Security Analyst SOC, Tier 2 SOC Analyst to join an award winning managed service provider 24x7 security team. As a Tier 2 Analyst, you will lead the investigation, containment, and coordination of security incidents, working closely with Tier 1 analysts, internal IT teams, and external stakeholders. Taking ownership of complex alerts, support threat hunting and intelligence efforts, and contribute to the refinement of detection rules, playbooks, and response procedures. You will be involved in • Incident Detection & Response • Threat Intelligence and Analysis • Security Monitoring and Detection Engineering • Compliance, Reporting and Documentation • Vulnerability Management • Collaboration and knowledge sharing This would suit an experienced security analyst who has proved experience working in a busy security department, working in security operations. Strong alert triage, incident response, security monitoring, and threat analysis. Experience handling real-world security incidents and working with SIEM, EDR, or vulnerability management tools. Ideally have a strong bachelor s degree in computer science, Information Security, Cyber Security or related field with any SIEM-specific certification or vendor-specific training. Relevant cybersecurity certifications such as Certified Cloud Security Professional (CCSP) or other relevant security certifications, Security+ (CompTIA), CEH (Certified Ethical Hacker), CISSP, BTL1, BTL2 or others are highly desirable but not essential. Office based in Stoke on Trent, shifts, rota basis of 4 days on working - early's, late's and nights. This is an excellent opportunity for an experienced security analyst ready to take the next step with a chance to mentor junior analysts, deepen your technical expertise, and help shape our evolving security posture in a collaborative, hands-on environment.
17/04/2026
Full time
Security Analyst SOC, Tier 2 SOC Analyst to join an award winning managed service provider 24x7 security team. As a Tier 2 Analyst, you will lead the investigation, containment, and coordination of security incidents, working closely with Tier 1 analysts, internal IT teams, and external stakeholders. Taking ownership of complex alerts, support threat hunting and intelligence efforts, and contribute to the refinement of detection rules, playbooks, and response procedures. You will be involved in • Incident Detection & Response • Threat Intelligence and Analysis • Security Monitoring and Detection Engineering • Compliance, Reporting and Documentation • Vulnerability Management • Collaboration and knowledge sharing This would suit an experienced security analyst who has proved experience working in a busy security department, working in security operations. Strong alert triage, incident response, security monitoring, and threat analysis. Experience handling real-world security incidents and working with SIEM, EDR, or vulnerability management tools. Ideally have a strong bachelor s degree in computer science, Information Security, Cyber Security or related field with any SIEM-specific certification or vendor-specific training. Relevant cybersecurity certifications such as Certified Cloud Security Professional (CCSP) or other relevant security certifications, Security+ (CompTIA), CEH (Certified Ethical Hacker), CISSP, BTL1, BTL2 or others are highly desirable but not essential. Office based in Stoke on Trent, shifts, rota basis of 4 days on working - early's, late's and nights. This is an excellent opportunity for an experienced security analyst ready to take the next step with a chance to mentor junior analysts, deepen your technical expertise, and help shape our evolving security posture in a collaborative, hands-on environment.
We are currently recruiting for Senior Cyber Security Analysts and Associate Security Analysts - both working a 3-month contract for our client 3 days per week on-site in London. As a senior security analyst with responsibility for incident response, you will: lead the investigation of security alerts to understand the nature and extent of possible cyber incidents lead the forensic analysis of systems, files, network traffic and cloud environments lead the technical response to cyber incidents by identifying and implementing (or coordinating the implementation of) containment, eradication and recovery actions support the wider coordination of cyber incidents review previous incidents to identify lessons and actions identify and deliver opportunities for continual improvement of the incident response capability work closely alongside other Cyber Defence functions, supporting the continual improvement of wider capabilities develop and update internal plans, playbooks and knowledge base articles act as an escalation point for, and provide coaching and mentoring to, security analysts be responsible for leadership and line management of security analysts Cyber incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join. We're interested in people who have: significant experience investigating and responding to cyber incidents significant experience using security tools (eg, EDR, SIEM) to support the investigation and response to cyber incidents experience managing and coordinating the response to cyber incidents experience coaching and mentoring junior staff an in-depth understanding of the tools, techniques and procedures used by threat actors excellent analytical and problem solving skills excellent verbal and written communication skills It's desirable, but not essential, that you have: experience with Splunk experience working in an Agile environment experience with cloud environments such as AWS As an associate security analyst you will: triage and investigate cyber security alerts and reports from users use a variety of techniques to analyse systems, files, network traffic and cloud environments and understand the nature and extent of possible cyber incidents support the technical response to cyber incidents by identifying and implementing (or supporting the implementation of) containment, eradication and recovery actions support the coordination of cyber incidents contribute to post-incident reviews to identify lessons and actions identify opportunities for, and support the delivery of, continual improvements to the incident investigation and response capability work closely alongside other Cyber Defence functions, supporting the continual improvement of wider capabilities contribute to internal plans, playbooks and knowledge base articles act as an escalation point for, and provide coaching and mentoring to, apprentice security analysts be responsible for line management of apprentice security analysts Cyber incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join We're interested in people who have: experience investigating and responding to cyber incidents experience using security tools (eg, EDR, SIEM) to support the investigation and response to cyber incidents Experience with SIEM tools (experience of Splunk preferred but experience of Microsoft Sentinel or an equivalent SIEM tool is acceptable) an understanding of the tools, techniques and procedures commonly used by threat actors good analytical and problem-solving skills good verbal and written communication skills It's desirable, but not essential, that you have: experience with Splunk experience working in an Agile environment experience with cloud environments such as AWS If you feel you have the skills and experience needed for this role; please do apply now.
06/10/2025
Contractor
We are currently recruiting for Senior Cyber Security Analysts and Associate Security Analysts - both working a 3-month contract for our client 3 days per week on-site in London. As a senior security analyst with responsibility for incident response, you will: lead the investigation of security alerts to understand the nature and extent of possible cyber incidents lead the forensic analysis of systems, files, network traffic and cloud environments lead the technical response to cyber incidents by identifying and implementing (or coordinating the implementation of) containment, eradication and recovery actions support the wider coordination of cyber incidents review previous incidents to identify lessons and actions identify and deliver opportunities for continual improvement of the incident response capability work closely alongside other Cyber Defence functions, supporting the continual improvement of wider capabilities develop and update internal plans, playbooks and knowledge base articles act as an escalation point for, and provide coaching and mentoring to, security analysts be responsible for leadership and line management of security analysts Cyber incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join. We're interested in people who have: significant experience investigating and responding to cyber incidents significant experience using security tools (eg, EDR, SIEM) to support the investigation and response to cyber incidents experience managing and coordinating the response to cyber incidents experience coaching and mentoring junior staff an in-depth understanding of the tools, techniques and procedures used by threat actors excellent analytical and problem solving skills excellent verbal and written communication skills It's desirable, but not essential, that you have: experience with Splunk experience working in an Agile environment experience with cloud environments such as AWS As an associate security analyst you will: triage and investigate cyber security alerts and reports from users use a variety of techniques to analyse systems, files, network traffic and cloud environments and understand the nature and extent of possible cyber incidents support the technical response to cyber incidents by identifying and implementing (or supporting the implementation of) containment, eradication and recovery actions support the coordination of cyber incidents contribute to post-incident reviews to identify lessons and actions identify opportunities for, and support the delivery of, continual improvements to the incident investigation and response capability work closely alongside other Cyber Defence functions, supporting the continual improvement of wider capabilities contribute to internal plans, playbooks and knowledge base articles act as an escalation point for, and provide coaching and mentoring to, apprentice security analysts be responsible for line management of apprentice security analysts Cyber incidents can and do arise on a 24/7 basis. The team operates an out-of-hours on call rota, which you will be expected to join We're interested in people who have: experience investigating and responding to cyber incidents experience using security tools (eg, EDR, SIEM) to support the investigation and response to cyber incidents Experience with SIEM tools (experience of Splunk preferred but experience of Microsoft Sentinel or an equivalent SIEM tool is acceptable) an understanding of the tools, techniques and procedures commonly used by threat actors good analytical and problem-solving skills good verbal and written communication skills It's desirable, but not essential, that you have: experience with Splunk experience working in an Agile environment experience with cloud environments such as AWS If you feel you have the skills and experience needed for this role; please do apply now.
Our client is seeking an experienced Associate Security Analyst to join their Cyber Defence team. This is a hands-on role where you will investigate and respond to cyber security incidents that could impact critical systems and services across the UK. You will play a key part in identifying threats, supporting incident response, and helping to continually improve the organisation's cyber defence capabilities. The role also involves mentoring apprentice analysts and joining an out-of-hours on-call rota to ensure 24/7 coverage of potential cyber incidents. Key Responsibilities Investigate and triage cyber security alerts and user reports. Analyse systems, files, network traffic, and cloud environments to determine the extent of incidents. Support technical responses to incidents, including containment, eradication, and recovery. Contribute to post-incident reviews and develop lessons learned. Create and improve incident response playbooks and knowledge base articles. Work closely with wider Cyber Defence functions to strengthen security operations. Act as an escalation point for apprentice security analysts, providing coaching, mentoring, and line management. What We're Looking For 2-3 years' experience investigating and responding to cyber incidents. Hands-on use of SIEM tools (Splunk preferred, Microsoft Sentinel or equivalent acceptable). Experience with EDR solutions to support incident investigation. Understanding of threat actor tools, techniques, and procedures (TTPs). Strong analytical and problem-solving skills. Excellent written and verbal communication skills. Desirable skills: Advanced Splunk experience or certification. Experience in Agile environments. Familiarity with cloud environments such as AWS. Interview Process The interview will be conducted via Microsoft Teams and will consist of: A short competency-based discussion. A practical Splunk exercise to investigate a simulated cybersecurity scenario. A short technical quiz covering general cybersecurity knowledge.
03/10/2025
Full time
Our client is seeking an experienced Associate Security Analyst to join their Cyber Defence team. This is a hands-on role where you will investigate and respond to cyber security incidents that could impact critical systems and services across the UK. You will play a key part in identifying threats, supporting incident response, and helping to continually improve the organisation's cyber defence capabilities. The role also involves mentoring apprentice analysts and joining an out-of-hours on-call rota to ensure 24/7 coverage of potential cyber incidents. Key Responsibilities Investigate and triage cyber security alerts and user reports. Analyse systems, files, network traffic, and cloud environments to determine the extent of incidents. Support technical responses to incidents, including containment, eradication, and recovery. Contribute to post-incident reviews and develop lessons learned. Create and improve incident response playbooks and knowledge base articles. Work closely with wider Cyber Defence functions to strengthen security operations. Act as an escalation point for apprentice security analysts, providing coaching, mentoring, and line management. What We're Looking For 2-3 years' experience investigating and responding to cyber incidents. Hands-on use of SIEM tools (Splunk preferred, Microsoft Sentinel or equivalent acceptable). Experience with EDR solutions to support incident investigation. Understanding of threat actor tools, techniques, and procedures (TTPs). Strong analytical and problem-solving skills. Excellent written and verbal communication skills. Desirable skills: Advanced Splunk experience or certification. Experience in Agile environments. Familiarity with cloud environments such as AWS. Interview Process The interview will be conducted via Microsoft Teams and will consist of: A short competency-based discussion. A practical Splunk exercise to investigate a simulated cybersecurity scenario. A short technical quiz covering general cybersecurity knowledge.
Job Description: Job Title: Application Security Analyst Corporate Title: Vice President Location: Chester Role Description: Resource will function as a member of an enterprise network application layer intrusion, detection, prevention, and response team. Will develop and implement custom alerts and dashboards monitoring controls based on OSI layer 7 attack and threat indicators. Provides leadership in assessing new threat vectors and designing and implementing effective controls. Leverages advanced investigative skills using best in class data correlation and network/packet analysis tools. Will partner with senior leaders from lines of business organizations to triage security events and report on impacting security initiatives. Responsible for mentoring and developing the skill sets of less experienced team members. Develops and implements processes or controls in support of audit and risk requirements. The Team: The Network and Endpoint Cybersecurity Operations team provides the first line of defense for Bank of America's global network. It defends against various threats including DDoS, Malware, Web Based Attacks, Remote Attacks, and provides network access assurance across our network and endpoint boundaries. Provides network and endpoint anomaly monitoring for indicators of compromise, and a 24x7 rapid response capability for network and endpoint security related events and incidents. Core Skills: Required Skills: Strong Splunk skill set. The security analyst will leverage Splunk to analyze logs and other security events to find targeted attacks against network-based bank assets. Strong Intrusion Analysis background. Resource must be able to identify and interpret weblogs from various webservers. Knowledgeable of current exploits. Resource must be able to identify common exploits from the appropriate web and event logs. Working knowledge of Linux, Windows, and OS X operating systems. Comfortable with scripting languages and regular expressions Strong knowledge common network protocols Working knowledge of enterprise Client / Server architecture Working knowledge of OSI model 3 through 7 We are a front-line team that handles active security events and highly current threats. On call and after-hours work can be expected although we rotate to approximately one week every 2 months. The analyst will use new intelligence to update existing controls to detect new threats against the bank. Will be expected to have solid technical skills to operate independently and to support others within the security team. Preferred Skills: Experience doing packet captures and interpreting them (wireshark for example). Understanding of stateful firewalls and able to interpret firewall rules. Able to interpret SQL, Apache web logs, IIS, Active Directory and other security logs. Full understanding of modern web site deployments and technology. Familiarity with web application attacks including SQL injection, cross-site scripting, and remote file inclusion. Use tools to detect anomalous/malicious data transmissions on the network. Use advanced analytics / security tools to detect malware on the network. Bank of America: Every day, across the globe, our employees bring a commitment to our purpose and to driving responsible growth by living our values: deliver together, act responsibly, realize the power of our people and trust the team. A key aspect of driving responsible growth is doing so in a sustainable manner, a critical pillar of which is being a great place to work for our teammates. In line with these values, in EMEA we have 9 Employee Networks, a wide range of Sports & Social clubs, and other development and networking opportunities so that you can enjoy a range of experiences and connect with colleagues across the bank. We also offer exclusive discounts to some of the most iconic cultural experiences for you to enjoy in your spare time outside of work. Learn more about our benefits here. Good conduct and sound judgment is crucial to our long term success. It's important that all employees in the organisation understand the expected standards of conduct and how we manage conduct risk. Individual accountability and an ownership mind-set are the cornerstones of our Code of Conduct and are at the heart of managing risk well. We are an equal opportunities employer, and ensure that no applicant is subject to less favourable treatment on the grounds of gender, gender identity, marital status, race, colour, nationality, ethnic or national origins, age, sexual orientation, socio-economic background, responsibilities for dependants, physical or mental disability. The Bank selects candidates for interview based on their skills, qualifications and experience. We strive to ensure that our recruitment processes are accessible for all candidates and encourage any candidates to tell us about any adjustment requirements. As part of our standard hiring process to manage risk, please note background screening checks will be conducted on all hires before commencing employment. Job Band: H5 Shift: Hours Per Week: 35 Weekly Schedule: Referral Bonus Amount: 0
24/09/2022
Full time
Job Description: Job Title: Application Security Analyst Corporate Title: Vice President Location: Chester Role Description: Resource will function as a member of an enterprise network application layer intrusion, detection, prevention, and response team. Will develop and implement custom alerts and dashboards monitoring controls based on OSI layer 7 attack and threat indicators. Provides leadership in assessing new threat vectors and designing and implementing effective controls. Leverages advanced investigative skills using best in class data correlation and network/packet analysis tools. Will partner with senior leaders from lines of business organizations to triage security events and report on impacting security initiatives. Responsible for mentoring and developing the skill sets of less experienced team members. Develops and implements processes or controls in support of audit and risk requirements. The Team: The Network and Endpoint Cybersecurity Operations team provides the first line of defense for Bank of America's global network. It defends against various threats including DDoS, Malware, Web Based Attacks, Remote Attacks, and provides network access assurance across our network and endpoint boundaries. Provides network and endpoint anomaly monitoring for indicators of compromise, and a 24x7 rapid response capability for network and endpoint security related events and incidents. Core Skills: Required Skills: Strong Splunk skill set. The security analyst will leverage Splunk to analyze logs and other security events to find targeted attacks against network-based bank assets. Strong Intrusion Analysis background. Resource must be able to identify and interpret weblogs from various webservers. Knowledgeable of current exploits. Resource must be able to identify common exploits from the appropriate web and event logs. Working knowledge of Linux, Windows, and OS X operating systems. Comfortable with scripting languages and regular expressions Strong knowledge common network protocols Working knowledge of enterprise Client / Server architecture Working knowledge of OSI model 3 through 7 We are a front-line team that handles active security events and highly current threats. On call and after-hours work can be expected although we rotate to approximately one week every 2 months. The analyst will use new intelligence to update existing controls to detect new threats against the bank. Will be expected to have solid technical skills to operate independently and to support others within the security team. Preferred Skills: Experience doing packet captures and interpreting them (wireshark for example). Understanding of stateful firewalls and able to interpret firewall rules. Able to interpret SQL, Apache web logs, IIS, Active Directory and other security logs. Full understanding of modern web site deployments and technology. Familiarity with web application attacks including SQL injection, cross-site scripting, and remote file inclusion. Use tools to detect anomalous/malicious data transmissions on the network. Use advanced analytics / security tools to detect malware on the network. Bank of America: Every day, across the globe, our employees bring a commitment to our purpose and to driving responsible growth by living our values: deliver together, act responsibly, realize the power of our people and trust the team. A key aspect of driving responsible growth is doing so in a sustainable manner, a critical pillar of which is being a great place to work for our teammates. In line with these values, in EMEA we have 9 Employee Networks, a wide range of Sports & Social clubs, and other development and networking opportunities so that you can enjoy a range of experiences and connect with colleagues across the bank. We also offer exclusive discounts to some of the most iconic cultural experiences for you to enjoy in your spare time outside of work. Learn more about our benefits here. Good conduct and sound judgment is crucial to our long term success. It's important that all employees in the organisation understand the expected standards of conduct and how we manage conduct risk. Individual accountability and an ownership mind-set are the cornerstones of our Code of Conduct and are at the heart of managing risk well. We are an equal opportunities employer, and ensure that no applicant is subject to less favourable treatment on the grounds of gender, gender identity, marital status, race, colour, nationality, ethnic or national origins, age, sexual orientation, socio-economic background, responsibilities for dependants, physical or mental disability. The Bank selects candidates for interview based on their skills, qualifications and experience. We strive to ensure that our recruitment processes are accessible for all candidates and encourage any candidates to tell us about any adjustment requirements. As part of our standard hiring process to manage risk, please note background screening checks will be conducted on all hires before commencing employment. Job Band: H5 Shift: Hours Per Week: 35 Weekly Schedule: Referral Bonus Amount: 0
