It's fun to work in a company where people truly BELIEVE in what they're doing!
We're committed to bringing passion and customer focus to the business.
If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!
The postholder provides advanced technical security analysis, leads complex investigations, improves the maturity of security controls and advises stakeholders on cyber risk. The role combines hands-on security operations with control ownership, specialist guidance, assurance and continual improvement.
-
Senior technical practitioner with authority to lead complex operational security work within agreed governance.
-
Responsible for risk-based recommendations, improvement of procedures and subject-matter advice for incidents, vulnerabilities, identity controls, data protection and security tooling.
-
Expected to coach colleagues, influence technical teams and translate threat, control and risk information into clear management updates.
-
Focuses on control maturity, assurance quality, repeatable processes and measurable reduction of cyber security risk.
-
Lead complex security investigations across endpoint, network, identity, email, cloud and application data sources.
-
Define triage criteria, alert handling standards, escalation paths and quality checks for security operations.
-
Review high-impact alerts and incidents, ensure proportional response and remove barriers to containment and remediation.
-
Develop and improve detection logic, playbooks, dashboards and operational procedures.
-
Coordinate response to significant cyber security incidents in line with the incident management process.
-
Lead technical analysis for malware, phishing, credential compromise, insider risk, data exposure, privilege misuse and suspicious network activity.
-
Ensure evidence handling, incident timelines, decisions, lessons learned and remediation actions are complete and auditable.
-
Produce post-incident reviews and track corrective actions through to closure.
-
Translate technical findings into risk statements, control weaknesses and prioritised remediation plans.
-
Support risk assessment, risk acceptance, audit and assurance activity with clear evidence and professional judgement.
-
Advise on relevant information security legislation.
-
Contribute to security standards, control testing, supplier assurance and management reporting.
-
Own or act as technical lead for Data Loss Prevention (DLP) monitoring, rule tuning, alert quality, exception handling and escalation.
-
Own or act as technical lead for Multi-Factor Authentication (MFA) control performance, exception governance, break-glass account checks, privileged access enforcement and conditional access design.
-
Analyse Data Loss Prevention (DLP) and Multi-Factor Authentication (MFA) trends to identify control gaps, user behaviour issues, data handling risks and improvement opportunities.
-
Ensure control documentation, operating procedures and evidence packs are complete, current and aligned to policy.
-
Lead vulnerability prioritisation using exploitability, asset criticality, exposure and business impact.
-
Challenge and support remediation plans for high-risk vulnerabilities, insecure configurations and unsupported systems.
-
Develop recurring reporting on vulnerability trends, control gaps and remediation performance.
-
Use threat intelligence to improve detection, hardening and risk prioritisation.
-
Review proposed changes, projects and new services for security risks and control requirements.
-
Advise on secure design for identity, endpoint, network, cloud, logging, data protection and resilience controls.
-
Validate that logging, monitoring, access control, encryption, backup and recovery requirements are included in project delivery.
-
Recommend improvements to security tooling and integration, including automation where proportionate.
-
Produce clear management information on incidents, vulnerabilities, Data Loss Prevention (DLP), Multi-Factor Authentication (MFA), control exceptions, detection coverage and remediation performance.
-
Define Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for security operations and control assurance.
-
Identify process inefficiencies, repeat incidents and control weaknesses, then lead improvement actions.
-
Maintain a forward view of emerging threats, technology changes and relevant good practice.
-
Coach colleagues on investigation quality, evidence standards, tooling, communication and risk-based decision-making.
-
Provide clear guidance to infrastructure, application, cloud, data protection, service desk and business teams.
-
Present security findings, risks and recommendations to technical and non-technical stakeholders.
-
Promote a constructive security culture focused on proportionate risk management and business enablement.
-
Advanced security investigation using Security Information and Event Management (SIEM), Endpoint Detection and Response (EDR), endpoint protection, identity, email, web, network and cloud data.
-
Strong Data Loss Prevention (DLP) policy design, tuning, investigation and exception management.
-
Strong Multi-Factor Authentication (MFA) implementation, exception governance, conditional access and privileged access control.
-
Vulnerability management, secure configuration assessment and remediation prioritisation.
-
Incident command, evidence handling, root cause analysis and post-incident review.
-
Security architecture assurance for identity, endpoint, network, cloud, application and data protection controls.
-
Detection engineering and automation using scripts, queries or workflow tools where appropriate.
-
Understanding of control frameworks and standards, including the National Cyber Security Centre (NCSC) Cyber Assessment Framework (CAF), National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF), Center for Internet Security (CIS) Critical Security Controls and International Organization for Standardization and International Electrotechnical Commission (ISO/IEC) 27001.
-
Cyber security risk governance, control design and assurance principles.
-
Advanced incident response, including evidence preservation, decision logging, containment strategy and recovery planning.
-
Threat-informed defence, including common attack tactics, techniques, procedures and defensive control mapping.
-
Identity and access control principles, including privileged access, conditional access, authentication assurance and access recertification.
-
Data handling, information classification, privacy considerations and insider risk indicators.
-
Secure architecture principles for cloud, endpoint, network, application, logging and resilience controls.
-
Typically five or more years in cyber security operations, incident response, security engineering, assurance, infrastructure security or a comparable environment, or equivalent demonstrable experience.
-
Experience leading complex investigations, coordinating stakeholders, improving controls and presenting risk-based recommendations.
-
Relevant professional certification is desirable, such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or equivalent.
-
A degree, apprenticeship or professional training in cyber security, information security, computer science or a related discipline is desirable but not essential where equivalent experience can be demonstrated.
-
Sound judgement, professional integrity and commitment to confidentiality.
-
Ability to prioritise under pressure and make proportionate, risk-based recommendations.
-
Strong written and verbal communication with the ability to explain complex issues clearly.
-
Constructive leadership style that develops capability and supports collaboration across technical and business teams.
-
Commitment to continual improvement and practical security outcomes.
-
Complex incidents are led effectively, with clear decisions, defensible evidence and timely corrective actions.
-
Security controls are improved through tuning, process enhancement, automation and measurable risk reduction.
-
Data Loss Prevention (DLP) and Multi-Factor Authentication (MFA) control performance is visible, governed and aligned to policy.
-
High-risk vulnerabilities and configuration weaknesses are prioritised and remediated using a risk-based approach.
-
Management reporting is clear, accurate and useful for decision-making.
-
Colleagues and stakeholders receive credible guidance that improves security capability and confidence.
We are an equal opportunity employer and value diversity at our company.
We do not discriminate on the basis of race, religion, color, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status.
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment.
Please contact us to request accommodation.