Tier I SOC Analyst

Our SOC Analysts form the first line of defence within our cyber security operations. You will be responsible for monitoring and assessing security events, mitigating and defending against malicious activity, and adapting to an evolving threat landscape. This role operates as a triage specialist, managing and configuring security tools, containing and remediating attacks, and preventing unauthorised access to critical systems and data. This position requires flexibility to work shifts (including unsociable hours, weekends, and bank holidays where these fall within your rota) as part of a 24/7 operational team.

Principal Duties and Responsibilities

• Monitor and identify cyber security threats and SIEM alerts that pose, or may pose, a risk to clients.
• Triage alerts across a wide range of security controls and determine urgency, escalating to Tier 2 where appropriate.
• Ensure investigation steps are clearly documented and escalated accurately when required.
• Provide Tier 1 resolution for basic security incidents, including initial reporting, follow‑ups, and requests for further information or action.
• Communicate directly with CyberClan customers regarding security incidents, emerging threats, and related matters.
• Produce and maintain documentation relevant to the SOC and the role.
• Contribute to continual improvement of the SOC knowledge base.
• Collaborate with CyberClan’s global teams during incident response activities.
• Support research into global security events, issues, and trends, producing advisories for customers where relevant.
• Manage and configure security monitoring tools.
• Investigate intrusion attempts and conduct in‑depth exploit analysis.
• Perform cyber threat research and analysis to strengthen network security.
• Assist in defining, testing, and operating new processes or technologies introduced to the SOC.
• Provide analytical insights on client network traffic patterns relating to malware and other threats.
• Manage and update service requests and incidents to ensure Service Level Agreements (SLAs) are met.
• Continuously develop technical and personal skills and support the development of colleagues.
• Proactively contribute to business KPIs.
• Adhere to all Information Security and company policies.
• Engage with strategic incident response and threat intelligence partners.
• Undertake additional responsibilities, training, and tasks as reasonably requested by line management.
• Conduct periodic assurance reviews and produce associated reports.
• Participate in internal security awareness initiatives and training programme.

Person Specification

Qualifications

• Bachelor’s degree in a relevant field (e.g., Computer Science, Information Technology, Cyber Security) or equivalent professional experience.
• Security+ or equivalent certification (e.g., CompTIA CySA+, GSEC).

Skills, Knowledge, and Experience

• Experience using SOC tooling to identify and analyse threats.
• Familiarity with collaboration tools.
• Strong analytical mindset and structured approach to problem‑solving.
• Previous SOC analysis experience is advantageous.
• Willingness to share expertise and support team knowledge growth.
• Understanding of IT systems, networking, and the wider threat landscape, including:

• Network fundamentals (OSI model, TCP/IP, DNS, HTTPS, firewall logs).
• Endpoint protection technologies (AV, web filtering, ATP, encryption).
• IDS/IPS systems.
• SIEM platforms.
• SOAR experience is an advantage.
• Understanding of malware capabilities, attack vectors, and impacts.

Personal Qualities

• Excellent interpersonal and customer service skills.
• Ability to communicate technical information clearly to non‑technical stakeholders.
• Genuine enthusiasm for working in cyber security.
• Strong written communication skills for documenting systems, processes, and incidents.
• Ability to identify and suggest improvements.
• Strong analytical and problem‑solving abilities.
• Adaptability to organisational change and ability to work independently under pressure.
• Proven ability to manage a varied workload effectively.

Cyberclan is committed to equal pay for equal work in its compensation practices. Applicants selected to move forward in the hiring process are subject to background checks, including but not limited to criminal record, credit, and/or reference checks.

This role may require a flexible working pattern, including shifts, weekends, and evenings. We are committed to fair and transparent scheduling practices and fostering a collaborative working environment.