitoring capabilities. As a Senior SOC Analyst, you will play a key role in protecting complex enterprise environments through the management and optimisation of security tooling, threat detection, incident response, and forensic investigations. You will work closely with internal and external stakeholders to enhance SOC capabilities, improve security visibility, and strengthen cyber resilience. Key Responsibilities Maintain and optimise SOC Protect, Detect and Respond tooling. Configure, implement and support new security monitoring technologies. Develop detection rules, correlation logic, automation scripts and response playbooks. Manage vulnerability scanning platforms and contribute to wider SOC strategy. Integrate and onboard standard and non-standard log sources into SIEM platforms. Monitor, investigate and respond to security incidents and emerging threats. Conduct forensic investigations and malware analysis, producing actionable intelligence and Indicators of Compromise (IoCs). Tune and enhance SIEM, SOAR, EDR, DLP, email security and intrusion detection technologies. Analyse attacker tactics, techniques and procedures (TTPs) using frameworks such as MITRE ATT&CK. Produce dashboards, reports and recommendations to improve security posture. Ensure adherence to operational processes, SLAs, KPIs and security policies. Drive continuous improvement across SOC processes, tooling and service delivery. Essential Skills & Experience Current Developed Vetting (DV) Clearance. Strong experience administering and tuning SIEM and SOAR platforms. Hands on experience with technologies such as Elastic, Trend Micro, Tripwire, Tanium, Clearswift and SolarWinds. Experience in threat hunting, incident response, digital forensics and malware analysis. Strong understanding of Windows and Linux environments. Experience writing and tuning detection signatures, correlation rules and monitoring use cases. Knowledge of log collection, aggregation and analysis technologies including ELK Stack, Syslog and Windows Event Forwarding. Experience with scripting and automation using Python, PowerShell, Bash, Perl or similar. Understanding of network forensics, threat intelligence and cyber threat detection methodologies. Knowledge of ISO 27001:2022, MITRE ATT&CK, and IT Service Management principles.
Senior SOC Analyst +9 months + +DV cleared role - current active DV clearance is essential +Inside IR35 +£575 - £630 a day +Corsham / Portsmouth Key Skills: ISO27001 DV Cleareance SIEM/SOAR - Elastic, Trend Micro, Tripwire, Tanium, Clearswift and SolarWinds. We are seeking an experienced Senior SOC Analyst to join a high-performing Cyber Security Operations Centre supporting critical national security environments. This is an opportunity to work at the forefront of cyber defence, leading threat detection, incident response, vulnerability management, and continuous improvement of security monitoring capabilities. As a Senior SOC Analyst, you will play a key role in protecting complex enterprise environments through the management and optimisation of security tooling, threat detection, incident response, and forensic investigations. You will work closely with internal and external stakeholders to enhance SOC capabilities, improve security visibility, and strengthen cyber resilience. Key Responsibilities Maintain and optimise SOC Protect, Detect and Respond tooling. Configure, implement and support new security monitoring technologies. Develop detection rules, correlation logic, automation scripts and response playbooks. Manage vulnerability scanning platforms and contribute to wider SOC strategy. Integrate and onboard standard and non-standard log sources into SIEM platforms. Monitor, investigate and respond to security incidents and emerging threats. Conduct forensic investigations and malware analysis, producing actionable intelligence and Indicators of Compromise (IoCs). Tune and enhance SIEM, SOAR, EDR, DLP, email security and intrusion detection technologies. Analyse attacker tactics, techniques and procedures (TTPs) using frameworks such as MITRE ATT&CK. Produce dashboards, reports and recommendations to improve security posture. Ensure adherence to operational processes, SLAs, KPIs and security policies. Drive continuous improvement across SOC processes, tooling and service delivery. Essential Skills & Experience Current Developed Vetting (DV) Clearance. Strong experience administering and tuning SIEM and SOAR platforms. Hands on experience with technologies such as Elastic, Trend Micro, Tripwire, Tanium, Clearswift and SolarWinds. Experience in threat hunting, incident response, digital forensics and malware analysis. Strong understanding of Windows and Linux environments. Experience writing and tuning detection signatures, correlation rules and monitoring use cases. Knowledge of log collection, aggregation and analysis technologies including ELK Stack, Syslog and Windows Event Forwarding. Experience with scripting and automation using Python, PowerShell, Bash, Perl or similar. Understanding of network forensics, threat intelligence and cyber threat detection methodologies. Knowledge of ISO 27001:2022, MITRE ATT&CK, and IT Service Management principles.
09/06/2026
Full time
Senior SOC Analyst +9 months + +DV cleared role - current active DV clearance is essential +Inside IR35 +£575 - £630 a day +Corsham / Portsmouth Key Skills: ISO27001 DV Cleareance SIEM/SOAR - Elastic, Trend Micro, Tripwire, Tanium, Clearswift and SolarWinds. We are seeking an experienced Senior SOC Analyst to join a high-performing Cyber Security Operations Centre supporting critical national security environments. This is an opportunity to work at the forefront of cyber defence, leading threat detection, incident response, vulnerability management, and continuous improvement of security monitoring capabilities. As a Senior SOC Analyst, you will play a key role in protecting complex enterprise environments through the management and optimisation of security tooling, threat detection, incident response, and forensic investigations. You will work closely with internal and external stakeholders to enhance SOC capabilities, improve security visibility, and strengthen cyber resilience. Key Responsibilities Maintain and optimise SOC Protect, Detect and Respond tooling. Configure, implement and support new security monitoring technologies. Develop detection rules, correlation logic, automation scripts and response playbooks. Manage vulnerability scanning platforms and contribute to wider SOC strategy. Integrate and onboard standard and non-standard log sources into SIEM platforms. Monitor, investigate and respond to security incidents and emerging threats. Conduct forensic investigations and malware analysis, producing actionable intelligence and Indicators of Compromise (IoCs). Tune and enhance SIEM, SOAR, EDR, DLP, email security and intrusion detection technologies. Analyse attacker tactics, techniques and procedures (TTPs) using frameworks such as MITRE ATT&CK. Produce dashboards, reports and recommendations to improve security posture. Ensure adherence to operational processes, SLAs, KPIs and security policies. Drive continuous improvement across SOC processes, tooling and service delivery. Essential Skills & Experience Current Developed Vetting (DV) Clearance. Strong experience administering and tuning SIEM and SOAR platforms. Hands on experience with technologies such as Elastic, Trend Micro, Tripwire, Tanium, Clearswift and SolarWinds. Experience in threat hunting, incident response, digital forensics and malware analysis. Strong understanding of Windows and Linux environments. Experience writing and tuning detection signatures, correlation rules and monitoring use cases. Knowledge of log collection, aggregation and analysis technologies including ELK Stack, Syslog and Windows Event Forwarding. Experience with scripting and automation using Python, PowerShell, Bash, Perl or similar. Understanding of network forensics, threat intelligence and cyber threat detection methodologies. Knowledge of ISO 27001:2022, MITRE ATT&CK, and IT Service Management principles.
CBSbutler Holdings Limited trading as CBSbutler
Portsmouth, Hampshire
Senior SOC Analyst +9 months + +DV cleared role - current active DV clearance is essential +Inside IR35 + 575 - 630 a day +Corsham / Portsmouth Key Skills: ISO27001 DV Cleareance SIEM/SOAR - Elastic, Trend Micro, Tripwire, Tanium, Clearswift and SolarWinds . We are seeking an experienced Senior SOC Analyst to join a high-performing Cyber Security Operations Centre supporting critical national security environments. This is an opportunity to work at the forefront of cyber defence, leading threat detection, incident response, vulnerability management, and continuous improvement of security monitoring capabilities. As a Senior SOC Analyst, you will play a key role in protecting complex enterprise environments through the management and optimisation of security tooling, threat detection, incident response, and forensic investigations. You will work closely with internal and external stakeholders to enhance SOC capabilities, improve security visibility, and strengthen cyber resilience. Key Responsibilities Maintain and optimise SOC Protect, Detect and Respond tooling. Configure, implement and support new security monitoring technologies. Develop detection rules, correlation logic, automation scripts and response playbooks. Manage vulnerability scanning platforms and contribute to wider SOC strategy. Integrate and onboard standard and non-standard log sources into SIEM platforms. Monitor, investigate and respond to security incidents and emerging threats. Conduct forensic investigations and malware analysis, producing actionable intelligence and Indicators of Compromise (IoCs). Tune and enhance SIEM, SOAR, EDR, DLP, email security and intrusion detection technologies. Analyse attacker tactics, techniques and procedures (TTPs) using frameworks such as MITRE ATT&CK. Produce dashboards, reports and recommendations to improve security posture. Ensure adherence to operational processes, SLAs, KPIs and security policies. Drive continuous improvement across SOC processes, tooling and service delivery. Essential Skills & Experience Current Developed Vetting (DV) Clearance . Strong experience administering and tuning SIEM and SOAR platforms. Hands-on experience with technologies such as Elastic, Trend Micro, Tripwire, Tanium, Clearswift and SolarWinds . Experience in threat hunting, incident response, digital forensics and malware analysis. Strong understanding of Windows and Linux environments. Experience writing and tuning detection signatures, correlation rules and monitoring use cases. Knowledge of log collection, aggregation and analysis technologies including ELK Stack, Syslog and Windows Event Forwarding. Experience with scripting and automation using Python, PowerShell, Bash, Perl or similar. Understanding of network forensics, threat intelligence and cyber threat detection methodologies. Knowledge of ISO 27001:2022 , MITRE ATT&CK , and IT Service Management principles.
05/06/2026
Contractor
Senior SOC Analyst +9 months + +DV cleared role - current active DV clearance is essential +Inside IR35 + 575 - 630 a day +Corsham / Portsmouth Key Skills: ISO27001 DV Cleareance SIEM/SOAR - Elastic, Trend Micro, Tripwire, Tanium, Clearswift and SolarWinds . We are seeking an experienced Senior SOC Analyst to join a high-performing Cyber Security Operations Centre supporting critical national security environments. This is an opportunity to work at the forefront of cyber defence, leading threat detection, incident response, vulnerability management, and continuous improvement of security monitoring capabilities. As a Senior SOC Analyst, you will play a key role in protecting complex enterprise environments through the management and optimisation of security tooling, threat detection, incident response, and forensic investigations. You will work closely with internal and external stakeholders to enhance SOC capabilities, improve security visibility, and strengthen cyber resilience. Key Responsibilities Maintain and optimise SOC Protect, Detect and Respond tooling. Configure, implement and support new security monitoring technologies. Develop detection rules, correlation logic, automation scripts and response playbooks. Manage vulnerability scanning platforms and contribute to wider SOC strategy. Integrate and onboard standard and non-standard log sources into SIEM platforms. Monitor, investigate and respond to security incidents and emerging threats. Conduct forensic investigations and malware analysis, producing actionable intelligence and Indicators of Compromise (IoCs). Tune and enhance SIEM, SOAR, EDR, DLP, email security and intrusion detection technologies. Analyse attacker tactics, techniques and procedures (TTPs) using frameworks such as MITRE ATT&CK. Produce dashboards, reports and recommendations to improve security posture. Ensure adherence to operational processes, SLAs, KPIs and security policies. Drive continuous improvement across SOC processes, tooling and service delivery. Essential Skills & Experience Current Developed Vetting (DV) Clearance . Strong experience administering and tuning SIEM and SOAR platforms. Hands-on experience with technologies such as Elastic, Trend Micro, Tripwire, Tanium, Clearswift and SolarWinds . Experience in threat hunting, incident response, digital forensics and malware analysis. Strong understanding of Windows and Linux environments. Experience writing and tuning detection signatures, correlation rules and monitoring use cases. Knowledge of log collection, aggregation and analysis technologies including ELK Stack, Syslog and Windows Event Forwarding. Experience with scripting and automation using Python, PowerShell, Bash, Perl or similar. Understanding of network forensics, threat intelligence and cyber threat detection methodologies. Knowledge of ISO 27001:2022 , MITRE ATT&CK , and IT Service Management principles.
The IT department has approximately 60 staff globally, located in London, Paris, Piraeus, Dubai, Hong Kong, Sao Paulo, Melbourne, Perth, Singapore, and Sydney. HFW's Cybersecurity vision is to protect and strengthen the firm through delivering a global cybersecurity service that safeguards our global operations and data and enables the firm to achieve its wider strategic goals. The role The Senior Cyber Security Analyst is a new role in the firm, expanding its cybersecurity operations capacity and capability. The successful candidate will Work with the cyber team and IT colleagues to ensure that systems and services are both secure and stable enabling the firm to deliver outstanding service to its clients and achieve its wider strategic goals. Provide advice and guidance on information and cybersecurity operations to manage identified threats and risks and ensure adoption and adherence to standards. Ensure cybersecurity controls are being operated efficiently and effectively across the firm globally. Ensure that the firm remains resilient to evolving cyberthreats, by providing continual service improvement. Key responsibilities Undertake efficient, effective and proactive day to day cybersecurity operations to minimise the risk of a security incident, enabling the firm to do business. Maintain the capability to react and respond to incidents in an effective and timely manner, minimising their impact to the firm. Provide expertise and cybersecurity requirements to the firm's change programme to ensure that security good practice is fully embedded into change initiatives, and security by design principles are applied. Provide 3rd line support to the IT service desk, responding to support requests and incident tickets which have been triaged and escalated to the cybersecurity operations team, and provide out of hours support through participation in an on call rota. Undertake routine monitoring of security alerts generated by systems and consumed by the cybersecurity team, investigating, analysing and responding to them as required. Co ordinate and undertake regular reviews of security tools to ensure they are maintained in a fully operational state across all in scope assets and are tuned to incorporate new features or changes to the operational environment. Co ordinate and undertake threat modelling to identify and analyse potential security threats, and ensure the necessary controls are in place to manage the threat and associated risks. Co ordinate and undertake regular threat hunting, analysing logs and event data across the firm's systems, and procuring threat intelligence to inform the hunts. Provide technical leadership during security incident response, from identification through to containment, eradication, recovery and post incident review, reporting and recommendations; liaising with external IR providers as required. Maintain Incident response playbooks and undertake regular IR exercises. Ensure that the internal team and managed service security providers have clear roles and responsibilities, and services are joined up and operated seamlessly. Ensure that the day to day operations of the wider IT systems are compliant with the firm's security policies and standards. Conduct risk assessments and recommend security improvements. Provide guidance on secure configuration and hardening the security of systems. Manage penetration testing activities conducted by third party testers and any remediation activities required. Fulfil 3rd line support and service request tickets. Develop, document and maintain security procedures and cybersecurity operational documentation. Oversee and drive vulnerability management activities with the technical systems owners. Ensure audit trails, system logs and other monitoring data sources are reviewed regularly, and are following policies and audit requirements. Provide out of hours support for security incidents. Any other ad hoc duties as and when required. Key skills & experience required 5+ years' experience in cybersecurity or information security. Bachelor's Degree in Cybersecurity, or similar, Industry certifications such as CompTIA Security+, GIAC, CISM, CISSP or other relevant certification preferred. Strong understanding of network and end point security, incident response, threat intelligence, and vulnerability management. Experienced with security tools such as SIEM platforms, EDR/XDR solutions, firewalls, IDS/IPS. Strong knowledge of Microsoft Azure cloud security technologies and concepts. Familiar with cybersecurity frameworks such as NIST CSF, ISO27001, CIS Controls. Strong analytical, and problem solving skills. Good understanding of best practice security operations and architectures. Knowledgeable on security and data protection legislations and regulations, and the security requirements resulting from them. Resilient, and able to work effectively and prioritise correctly in high pressure situations. Broad knowledge of Information Security, IT and industry best practices. Ability to work well under minimal supervision. Equal opportunity HFW aims to ensure equality of opportunity, and we are actively working towards improving the diversity of our staff. All applications will be considered only on merit and the applicant's suitability to meet the requirements of the role. HFW collects and processes personal data relating to job applicants to manage its recruitment process. The firm is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations. For information on how the firm will process your data, please see our Privacy Notice on our website (), in the section "What we collect and how we use it".
05/06/2026
Full time
The IT department has approximately 60 staff globally, located in London, Paris, Piraeus, Dubai, Hong Kong, Sao Paulo, Melbourne, Perth, Singapore, and Sydney. HFW's Cybersecurity vision is to protect and strengthen the firm through delivering a global cybersecurity service that safeguards our global operations and data and enables the firm to achieve its wider strategic goals. The role The Senior Cyber Security Analyst is a new role in the firm, expanding its cybersecurity operations capacity and capability. The successful candidate will Work with the cyber team and IT colleagues to ensure that systems and services are both secure and stable enabling the firm to deliver outstanding service to its clients and achieve its wider strategic goals. Provide advice and guidance on information and cybersecurity operations to manage identified threats and risks and ensure adoption and adherence to standards. Ensure cybersecurity controls are being operated efficiently and effectively across the firm globally. Ensure that the firm remains resilient to evolving cyberthreats, by providing continual service improvement. Key responsibilities Undertake efficient, effective and proactive day to day cybersecurity operations to minimise the risk of a security incident, enabling the firm to do business. Maintain the capability to react and respond to incidents in an effective and timely manner, minimising their impact to the firm. Provide expertise and cybersecurity requirements to the firm's change programme to ensure that security good practice is fully embedded into change initiatives, and security by design principles are applied. Provide 3rd line support to the IT service desk, responding to support requests and incident tickets which have been triaged and escalated to the cybersecurity operations team, and provide out of hours support through participation in an on call rota. Undertake routine monitoring of security alerts generated by systems and consumed by the cybersecurity team, investigating, analysing and responding to them as required. Co ordinate and undertake regular reviews of security tools to ensure they are maintained in a fully operational state across all in scope assets and are tuned to incorporate new features or changes to the operational environment. Co ordinate and undertake threat modelling to identify and analyse potential security threats, and ensure the necessary controls are in place to manage the threat and associated risks. Co ordinate and undertake regular threat hunting, analysing logs and event data across the firm's systems, and procuring threat intelligence to inform the hunts. Provide technical leadership during security incident response, from identification through to containment, eradication, recovery and post incident review, reporting and recommendations; liaising with external IR providers as required. Maintain Incident response playbooks and undertake regular IR exercises. Ensure that the internal team and managed service security providers have clear roles and responsibilities, and services are joined up and operated seamlessly. Ensure that the day to day operations of the wider IT systems are compliant with the firm's security policies and standards. Conduct risk assessments and recommend security improvements. Provide guidance on secure configuration and hardening the security of systems. Manage penetration testing activities conducted by third party testers and any remediation activities required. Fulfil 3rd line support and service request tickets. Develop, document and maintain security procedures and cybersecurity operational documentation. Oversee and drive vulnerability management activities with the technical systems owners. Ensure audit trails, system logs and other monitoring data sources are reviewed regularly, and are following policies and audit requirements. Provide out of hours support for security incidents. Any other ad hoc duties as and when required. Key skills & experience required 5+ years' experience in cybersecurity or information security. Bachelor's Degree in Cybersecurity, or similar, Industry certifications such as CompTIA Security+, GIAC, CISM, CISSP or other relevant certification preferred. Strong understanding of network and end point security, incident response, threat intelligence, and vulnerability management. Experienced with security tools such as SIEM platforms, EDR/XDR solutions, firewalls, IDS/IPS. Strong knowledge of Microsoft Azure cloud security technologies and concepts. Familiar with cybersecurity frameworks such as NIST CSF, ISO27001, CIS Controls. Strong analytical, and problem solving skills. Good understanding of best practice security operations and architectures. Knowledgeable on security and data protection legislations and regulations, and the security requirements resulting from them. Resilient, and able to work effectively and prioritise correctly in high pressure situations. Broad knowledge of Information Security, IT and industry best practices. Ability to work well under minimal supervision. Equal opportunity HFW aims to ensure equality of opportunity, and we are actively working towards improving the diversity of our staff. All applications will be considered only on merit and the applicant's suitability to meet the requirements of the role. HFW collects and processes personal data relating to job applicants to manage its recruitment process. The firm is committed to being transparent about how it collects and uses that data and to meeting its data protection obligations. For information on how the firm will process your data, please see our Privacy Notice on our website (), in the section "What we collect and how we use it".
We re Hiring: Senior Cyber Security Analyst Corsham I m currently looking for a Senior Cyber Security Analyst to join our SOC team at Computer Network Defence Ltd (CND). This is a key hire within our MSSP Security Operations Centre, offering the opportunity to take a lead role in incident analysis, client engagement, and mentoring junior analysts, while shaping how the SOC continues to evolve. The Role As a Senior Cyber Security Analyst, you will support the SOC Team Lead and play a central role in monitoring, triaging, and investigating security events across a range of client environments. You ll be working across SIEM platforms, vulnerability management tools, threat intelligence sources, and network telemetry to deliver effective detection and response. You will also take on client-facing responsibilities, presenting findings, trends, and insights, as well as contributing to reporting and continuous improvement within the SOC. Key Responsibilities Monitor, triage and investigate security alerts across multiple platforms Conduct in-depth incident analysis and support ongoing client investigations Act as deputy to the SOC Team Lead when required Review and assess escalated Tier 2 alerts for urgency and impact Deliver weekly and monthly reporting to clients and stakeholders Communicate security findings and trends directly to clients Support vulnerability management analysis and remediation efforts Lead false-positive reduction and SIEM tuning activities Mentor and support development of Tier 1 and junior analysts Contribute to SOC process improvement and operational efficiency Participate in incident response activities as part of the wider team Lead internal SOC initiatives and projects where required Create and deliver presentations for clients and internal teams What We re Looking For Strong experience within a SOC or cyber security operations environment Proven ability to investigate and analyse complex security incidents Experience with SIEM platforms, threat intelligence, and security tooling Strong stakeholder and client communication skills Ability to mentor and develop junior team members Proactive approach to problem-solving and continuous improvement Good understanding of current cyber threats, tactics and trends Package & Details Location: Isle of Man (relocation package)/Corsham Hours: 37.5 hours per week, plus on-call rota Working pattern: Monday to Friday, 09 00 (early Friday finish at 16:00, workload permitting) Clearance: SC Cleared This is a great opportunity for someone looking to step into a more senior, visible role within a growing SOC, with real influence over both technical delivery and team development.
04/06/2026
Full time
We re Hiring: Senior Cyber Security Analyst Corsham I m currently looking for a Senior Cyber Security Analyst to join our SOC team at Computer Network Defence Ltd (CND). This is a key hire within our MSSP Security Operations Centre, offering the opportunity to take a lead role in incident analysis, client engagement, and mentoring junior analysts, while shaping how the SOC continues to evolve. The Role As a Senior Cyber Security Analyst, you will support the SOC Team Lead and play a central role in monitoring, triaging, and investigating security events across a range of client environments. You ll be working across SIEM platforms, vulnerability management tools, threat intelligence sources, and network telemetry to deliver effective detection and response. You will also take on client-facing responsibilities, presenting findings, trends, and insights, as well as contributing to reporting and continuous improvement within the SOC. Key Responsibilities Monitor, triage and investigate security alerts across multiple platforms Conduct in-depth incident analysis and support ongoing client investigations Act as deputy to the SOC Team Lead when required Review and assess escalated Tier 2 alerts for urgency and impact Deliver weekly and monthly reporting to clients and stakeholders Communicate security findings and trends directly to clients Support vulnerability management analysis and remediation efforts Lead false-positive reduction and SIEM tuning activities Mentor and support development of Tier 1 and junior analysts Contribute to SOC process improvement and operational efficiency Participate in incident response activities as part of the wider team Lead internal SOC initiatives and projects where required Create and deliver presentations for clients and internal teams What We re Looking For Strong experience within a SOC or cyber security operations environment Proven ability to investigate and analyse complex security incidents Experience with SIEM platforms, threat intelligence, and security tooling Strong stakeholder and client communication skills Ability to mentor and develop junior team members Proactive approach to problem-solving and continuous improvement Good understanding of current cyber threats, tactics and trends Package & Details Location: Isle of Man (relocation package)/Corsham Hours: 37.5 hours per week, plus on-call rota Working pattern: Monday to Friday, 09 00 (early Friday finish at 16:00, workload permitting) Clearance: SC Cleared This is a great opportunity for someone looking to step into a more senior, visible role within a growing SOC, with real influence over both technical delivery and team development.
CBSbutler Holdings Limited trading as CBSbutler
Corsham, Wiltshire
Senior SOC Analyst +9 months + +DV cleared role - current active DV clearance is essential +Inside IR35 + 575 - 650 a day +Corsham / Portsmouth We are seeking an experienced Senior SOC Analyst to join a high-performing Cyber Security Operations Centre supporting critical national security environments. This is an opportunity to work at the forefront of cyber defence, leading threat detection, incident response, vulnerability management, and continuous improvement of security monitoring capabilities. As a Senior SOC Analyst, you will play a key role in protecting complex enterprise environments through the management and optimisation of security tooling, threat detection, incident response, and forensic investigations. You will work closely with internal and external stakeholders to enhance SOC capabilities, improve security visibility, and strengthen cyber resilience. Key Responsibilities Maintain and optimise SOC Protect, Detect and Respond tooling. Configure, implement and support new security monitoring technologies. Develop detection rules, correlation logic, automation scripts and response playbooks. Manage vulnerability scanning platforms and contribute to wider SOC strategy. Integrate and onboard standard and non-standard log sources into SIEM platforms. Monitor, investigate and respond to security incidents and emerging threats. Conduct forensic investigations and malware analysis, producing actionable intelligence and Indicators of Compromise (IoCs). Tune and enhance SIEM, SOAR, EDR, DLP, email security and intrusion detection technologies. Analyse attacker tactics, techniques and procedures (TTPs) using frameworks such as MITRE ATT&CK. Produce dashboards, reports and recommendations to improve security posture. Ensure adherence to operational processes, SLAs, KPIs and security policies. Drive continuous improvement across SOC processes, tooling and service delivery. Essential Skills & Experience Current Developed Vetting (DV) Clearance . Strong experience administering and tuning SIEM and SOAR platforms. Hands-on experience with technologies such as Elastic, Trend Micro, Tripwire, Tanium, Clearswift and SolarWinds . Experience in threat hunting, incident response, digital forensics and malware analysis. Strong understanding of Windows and Linux environments. Experience writing and tuning detection signatures, correlation rules and monitoring use cases. Knowledge of log collection, aggregation and analysis technologies including ELK Stack, Syslog and Windows Event Forwarding. Experience with scripting and automation using Python, PowerShell, Bash, Perl or similar. Understanding of network forensics, threat intelligence and cyber threat detection methodologies. Knowledge of ISO 27001:2022 , MITRE ATT&CK , and IT Service Management principles. If you'd like to discuss this Senior SOC Analyst in more detail, please send your updated CV to (url removed) and I will get in touch.
02/06/2026
Contractor
Senior SOC Analyst +9 months + +DV cleared role - current active DV clearance is essential +Inside IR35 + 575 - 650 a day +Corsham / Portsmouth We are seeking an experienced Senior SOC Analyst to join a high-performing Cyber Security Operations Centre supporting critical national security environments. This is an opportunity to work at the forefront of cyber defence, leading threat detection, incident response, vulnerability management, and continuous improvement of security monitoring capabilities. As a Senior SOC Analyst, you will play a key role in protecting complex enterprise environments through the management and optimisation of security tooling, threat detection, incident response, and forensic investigations. You will work closely with internal and external stakeholders to enhance SOC capabilities, improve security visibility, and strengthen cyber resilience. Key Responsibilities Maintain and optimise SOC Protect, Detect and Respond tooling. Configure, implement and support new security monitoring technologies. Develop detection rules, correlation logic, automation scripts and response playbooks. Manage vulnerability scanning platforms and contribute to wider SOC strategy. Integrate and onboard standard and non-standard log sources into SIEM platforms. Monitor, investigate and respond to security incidents and emerging threats. Conduct forensic investigations and malware analysis, producing actionable intelligence and Indicators of Compromise (IoCs). Tune and enhance SIEM, SOAR, EDR, DLP, email security and intrusion detection technologies. Analyse attacker tactics, techniques and procedures (TTPs) using frameworks such as MITRE ATT&CK. Produce dashboards, reports and recommendations to improve security posture. Ensure adherence to operational processes, SLAs, KPIs and security policies. Drive continuous improvement across SOC processes, tooling and service delivery. Essential Skills & Experience Current Developed Vetting (DV) Clearance . Strong experience administering and tuning SIEM and SOAR platforms. Hands-on experience with technologies such as Elastic, Trend Micro, Tripwire, Tanium, Clearswift and SolarWinds . Experience in threat hunting, incident response, digital forensics and malware analysis. Strong understanding of Windows and Linux environments. Experience writing and tuning detection signatures, correlation rules and monitoring use cases. Knowledge of log collection, aggregation and analysis technologies including ELK Stack, Syslog and Windows Event Forwarding. Experience with scripting and automation using Python, PowerShell, Bash, Perl or similar. Understanding of network forensics, threat intelligence and cyber threat detection methodologies. Knowledge of ISO 27001:2022 , MITRE ATT&CK , and IT Service Management principles. If you'd like to discuss this Senior SOC Analyst in more detail, please send your updated CV to (url removed) and I will get in touch.
