Lead Security Analyst

Lead Security Analyst

Full-Time 70000 - 90000 £ / year (est.) No working from home possible

At a Glance

  • Tasks: Lead the SOC, shape threat narratives, and mentor junior analysts in cyber security.
  • Company: Join Made Tech, a forward-thinking company enhancing digital services for the UK public sector.
  • Benefits: Competitive salary, flexible working, and opportunities for professional growth.
  • Other info: Collaborate with government departments and contribute to national security initiatives.
  • Why this job: Make a real difference in public sector security while developing your skills in a dynamic environment.
  • Qualifications: Experience in security analysis, detection engineering, and strong communication skills.

The predicted salary is between 70000 - 90000 £ per year.

Overview Made Tech helps UK public sector organisations build and run better digital services.

Our Cyber practice sits at the heart of that mission — working alongside government departments, agencies, and critical national infrastructure owners to improve how they detect, respond to, and learn from cyber threats.

As a Lead Security Analyst, you'll be the most senior analyst on your engagement, setting the technical direction for the SOC and owning the quality of what the team produces — from detection engineering to threat-hunting to incident response.

This isn't a role where you disappear into a ticket queue.

You'll shape the threat-landscape narrative for your engagement, drive the detection backlog, and build the capability of the analysts around you.

That means pairing on complex investigations, setting tradecraft standards, and making sure the team's detection content is version-controlled, peer-reviewed, and continuously improved — not left to age in a SIEM.

You'll also be the trusted technical interface for client security stakeholders, translating what the SOC is seeing into the language that informs decisions.

The UK public sector context matters here.

You'll align your work to NCSC guidance, the Cyber Assessment Framework, and OFFICIAL handling requirements — not because compliance is the goal, but because those frameworks reflect the real risk environment your clients operate in.

You'll engage with cross-government security communities, feed detection content and runbooks back into the Cyber practice, and help grow a bench of analysts who can operate at the same standard.

Key Responsibilities Set the detection engineering standard — author, tune, and peer-review detections in KQL, SPL, EQL, or Sigma; manage the false-positive backlog; map coverage to MITRE ATT and train L1/L2 analysts to write and tune detections themselves.

Own the threat-landscape narrative for your engagement — turn intelligence from NCSC advisories, sector feeds, and threat actor reporting into hunt themes, coverage gap analysis, and detection priorities that the SOC and client stakeholders can act on.

Run the intelligence cycle as a managed discipline — maintain a collection plan, produce timely and rigorous intelligence products, and build feedback loops that keep the cycle honest and improving.

Establish and lead security incident response practice — build playbooks, define the severity model, run exercises, and lead the team's response to significant incidents; run blameless post-mortems that the team actually learns from.

Design the log and telemetry pipeline that detections run on — including bespoke application telemetry in cloud environments, not just commodity endpoint feeds; ensure the right signals are collected, parsed, and retained for both detection and investigation.

Be the trusted technical interface for client security stakeholders — communicate what the SOC is detecting, investigating, and covering without losing fidelity; surface risks early and honestly, and align the team's priorities to the client's risk picture.

Grow the analysts around you — pair on detection authorship and incident response as a default, set pairing as the team norm, and actively build the capability of L1 and L2 analysts through structured mentoring and coaching so knowledge isn't concentrated in one person.

Contribute to the Cyber practice beyond your engagement — feed detection content, runbooks, and lessons learned back into shared practice resources; contribute to analyst assessment and hiring; and engage with public-sector security communities including NCSC CISP and relevant ISACs.

Skills, Knowledge

Contact Details:

慨正橡扯 Recruitment Team

We think you need these skills to ace Lead Security Analyst

Detection Engineering
KQL
SPL
EQL
Sigma
Threat Intelligence Analysis
Incident Response