慨正橡扯 Deutschlandweit vor 1 Wochen

Senior SOC Analyst / Senior Security Analyst / Detection Engineer / Threat Hunter / Incident Re[...]

Remote möglichQuellanzeige geprüftBewerbung ohne Konto
Jetzt bewerben bei 慨正橡扯 Sichere Bewerbung über StudySmarter
GEPRÜFTE QUELLE

Aktuelle Original-Stellenanzeige

Quelle: StudySmarter Stellenbestand · Status: aktiv · Bewerbung über das zentrale StudySmarter-Formular.

Aus der Stellenanzeige

Die ganze Ausschreibung von 慨正橡扯

Automatisch strukturiert · Originaltext unformatiert geliefert

Das ist der Job

Overview Made Tech helps UK public sector organisations build and run secure, user‑centred digital services.

Darum lohnt es sich

Our Cyber practice works directly with government departments, agencies, and other public bodies — embedding alongside client teams to raise their security capability, not just deliver a report and leave.

You'll lead threat hunts and intrusion investigations, author and tune detection content, and help your team respond to incidents in a way that leaves things better than you found them.

You'll help junior analysts develop their triage tradecraft, normalise pairing on incident response, contribute to shared detection standards across the practice, and model the kind of blameless, collaborative culture that makes a security team genuinely effective.

If you're looking for a role where you can grow technically, build real influence within a team, and do meaningful work for the public sector, this is it.

Key Responsibilities Lead threat hunts and intrusion investigations – form and test hypotheses, map adversary activity against MITRE ATT&CK, perform forensic artefact analysis, and establish scope and root cause clearly enough that the team and client can act on your findings.

Lead incident response and drive improvement – co‑ordinate containment across engineering and analyst teams, communicate incident detail clearly to client stakeholders, and turn every incident into improved detection content, hardening, or runbook coverage; design for resilience by anticipating failure modes and ensuring systems degrade gracefully.

Build SOAR playbooks and auto‑triage – identify toil and repetition in analyst workflows, and build automation that saves the team time and improves consistency without removing human judgement where it matters.

Mentor junior analysts and raise team standards – pair deliberately on complex investigations, review triage work, share adversary tradecraft with the team, and help create an environment where people feel safe raising concerns and learning from mistakes.

Contribute to the practice beyond your immediate engagement – improve shared SOC standards and onboarding documentation, turn good solutions into reusable playbooks and accelerators the next team can pick up, contribute detection content to practice‑level repositories, and engage with cross‑government security communities such as NCSC CISP and relevant ISACs.

Experience working within an agile or Kanban‑based team model, contributing to workflow improvement, running or participating in retrospectives, and helping the team improve its own practices – not just delivering within them.

Job benefits SC Eligibility SC eligibility requires 5 years' UK residency and 5 year employment history (or back to full‑time education). This is a hands‑on technical role with genuine scope and influence.

You'll translate threat intelligence into actionable detections, align your work to frameworks like the NCSC Cyber Assessment Framework and GovAssure, and communicate clearly with client security stakeholders who need to understand what's happening and why it matters.

You'll own significant pieces of the SOC's work end‑to‑end – not just executing tasks, but making considered decisions and being clear about the trade‑offs. At Senior level, the role is about more than your own output.

Author, tune, and peer‑review detection content – treat detections as code (version‑controlled, reviewed), translate threat intelligence into new rules, and contribute to iterative improvement of the SIEM ruleset; onboard new log sources, including cloud and application feeds, to close coverage gaps.

Own sub‑cycles of the intelligence lifecycle – run structured collection against defined requirements, track actor TTPs, manage indicator lifecycles, and produce situational‑awareness products that inform both detection priorities and client risk decisions.

Align security operations to UK public sector standards – ensure investigations, evidence handling, and detection coverage reflect NCSC CAF Objective C, GovAssure requirements, and lawful‑monitoring obligations; feed gaps back into risk governance.

Skills, knowledge and expertise Essential Hold one of the following – Systems Security Certified Practitioner (SSCP), CompTIA Security+, or an equivalent foundational operational security credential expected of Senior SOC analysts.

Desirable Certified Cloud Security Professional (CCSP) CompTIA Advanced Security Practitioner (CASP+) HTB Certified Defensive Security Analyst (HTB CDSA) Capabilities that set strong applications apart Experience applying structured analytical techniques – ACH, key‑assumption checks, or similar – to produce rigorous, bias‑resistant intelligence assessments, and comfort peer‑reviewing others' analytic tradecraft.

Working knowledge of cloud security event investigation and cloud detection tuning, particularly across AWS, Azure, or GCP environments, including understanding of infrastructure‑level telemetry.

Experience framing security findings in risk terms for non‑technical stakeholders – communicating likelihood, impact, and recommended treatment clearly, and reflecting asset criticality and threat context in prioritisation decisions.

Evidence of building or improving SOAR playbooks, automated triage workflows, or equivalent automation that reduced analyst toil in a SOC or detection‑engineering context.

Familiarity with UK government security frameworks – in particular the NCSC CAF, GovAssure, and HMG Security Policy Framework – and experience aligning detection or response work to those standards in a government or regulated environment.

Experience acting as a trusted working‑level contact for client security stakeholders – anchoring on their actual outcomes, raising concerns or opportunities proactively, and contributing subject‑matter expertise to proposals or bids.

Tools and practice familiarity Hands‑on experience with at least one major SIEM platform (for example, Splunk, Microsoft Sentinel, or Elastic Security) including writing and tuning detection rules. Familiarity with threat intelligence platforms, OSINT tooling, or indicator lifecycle management in an operational context.

Made Tech sponsors attainment of recognised cyber certifications for staff in scope. If you don't yet hold the listed credentials but are actively working toward them, or can demonstrate equivalent capability through experience, we'd encourage you to apply.

If at any point during the interview process it is apparent that you may not be eligible for SC, we won’t be able to progress your application and we will contact you to let you know why. 30 days Holiday – we offer 30 days of paid annual leave Flexible Working Hours – we are flexible with what hours you work Flexible Parental Leave – we offer flexible parental leave options Remote Working – we offer part time remote working for all our staff Paid counselling – we offer paid counselling as well as financial and legal advice We’re committed to building a happy, inclusive and diverse workforce.

We encourage people from underrepresented groups to apply for roles with us. #J-18808-Ljbffr

Bereit?

Bewerbung wird direkt an 慨正橡扯 uebergeben - kein Konto noetig.

Jetzt bewerben
Weitere Stellen bei diesem Arbeitgeber

慨正橡扯 hat 1 weitere offene Stelle:

Ähnliche Stellen

Wenn dir dieser Job gefällt, schau dir auch an:

Weiter stöbern:

Kostenfrei starten

Jetzt bewerben