IT Security Analyst - Incident Response & Vulnerability Management in Cardiff

The Level 3 Security Analyst is responsible for the technical investigation, containment, remediation, and resolution of IT security incidents and vulnerabilities across a complex, multi-site customer estate supported by "the MSP". The role acts as a senior technical authority for security incidents, working alongside Incident Management, Infrastructure, Network, and Application teams to ensure security issues are resolved end-to-end, correctly documented, and do not reoccur.

Key Accountabilities - Security Incident Investigation & Response

• Act as the technical lead for the investigation of security incidents across supported platforms.
• Investigate malware, ransomware, account compromise, unauthorised access, suspicious activity, and security misconfiguration.
• Perform detailed root cause analysis across endpoint, identity, network, and application layers.
• Advise the Incident Manager on incident scope, impact, containment, eradication strategy, and recovery validation.
• Drive incidents through to full technical resolution, not temporary mitigation.

Key Accountabilities - Vulnerability Management

• Investigate vulnerabilities identified via scanning platforms, endpoint and cloud tooling, supplier disclosures, and audit activity.
• Assess risk based on exploitability, exposure, and operational impact.
• Own remediation actions end-to-end, coordinating with Infrastructure, Network, and third-party suppliers.
• Validate remediation and ensure appropriate evidence is captured for assurance and audit.

Platforms & Technology Scope

• End-user devices including Windows, macOS, tablets, and peripherals.
• Microsoft 365 including Entra ID, Exchange, SharePoint, Defender, and endpoint protection.
• Identity and Access Management including privileged and service accounts.
• On-premises and cloud-hosted servers.
• Network infrastructure including firewalls, switches, wireless, and WAN connectivity.
• Cloud-hosted and supplier-managed applications.

Documentation, Audit & Continuous Improvement

• Produce clear, technically accurate documentation covering incidents, root cause analysis, and corrective actions.
• Support governance, customer assurance, and audit requirements.
• Contribute to post-incident reviews and lessons learned.
• Identify recurring issues and recommend long-term improvements.
• Ensure incidents and vulnerabilities are correctly logged and tracked within ITSM systems.

Collaboration & Escalation

• Work closely with Incident Managers, Security specialists, and Level 3 Infrastructure and Network teams.
• Act as a senior escalation point for Level 1 and Level 2 teams.
• Engage third-party suppliers to progress investigation and remediation.
• Participate in out-of-hours response as required.

Knowledge, Skills & Experience - Essential

• Proven experience in a Level 3 or Senior Security Analyst or Incident Response role.
• Hands-on experience investigating and resolving incidents across endpoints, identity platforms, networks, and cloud services.
• Strong understanding of malware and ransomware response, identity compromise, and vulnerability remediation.
• Experience working within formal Security Incident and Major Incident processes.
• Strong written documentation and stakeholder communication skills.

Knowledge, Skills & Experience - Desirable

• Experience supporting multi-site or operationally sensitive environments.
• Familiarity with Defender, SIEM, EDR, and vulnerability management tools.
• Understanding of regulated or PCI-adjacent environments.
• Relevant security certifications or equivalent experience.

Behavioural Competencies

• Takes ownership from detection through to resolution.
• Investigates thoroughly and challenges incomplete fixes.
• Calm, methodical, and decisive during live incidents.
• Understands operational and business impact.
• Professional and confident when engaging customers and suppliers.

Decision Making & Authority

• Makes technical decisions relating to investigation, containment, and remediation of security incidents.
• Escalates risk and decision points appropriately to Incident Management and Service Delivery leadership.

Key Interfaces

• Incident Management
• Security Operations
• Infrastructure and Network Services
• Third-party suppliers
• Customer stakeholders via structured incident communications