Cyber Security Analyst in Cardiff

As a SOC Analyst, you are the first line of defence against cyber threats targeting Admiral Insurance. You will work as part of a 24/7 global Security Operations Centre across three regions, monitoring, triaging, and escalating security alerts affecting critical financial systems, customer data, and user accounts. The role requires seamless collaboration across regions, ensuring continuous security coverage through effective handover. You will follow structured processes while developing the skills needed to understand how attacks happen and how to investigate them effectively. This role is designed for individuals with a strong interest in cyber security and a willingness to learn quickly in a real‑world environment.

Key Responsibilities

• Alert Monitoring & Triage: Monitor alerts from SIEM platforms, endpoint detection tools, and identity and access systems.
• Perform Initial Triage: Validate whether alerts are true or false positives. Classify severity based on defined criteria. Identify potential impact on financial systems or users.
• Investigation: Conduct investigations using available tools and playbooks. Analyse login activity and user behaviour, endpoint activity (processes, files, connections), indicators of compromise and threat actor behaviours. Gather relevant evidence before escalation.
• Escalation & Incident Handling: Escalate suspicious or confirmed threats to L2 Analysts. Provide clear, structured evidence including what was detected, what has been checked, and why it is suspicious, anomalous or malicious. Execute playbooks following predefined runbooks and response procedures; perform response actions where appropriate to ensure consistency and accuracy in all actions.
• Regional Handover: Perform Structured Handovers At Shift End, Including clear summary of active incidents and investigations, outstanding actions, risks, and priorities, relevant evidence, timelines, and analyst observations. Ensure no loss of context or investigative continuity during handover. Adhere to defined handover standards to maintain operational resilience.
• Documentation and Continuous Learning: Maintain accurate and detailed case notes. Log investigation steps, findings, and actions taken. Ensure documentation meets audit and regulatory standards. Build knowledge of common cyber threats such as phishing, malware, and credential theft. Participate in training sessions, simulated attack exercises, and knowledge‑sharing within the SOC.

Essential: Required Skills & Experience

• 2 years minimum experience as a Cyber Security Analyst.
• Hands‑on experience with SIEM or endpoint tools.
• Understanding of networking (IP, DNS, HTTP).
• Knowledge of operating systems (Windows fundamentals).
• Strong attention to detail.
• Ability to follow structured processes.
• Good written and verbal communication skills.

Desirable

• Cyber labs experience (e.g., TryHackMe, Hack The Box).
• Entry‑level certifications (e.g., CompTIA Security+, SC‑200).
• Basic scripting knowledge (PowerShell, Python).

Admiral takes pride in being a diverse and inclusive business. It’s a place where you can be yourself, grow and progress at a pace and direction that suits you, make a difference for our customers and each other, and share in our future. Eligible colleagues can receive up to £3,600 of free shares each year after one year of service. Everyone receives 33 days holiday (including bank holidays) when they join, increasing up to a maximum of 38 days (including bank holidays) as they stay longer, with the option to buy or sell up to an additional five days of annual leave. We’re proud of our people‑first culture and have been recognised as a Great Place to Work for Women, for Wellbeing, and overall for over 25 years.

Disability Confident Leader: As a Disability Confident Leader, we invite a fair and proportionate number of applicants who meet the essential requirements of the role to the first stage of our selection process for candidates with a disability or long‑term health condition who opt into the Disability Confident scheme. If you need any adjustments or support with your application or during the recruitment process, please let us know. Please do email us or contact us on 07386697107. This number is dedicated to supporting candidates that require reasonable adjustments or support during the application process.