Security Operations Center Analyst

Important: you must be UK based – we are unable to provide visa sponsorship, and you must meet all 4 minimum requirements below.

Also, this is an experienced hire role. Please do not apply if you are seeking your first role in cyber security - look out for our Graduate SOC Analyst roles instead.

What we’re offering (saves you scrolling straight to the bottom):

• Salary: £40,000–46,000 depending on experience
• Holiday: 25 days paid holiday plus bank holidays (increases by 1 day per year worked up to 30 days)
• Flexible Working: We love getting the team together in the office, so we typically spend three days per week together in our lovely London office (39 floors up in Canary Wharf). The rest of the time, you can work wherever you’re most productive.
• Working Hours: Unique and well-balanced rolling 5-week shift pattern that largely revolves around Monday - Friday. Includes working 1 weekend in 5; and 7 on-call nights every 5 weeks.
• Training: Budget for one certification/course per year
• Socials: We meet regularly to have a drink, throw some axes
• Start Date: ASAP

You must meet all 4 of these minimum requirements, please do not apply if you do not – your application will be rejected.

• Experience: 1–3 years in an administrative, operations, or assistant role supporting senior stakeholders
• IT literacy: highly confident using Microsoft Office 365, especially Outlook (calendar + inbox management), Word, Excel and PowerPoint
• Fluent in English: you must be highly proficient with business-level written and spoken English
• Location: must be within a reasonable commute of Canary Wharf, London for occasional in-person time

About CyPro:

• We are an innovative cyber security start-up united in a shared mission: to redefine cyber security for small and medium-sized businesses (SMBs).
• Our Founders – Jonny & Rob – spent most of their early careers delivering cyber security for large enterprises and central government. They saw a clear need for a new approach to cyber security as SMBs became increasingly targeted by cyber criminals.
• Together, CyPro is already setting new standards, defining innovative solutions and equipping its clients with the cyber security they need to prevent attacks, secure bigger clients and scale to new heights.
• We are growing quickly, and the next few years promise more of the same. Joining CyPro means becoming an integral part of our mission and joining a team of industry experts embarking on this journey.

The Role:

• This isn’t your typical SOC Analyst role where you’re pigeonholed into one narrow specialism. At CyPro, you’ll have the opportunity to get involved in a wide range of areas including monitoring, incident response, threat intelligence, detection engineering, automation and internal security operations.
• You’ll play a key role in our Security Operations Centre, delivering 365-day monitoring, detection and response to our growing customer base. You’ll contribute to building out our capabilities, improving tooling and processes, and shaping how we operate as the function matures.
• As the team grows further, you’ll have the flexibility to focus more deeply on the areas that interest you most – whether that’s advanced detection engineering, threat intelligence, incident response leadership or platform automation. If you’re ambitious and want to help shape something rather than simply follow a process, this is the right environment for you.

Core Responsibilities:

Security Monitoring & Incident Response

• Monitor security alerts generated by Microsoft Sentinel, Microsoft Defender, Datadog and Elastic.
• Assess severity and impact of alerts, triage and investigate incidents independently.
• Execute containment and remediation actions using defined runbooks and playbooks.
• Correlate data across platforms to identify anomalies, malicious patterns and attacker behaviour.
• Produce detailed incident reports, RCA and after-action reviews for internal and client use.
• Maintain accurate incident records in JIRA Service Management.

Detection Engineering

• Develop and implement new detection rules in Microsoft Sentinel aligned to the MITRE ATT&CK framework.
• Draft and optimise KQL queries for detection and threat hunting.
• Refine existing detection logic based on false positive analysis and threat evolution.
• Analyse threat intelligence feeds to identify relevant threats and vulnerabilities.
• Review and tag IOCs and TTPs observed in client environments.
• Participate in proactive threat hunting sprints to identify risks before they upscale.

Client Support & Reporting

• Prepare weekly and monthly SOC reports highlighting activity, incidents and trends.
• Join governance calls with senior analysts or managers to present SOC insights.
• Respond to client queries regarding investigations, coverage and data flows.

Internal Security Operations

• Support the management of CyPro’s internal security environment.
• Administer and monitor identity management solutions.
• Manage and maintain our MDM platform to ensure secure and compliant device management.
• Help ensure our internal security posture reflects the same standards we deliver to clients.

Process Improvement & Automation

• Design and develop Logic Apps to automate incident response workflows.
• Contribute to evolving internal runbooks and knowledge base articles.
• Identify gaps in visibility, tooling or processes and propose solutions.

Professional Development

• Work toward and maintain relevant certifications (e.g. SC-200, AZ-500).
• Stay up to date with current threat trends, attacker TTPs and defensive strategies.
• Actively participate in ongoing training and capability development.

Who we're looking for:

• Self-Starters – we’re not a large FTSE organisation with a procedure for everything. You’ll need to operate in an environment with few guardrails and help build things as we grow.
• Ambitious & Driven – whether your goal is to lead a team, specialise technically or move into leadership in future, we’ll support your development.
• Always Improving – we’re a growing business and want our people to grow with us.

What we think you need to be successful:

Education & Experience

• University educated with a degree in computer science, information security or equivalent
• At least one year of experience in a SOC environment monitoring and responding to incidents
• Microsoft Sentinel and Defender hands-on expertise
• SC-200 certification or willingness to achieve it
• Within commuting distance (~1 hour) of Canary Wharf, London

Technical Skills

• Strong KQL skills for threat hunting and incident forensics
• Experience with SIEM, IDS/IPS and threat intelligence platforms
• Familiarity with incident response frameworks and security best practice
• Experience with scripting and automation (e.g. Azure Logic Apps)

Soft Skills

• Problem-Solving: Identify, troubleshoot and resolve complex security issues.
• Attention to Detail: Ensure accurate detection, analysis and documentation.
• Analytical Thinking: Comfortable interpreting complex security data.
• Communication: Clear and confident communicator, able to translate technical issues for non-technical audiences.
• Calm Under Pressure: Maintain composure during incidents and elevate appropriately.
• Accountable & Humble: Take ownership and learn from experience.
• Curious: Dive into data sets and problems to uncover patterns and root causes.

Our Two-stage Hiring Process:

• Intro Discussion (20 minutes, Remote): An initial chat to learn more about you and the role.
• Assessment Centre (2 hours, London): A mini project on-site (no prep required), some quick tests, followed by a final interview with the founders and our SOC Manager.