Lead Security Analyst (Cybersecurity)
ΠΡΡΡ & Π‘ΠΎΠΏΡΠΎΠ²ΠΎΠ΄
ΠΠ»Ρ ΠΌΡΡΡΠ° Ρ ΡΡΠΎΠΉ Π²Π°ΠΊΠ°Π½ΡΠΈΠ΅ΠΉ Π½ΡΠΆΠ΅Π½ Plus
ΠΠΏΠΈΡΠ°Π½ΠΈΠ΅ Π²Π°ΠΊΠ°Π½ΡΠΈΠΈ
TL;DR
Lead Security Analyst (Cybersecurity): Leading security operations and detection engineering for UK public sector digital services with an accent on threat hunting, incident response, and NCSC framework alignment. Focus on building team capability through pairing, designing robust telemetry pipelines, and serving as the primary technical interface for client security stakeholders.
Location: Must be based in the UK with the ability to work from office hubs in Bristol, London, Manchester, or Swansea.
Salary: Β£65,000 - Β£80,000 / year
Company
helps UK public sector organisations build and run better digital services through expert cyber practice and software engineering.
What you will do
- Set detection engineering standards by authoring and tuning detections in KQL, SPL, EQL, or Sigma.
- Own the threat-landscape narrative, turning intelligence into actionable hunt themes and coverage priorities.
- Establish and lead incident response practices, including playbook design and blameless post-mortems.
- Design log and telemetry pipelines, ensuring high-fidelity signals from cloud environments.
- Act as the trusted technical interface for client security stakeholders to communicate risks and coverage.
- Mentor and grow L1/L2 analysts through structured pairing and coaching.
Requirements
- Must hold SC (Security Check) eligibility (requires 5 years' UK residency and 5 years' employment history).
- Senior-level experience in SOC operations, detection engineering, and incident response.
- Proficiency in KQL, SPL, EQL, or Sigma and mapping coverage to MITRE ATT&CK.
- Experience designing log/telemetry pipelines, preferably in AWS cloud environments.
- Working knowledge of UK government security standards (NCSC CAF, GovAssure).
- Professional certification such as CISSP, CISM, or CASP+ (or equivalent experience).
Nice to have
- Familiarity with SOAR tooling and automation workflows.
- Experience working in Kanban-led operating models.
- Contribution to public-sector security communities like NCSC CISP.
Culture & Benefits
- 30 days of paid annual leave.
- Flexible working hours and part-time remote working options.
- Flexible parental leave policies.
- Individual benefits allowance for health care or pension plans.
- Access to paid counselling and financial/legal advice.
- Active social and wellbeing calendar.
ΠΡΠ΄ΡΡΠ΅ ΠΎΡΡΠΎΡΠΎΠΆΠ½Ρ: Π΅ΡΠ»ΠΈ ΡΠ°Π±ΠΎΡΠΎΠ΄Π°ΡΠ΅Π»Ρ ΠΏΡΠΎΡΠΈΡ Π²ΠΎΠΉΡΠΈ Π² ΠΈΡ ΡΠΈΡΡΠ΅ΠΌΡ, ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΡ iCloud/Google, ΠΏΡΠΈΡΠ»Π°ΡΡ ΠΊΠΎΠ΄/ΠΏΠ°ΡΠΎΠ»Ρ, Π·Π°ΠΏΡΡΡΠΈΡΡ ΠΊΠΎΠ΄/ΠΠ, Π½Π΅ Π΄Π΅Π»Π°ΠΉΡΠ΅ ΡΡΠΎΠ³ΠΎ - ΡΡΠΎ ΠΌΠΎΡΠ΅Π½Π½ΠΈΠΊΠΈ. ΠΠ±ΡΠ·Π°ΡΠ΅Π»ΡΠ½ΠΎ ΠΆΠΌΠΈΡΠ΅ "ΠΠΎΠΆΠ°Π»ΠΎΠ²Π°ΡΡΡΡ" ΠΈΠ»ΠΈ ΠΏΠΈΡΠΈΡΠ΅ Π² ΠΏΠΎΠ΄Π΄Π΅ΡΠΆΠΊΡ. ΠΠΎΠ΄ΡΠΎΠ±Π½Π΅Π΅ Π² Π³Π°ΠΉΠ΄Π΅ β