Job Description
Overview
- Monitoring and analysing security alerts to identify and escalate genuine cyber threats
- Carrying out initial triage and investigation, gathering evidence from logs, alerts and enrichment sources
- Supporting detection engineering by reviewing alert behaviour, tuning existing detections and documenting expected outcomes
- Using and testing established response playbooks, contributing to improvements where changes are clearly defined
- Assisting with threat hunting and threat modelling, building practical understanding of attacker techniques and behaviours
- Learning from real incidents through post incident reviews and continuous improvement activity
- Working collaboratively with experienced colleagues, maintaining clear investigation notes and sharing knowledge
Requirements
- Formal training in cyber security, such as a degree, apprenticeship, professional certification or equivalent practical experience
- Foundational understanding of security operations, threat detection concepts and common tools, such as SIEM platforms
- Ability to analyse security logs, alerts and events to identify relevant information
- Awareness of attacker tactics, techniques and procedures (TTPs)
- Strong problem solving and critical thinking skills
- Clear communication skills, including the confidence to ask for support and explain findings to both technical and non-technical audiences
- Willingness to participate in an on call rota and regular weekend working where required