Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Monitor and respond to cyber threats in a fast-paced environment.
- Company: Join a leading organisation protecting critical national infrastructure.
- Benefits: Competitive salary, flexible working hours, and opportunities for professional growth.
- Other info: Dynamic team culture with a focus on continuous improvement and learning.
- Why this job: Make a real difference in safeguarding essential services and infrastructure.
- Qualifications: Strong technical skills in cybersecurity and incident management required.
The predicted salary is between 45000 - 55000 £ per year.
We are seeking specialist, high-calibre Cyber Security Operations Centre (CSOC) Analysts to support essential energy operations within a Critical National Infrastructure (CNI) environment. This role is responsible for real-time security monitoring, alert triage, investigation, and early-stage incident response. You will work with industry-standard security monitoring and incident/event management platforms to identify suspicious activity, validate alerts, and escalate confirmed incidents. This is a highly operational position requiring strong technical judgement, excellent written communication, and the ability to remain calm and effective under time pressure. You will also contribute to continuous improvement by capturing lessons learned from incidents, helping tune detections, and strengthening operational procedures and documentation.
Key Responsibilities
- Monitor security events and alerts using industry-standard SIEM and incident/event management platforms (e.g., Elastic, Microsoft Sentinel, Splunk).
- Perform rapid triage to determine alert validity, severity, scope, and potential business or operational impact.
- Correlate related events and identify patterns across multiple alerts to reduce duplication and improve incident clarity.
- Conduct investigations across endpoint, identity, network, and log telemetry, building timelines and hypotheses grounded in evidence.
- Maintain high-quality investigation records, including key evidence and the queries/search logic used to reach conclusions, supporting peer review, auditability, and reliable handover.
- Apply foundational host-based forensic concepts, including process ancestry, persistence artefacts, lateral movement indicators, and log integrity considerations.
- Manage security incidents from initial identification through to handover to incident management / incident response teams, ensuring escalations are timely, complete, and actionable.
- Support containment and mitigation activities where authorised, including coordinating response actions with relevant teams and tooling.
- Develop and fine-tune detection rules and alerts to identify malicious activity, validating effectiveness and reducing false positives.
- Identify and implement lessons learned from incidents and post-incident reviews (PIRs) to improve processes, runbooks, and detection logic.
- Contribute to a culture of quality and standardisation by improving documentation and operational practices.
Skills and Experience Required
- Strong technical communication skills in time-pressured environments, with excellent written communication (clear, structured incident notes and stakeholder updates).
- Strong foundational knowledge of incident and event management / SIEM platforms (e.g., Elastic, Sentinel, Splunk), including query languages used for investigations and detections such as: Kusto Query Language (KQL), ES|QL, Kibana Query Language.
- Strong understanding of attacker tactics, techniques, and procedures (TTPs), including detecting indicators of compromise (IOCs) and knowing how to locate them in logs or telemetry.
- Evidence of keeping up to date with industry-specific threat trends, attacker tradecraft, and emerging defensive techniques.
- Experience across the complete lifecycle of security incidents, including initial detection, triage, escalation to incident response teams, response, remediation, and PIR learnings.
Desirable
- Deep understanding of one or more SIEM technologies, with Elastic knowledge considered a strong advantage.
- GIAC / SANS certifications highly desired, or equivalent credible industry certifications aligned to SOC operations, incident handling, threat detection, or forensic fundamentals.
Cyber Security Specialist employer: LHH
Contact Detail:
LHH Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Cyber Security Specialist
✨Tip Number 1
Network like a pro! Attend industry events, webinars, and meetups to connect with other cyber security enthusiasts. You never know who might have the inside scoop on job openings or can put in a good word for you.
✨Tip Number 2
Show off your skills! Create a personal project or contribute to open-source initiatives related to cyber security. This not only boosts your portfolio but also demonstrates your passion and expertise to potential employers.
✨Tip Number 3
Prepare for interviews by practising common cyber security scenarios. Think about how you'd handle real-time monitoring or incident response situations. We want you to be ready to impress with your technical judgement and calmness under pressure!
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets noticed. Plus, we love seeing candidates who are proactive and engaged with our platform.
We think you need these skills to ace Cyber Security Specialist
Some tips for your application 🫡
Tailor Your CV: Make sure your CV is tailored to the Cyber Security Specialist role. Highlight your experience with SIEM platforms and any relevant certifications. We want to see how your skills match what we're looking for!
Craft a Compelling Cover Letter: Your cover letter is your chance to shine! Use it to explain why you're passionate about cyber security and how your background makes you a great fit for our team. Keep it clear and concise, just like you'd communicate in a high-pressure situation.
Showcase Your Technical Skills: In your application, don't forget to mention your technical skills, especially around incident management and detection. We love seeing candidates who can demonstrate their knowledge of tools like Elastic or Splunk, so make sure to include that!
Apply Through Our Website: We encourage you to apply through our website for the best chance of getting noticed. It’s super easy, and you'll be able to submit all your documents in one go. Plus, we love seeing applications come directly from our site!
How to prepare for a job interview at LHH
✨Know Your Tools Inside Out
Make sure you’re familiar with the industry-standard SIEM and incident/event management platforms mentioned in the job description, like Elastic, Microsoft Sentinel, and Splunk. Brush up on your query languages such as KQL and ES|QL, as being able to demonstrate your technical skills with these tools will show that you're ready to hit the ground running.
✨Stay Calm Under Pressure
Since this role requires you to work effectively under time pressure, practice scenarios where you have to triage alerts quickly. You could even set up mock situations with friends or colleagues to simulate the stress of real-time monitoring. This will help you build confidence and improve your decision-making skills when it counts.
✨Communicate Clearly
Strong written communication is key in this role, especially for documenting incidents and updates. Before your interview, prepare a few examples of how you've communicated complex information clearly in the past. Practising writing structured incident notes can also help you articulate your thoughts better during the interview.
✨Show Your Continuous Improvement Mindset
Be ready to discuss how you’ve contributed to process improvements in previous roles. Think about specific instances where you’ve identified lessons learned from incidents and how you implemented changes. This will demonstrate your proactive approach to enhancing operational procedures, which is crucial for this position.