Security Operations Analyst in Birmingham

We are seeking a Security Operations Analyst to join our Cyber Security team and play a key role in protecting our organization from evolving cyber threats. Working as part of a Security Operations Centre (SOC), you will monitor, detect, investigate, and respond to security incidents across our technology estate. This role offers a strong opportunity for a technically curious professional with experience in cyber security monitoring, data loss prevention (DLP), automation, and an interest in applying Large Language Models (LLMs) within a cyber security context. This is a hybrid role with just 2 days per month onsite in Birmingham, working Monday to Friday with shift patterns alternating between 7:00am–3:30pm and 9:00am–5:30pm. There is a 1 week in 6 On-Call rotation, meaning you will need to be available for emergency calls out of hours and on weekends one week out of every six.

Responsibilities

• Monitor and analyse security alerts from multiple tools, including Google SecOps, Microsoft Defender, and Forcepoint, escalating incidents where required.
• Carry out initial and intermediate investigations to assess the severity, scope, and impact of security incidents.
• Perform proactive threat hunting using telemetry and intelligence from SIEM, EDR, and threat intelligence feeds.
• Use automation platforms such as Microsoft Power Automate, Python, or scripting tools to improve investigation and response workflows.
• Assist in developing LLM-based workflows to support security automation use cases including alert enrichment, triage, and documentation.
• Support the configuration, monitoring, and continuous improvement of DLP policies across Microsoft Purview, email, and endpoint channels.
• Contribute to the creation and maintenance of incident response playbooks, procedures, and documentation in line with best practice.
• Work with asset owners to ensure the security tooling inventory remains accurate and effective.
• Maintain high-quality incident records and contribute to post-incident reviews to drive continuous improvement.
• Support wider cyber security initiatives to improve detection, visibility, and response across the organization.

Qualifications

• Hands-on experience in security operations and incident response, alongside strong technical, analytical, and communication skills, with a keen interest in automation and emerging technologies within cyber security.
• Strong foundational experience in security monitoring, incident response, or threat analysis within a SOC or similar environment.
• Hands-on experience with SIEM platforms, ideally Google SecOps (Chronicle) or equivalent.
• Practical experience using automation tools such as Microsoft Power Automate, Python, or PowerShell.
• Awareness of how Large Language Models can be applied in cyber security, including prompt design, data sanitisation, and responsible AI use.
• Understanding of Data Loss Prevention principles, including policy creation, triage, and escalation.
• Familiarity with the Microsoft Defender security ecosystem is highly desirable.
• Strong analytical and problem-solving skills, with attention to detail and a continuous improvement mindset.
• Clear written and verbal communication skills, with the ability to document incidents and collaborate with technical and non-technical teams.
• Relevant certifications such as CompTIA Security+, Microsoft SC-200, or similar are beneficial but not essential.