Sourcing as a channel, not a feature.
hackajob is partnering with OneAdvanced to fill this position. Create a profile to be automatically considered for this role—and others that match your experience.
Overview
We are seeking a Security Operations Analyst to join our Cyber Security team and play a key role in protecting our organisation from evolving cyber threats. Working as part of a Security Operations Centre (SOC), you will monitor, detect, investigate, and respond to security incidents across our technology estate.
This role offers a strong opportunity for a technically curious professional with experience in cyber security monitoring, data loss prevention (DLP), automation, and an interest in applying Large Language Models (LLMs) within a cyber security context.
This is a hybrid role with just 2 days per month onsite in Birmingham, working Monday to Friday with shift patterns alternating between 7:00am–3:30pm and 9:00am–5:30pm. There is a 1 week in 6 On-Call rotation, meaning you will need to be available for emergency calls out of hours and on weekends one week out of every six.
Responsibilities
You will play a key role in monitoring, investigating, and responding to cyber security threats, while helping to enhance our detection, automation, and data protection capabilities across the organisation.
Monitor and analyse security alerts from multiple tools, including Google SecOps, Microsoft Defender, and Forcepoint, escalating incidents where required
Carry out initial and intermediate investigations to assess the severity, scope, and impact of security incidents
Perform proactive threat hunting using telemetry and intelligence from SIEM, EDR, and threat intelligence feeds
Use automation platforms such as Microsoft Power Automate, Python, or scripting tools to improve investigation and response workflows
Assist in developing LLM-based workflows to support security automation use cases including alert enrichment, triage, and documentation
Support the configuration, monitoring, and continuous improvement of DLP policies across Microsoft Purview, email, and endpoint channels
Contribute to the creation and maintenance of incident response playbooks, procedures, and documentation in line with best practice
Work with asset owners to ensure the security tooling inventory remains accurate and effective
Maintain high-quality incident records and contribute to post-incident reviews to drive continuous improvement
Support wider cyber security initiatives to improve detection, visibility, and response across the organisation
Qualifications
You will bring hands-on experience in security operations and incident response, alongside strong technical, analytical, and communication skills, with a keen interest in automation and emerging technologies within cyber security.
Strong foundational experience in security monitoring, incident response, or threat analysis within a SOC or similar environment
Hands-on experience with SIEM platforms, ideally Google SecOps (Chronicle) or equivalent
Practical experience using automation tools such as Microsoft Power Automate, Python, or PowerShell
Awareness of how Large Language Models can be applied in cyber security, including prompt design, data sanitisation, and responsible AI use
Understanding of Data Loss Prevention principles, including policy creation, triage, and escalation
Familiarity with the Microsoft Defender security ecosystem is highly desirable
Strong analytical and problem-solving skills, with attention to detail and a continuous improvement mindset
Clear written and verbal communication skills, with the ability to document incidents and collaborate with technical and non-technical teams
Relevant certifications such as CompTIA Security+, Microsoft SC-200, or similar are beneficial but not essential
hackajob is partnering with OneAdvanced to fill this position. Create a profile to be automatically considered for this role—and others that match your experience.