JOB SUMMARY

As a Cyber Security Analyst, you will play a key role in strengthening our security posture by monitoring and assessing security alerts, responding to security incidents, managing endpoint security software, conducting quarterly access reviews, and helping put preventative controls in place. Working within our growing Cyber Security department, you will dive deep into security logs, identify anomalies, filter out the noise, and help maintain a robust defence across our infrastructure - including Microsoft 365, cloud gateways, and corporate systems. This role reports to the Cyber Security Lead.

DUTIES & RESPONSIBILITIES

1.            Continuous Log Review & Monitoring

·        Monitor, aggregate, and analyse security logs from multiple sources - SIEM, firewalls, Endpoint Detection & Response (EDR), and email security gateways - to detect potential security incidents.

·        Maintain ongoing visibility across the environment to surface suspicious activity and emerging threats at the earliest opportunity.

2.            Triage & Escalation

·        Filter false positives from genuine anomalies and investigate alerts to determine their validity and impact.

·        Escalate validated security threats to department leadership with clear, well-structured documentation.

3.            Incident Response & Documentation

·        Support the response to security incidents, helping to contain, investigate, and remediate threats.

·        Assist in drafting incident timelines and maintaining incident logs for the past 12 months to support regulatory and compliance audits.

4.            Endpoint & Preventative Security

·        Manage and maintain endpoint security software across corporate devices.

·        Help design and implement preventative controls and prevention systems to reduce the organisation's attack surface.

5.            Access Reviews & Governance

·        Conduct quarterly access reviews to validate user permissions and enforce least-privilege access.

·        Strengthen Cyber Security governance, audit readiness, and control discipline through consistent review practices.

6.            Logging Health & Status Checks

·        Ensure logging mechanisms across the infrastructure are active, functioning correctly, and adhering to company retention policies.

·        Identify and follow up on gaps in log coverage or retention to maintain audit integrity.

7.            Threat Intelligence Monitoring

·        Monitor threat intelligence feeds, vendor advisories, and CVE disclosures to stay ahead of emerging threats and attacker techniques.

·        Apply indicators of compromise (IOCs) and threat intelligence to detection rules and proactive threat-hunting across the environment.

8.            Vulnerability Management Support

·        Assist with regular vulnerability scans across endpoints, servers, and cloud workloads, and help interpret the results.

·        Track identified vulnerabilities through to remediation, working with IT teams to prioritise fixes based on risk and exposure.

CANDIDATE’S PROFILE

Qualifications & Experience Required

·        Bachelor’s degree in computer science, Network Engineering, or Cyber Security.

·        Minimum 1 year of professional experience in a Security Operations Centre (SOC) environment or a dedicated IT security role.

·        Practical, demonstrable experience using a SIEM tool (e.g., Splunk, LogRhythm, or similar) to query, filter, and analyse event logs.

·        Hands-on experience with modern security tools and frameworks, including the NIST Cybersecurity Framework (CSF 2.0).

 

Key competences (Knowledge, Skills, Attitudes, Behaviours)

·        Log Parsing & Interpretation: Deep understanding of how to read and interpret Event IDs, Syslog data, Windows/Linux security logs, and cloud audit trails.

·        Network & Cloud Protocols: Solid grasp of core networking concepts (TCP/IP, DNS, HTTP/S) and cloud environments, specifically Microsoft 365 / Entra ID.

·        Phishing & Email Security: Familiarity with email authentication standards (SPF, DKIM, DMARC) and analysing email headers for malicious traits.

·        Scripting: Basic proficiency in PowerShell, KQL (Kusto Query Language), or Python to automate routine log-filtering tasks.

·        The "Detective" Mindset: Exceptional analytical skills and an innate curiosity to dig into data until an anomaly is fully explained.

·        Clear Communicator: Ability to translate complex log data into clean, concise notes for leadership and incident-response timelines.

·        Time Management: Highly organised and able to stay focused and prioritise during high-volume alert periods.