Lead Incident Response Analyst in Cardiff

Lead Incident Response Analyst – Security Operations (Hybrid)

Location: South Wales & Bristol (2 days per week in Cardiff office)

Pay: Circa £55,000 DOE, plus bespoke learning & bonus plan

Join a leading security operations team as a Lead Incident Response Analyst where you’ll take charge of advanced incident response, proactive threat hunting, and mentoring SOC analysts. Acting as a senior escalation point, you’ll work with cutting‑edge Microsoft security tools (Sentinel, Defender suite) and frameworks like MITRE ATT&CK to safeguard clients against sophisticated threats.

What you’ll do:

• Lead containment, eradication, and recovery for high‑severity incidents
• Conduct proactive threat hunting and root cause analysis
• Collaborate across SOC teams to improve detection and automation
• Mentor analysts and contribute to early careers programs

What we’re looking for:

• 3+ years SOC experience with strong incident response skills
• Expert in Microsoft Sentinel & Defender suite
• Strong KQL and threat‑hunting expertise
• Excellent communication and leadership skills

Hybrid role with on‑call rota and opportunities to shape SOC capabilities.