Junior SOC Analyst in London

Important: you must be UK based – we are unable to provide visa sponsorship, and you must meet all 4 minimum requirements below.

What we’re offering:

• Salary: £33,000 + £7,000 night shift allowance
• Holiday: 25 days paid holiday plus bank holidays (increases by 1 day per year worked up to 30 days)
• Flexible Working: We love getting the team together in the office, so we typically spend three days per week together in our lovely London office. The rest of the time, you can work wherever you’re most productive.
• Working Hours: Rolling 16 day shift pattern: 4 day shifts (12 hours), 4 days off, 4 night shifts (12 hours), 4 days off
• Training: Budget for one certification/course per year
• Socials: We meet regularly to have a drink, throw some axes
• Start Date: ASAP

Minimum Requirements:

• Experience: 6 months to 1 year of security experience, ideally in an operations capacity
• IT literacy: highly confident using Microsoft Office 365, especially Outlook, Word, Excel and PowerPoint
• Fluent in English: you must be highly proficient with business-level written and spoken English
• Location: must be within a reasonable commute of Canary Wharf, London

The Role:

This isn’t your typical SOC Analyst role where you’re pigeonholed into one narrow specialism. At CyPro, you’ll have the opportunity to get involved in a wide range of areas including monitoring, incident response, threat intelligence, detection engineering, automation and internal security operations.

You’ll play a key role in our Security Operations Centre, delivering 365-day monitoring, detection and response to our growing customer base. You’ll contribute to building out our capabilities, improving tooling and processes, and shaping how we operate as the function matures.

Core Responsibilities:

• Security Monitoring & Incident Response: Monitor security alerts generated by Microsoft Sentinel, Microsoft Defender, Datadog and Elastic. Assess severity and impact of alerts, triage and investigate incidents independently. Execute containment and remediation actions using defined runbooks and playbooks. Correlate data across platforms to identify anomalies, malicious patterns and attacker behaviour. Produce detailed incident reports, RCA and after-action reviews for internal and client use. Maintain accurate incident records in JIRA Service Management.
• Detection Engineering: Develop and implement new detection rules in Microsoft Sentinel aligned to the MITRE ATT&CK framework. Draft and optimise KQL queries for detection and threat hunting. Refine existing detection logic based on false positive analysis and threat evolution.
• Threat Intelligence & Enrichment: Analyse threat intelligence feeds to identify relevant threats and vulnerabilities. Review and tag IOCs and TTPs observed in client environments. Participate in proactive threat hunting sprints to identify risks before they escalate.
• Client Support & Reporting: Prepare weekly and monthly SOC reports highlighting activity, incidents and trends. Join governance calls with senior analysts or managers to present SOC insights. Respond to client queries regarding investigations, coverage and data flows.
• Internal Security Operations: Support the management of CyPro’s internal security environment. Administer and monitor identity management solutions. Manage and maintain our MDM platform to ensure secure and compliant device management. Help ensure our internal security posture reflects the same standards we deliver to clients.
• Process Improvement & Automation: Design and develop Logic Apps to automate incident response workflows. Contribute to evolving internal runbooks and knowledge base articles. Identify gaps in visibility, tooling or processes and propose solutions.
• Professional Development: Work toward and maintain relevant certifications (e.g. SC-200, AZ-500). Stay up to date with current threat trends, attacker TTPs and defensive strategies. Actively participate in ongoing training and capability development.

Who we're looking for:

• Self-Starters – we’re not a large FTSE organisation with a procedure for everything. You’ll need to operate in an environment with few guardrails and help build things as we grow.
• Ambitious & Driven – whether your goal is to lead a team, specialise technically or move into leadership in future, we’ll support your development.
• Always Improving – we’re a growing business and want our people to grow with us.

What we think you need to be successful:

• Education & Experience: University educated with a degree in computer science, information security or equivalent, or an apprenticeship in a relevant area. At least 6 months to one year of experience in a SOC environment monitoring and responding to incidents. Microsoft Sentinel and Defender hands-on expertise. SC-200 certification or willingness to achieve it. Within commuting distance (~1 hour) of Canary Wharf, London.
• Technical Skills: Strong KQL skills for threat hunting and incident forensics. Experience with SIEM, IDS/IPS and threat intelligence platforms. Familiarity with incident response frameworks and security best practice. Experience with scripting and automation (e.g. Azure Logic Apps).
• Soft Skills: Problem-Solving: Identify, troubleshoot and resolve complex security issues. Attention to Detail: Ensure accurate detection, analysis and documentation. Analytical Thinking: Comfortable interpreting complex security data. Communication: Clear and confident communicator, able to translate technical issues for non-technical audiences. Calm Under Pressure: Maintain composure during incidents and escalate appropriately. Accountable & Humble: Take ownership and learn from experience. Curious: Dive into data sets and problems to uncover patterns and root causes.

Our Two-stage Hiring Process:

• Intro Discussion (20 minutes, Remote): An initial chat to learn more about you and the role.
• Assessment Centre (2 hours, London): A mini project on-site (no prep required), some quick tests, followed by a final interview with the founders and our SOC Manager.