Cyber Security Ops Analyst in Birmingham

We are seeking a Security Operations Analyst to join our Cyber Security team and play a key role in protecting our organisation from evolving cyber threats. Working as part of a Security Operations Centre (SOC), you will monitor, detect, investigate, and respond to security incidents across our technology estate. Hybrid role requiring 2 days per month onsite in Birmingham, with participation in a 1-in-6 on-call rota working either 7:00am–3:30pm or 9:00am–5:30pm shifts.

Responsibilities

• Monitor and analyse security alerts from multiple tools, including Google SecOps, Microsoft Defender, and Forcepoint, escalating incidents where required.
• Carry out initial and intermediate investigations to assess the severity, scope, and impact of security incidents.
• Perform proactive threat hunting using telemetry and intelligence from SIEM, EDR, and threat intelligence feeds.
• Use automation platforms such as Microsoft Power Automate, Python, or scripting tools to improve investigation and response workflows.
• Assist in developing LLM-based workflows to support security automation use cases including alert enrichment, triage, and documentation.
• Support the configuration, monitoring, and continuous improvement of DLP policies across Microsoft Purview, email, and endpoint channels.
• Contribute to the creation and maintenance of incident response playbooks, procedures, and documentation in line with best practice.
• Work with asset owners to ensure the security tooling inventory remains accurate and effective.
• Maintain high-quality incident records and contribute to post-incident reviews to drive continuous improvement.
• Support wider cyber security initiatives to improve detection, visibility, and response across the organisation.

Qualifications

• Strong foundational experience in security monitoring, incident response, or threat analysis within a SOC or similar environment.
• Hands-on experience with SIEM platforms, ideally Google SecOps (Chronicle) or equivalent.
• Practical experience using automation tools such as Microsoft Power Automate, Python, or PowerShell.
• Awareness of how Large Language Models can be applied in cyber security, including prompt design, data sanitisation, and responsible AI use.
• Understanding of Data Loss Prevention principles, including policy creation, triage, and escalation.
• Familiarity with the Microsoft Defender security ecosystem is highly desirable.
• Strong analytical and problem-solving skills, with attention to detail and a continuous improvement mindset.
• Clear written and verbal communication skills, with the ability to document incidents and collaborate with technical and non-technical teams.
• Relevant certifications such as CompTIA Security+, Microsoft SC-200, or similar are beneficial but not essential.

Benefits

• 26 days’ holiday + bank holidays (and the option to buy more) plus 1 paid volunteering day every year.
• Exceptional family leave, 26 weeks fully paid maternity/adoption, 4 weeks fully paid paternity, 22 weeks fully paid shared parental leave, plus 5 days paid bereavement leave.
• Robust sick pay of up to 13 weeks full pay + 13 weeks half pay.
• 24/7 Employee Assistance Programme for confidential support.
• Private medical insurance for everyone, no medical-history exclusions.
• Performance-based rewards tailored to your role, from company-wide bonuses to OTE and commission structures.
• Income protection: up to 75% salary for 5 years if you ever need it.
• SkillsHub learning platform with leadership pathways, future-manager training, and a huge online library.
• Access to external training and apprenticeships.
• MatchIt! Fundraise for a cause close to your heart and OneAdvanced will match part of the funding.
• Pennies from Heaven donate the pennies from your pay check to help make a difference without lifting a finger.
• ULEV car scheme with 1,000+ models.
• Dental insurance, Health Cash Plan, Critical Illness Cover, Partner Life Cover.