24 x 7 Security Analyst

This role reports to the SOC Team Lead. As the SOC Analyst, you will be accountable for the effective delivery of your tasks, ensuring expected performance standards while continuously developing your skills as part of a high‑trust, high‑performing security service. You will leverage your experience in security operations to enable the smooth delivery of our award‑winning defensive monitoring service, supporting proactive detection and response for clients across the globe.

You will be expected to contribute hands‑on, technically where and when needed, including deep‑dive investigations, supporting incident response, threat hunting, tuning detections, and, if required, delivering technical training to new starters. You must proactively initiate actions, work independently, mitigate threats quickly, set an example, maintain operational continuity, make informed decisions, and ensure efficient delivery of tasks under pressure.

• Analyst & Operations Oversight: Perform day‑to‑day activities of SOC analysts across all shifts. Ensure all alarms/cases are reviewed and responded to within the predefined SLA. Maintain and keep documentation up to date (including design specifications, diagrams and process documentation). Complete all HALO case files on time with accurate and timely data/results. Aim to ensure high‑quality incident triage and investigation following predefined and agreed SOC processes. Coordinate with other shifts to maintain operational continuity and consistent processes.
• Key Performance Indicators, Service Level Agreements & Reporting: KPIs are goals that must be achieved to demonstrate satisfactory or above performance for this job role. KPIs will be monitored on an ongoing basis throughout each year and explored further as part of the performance management process. Service KPIs/SLAs and deliverables are tracked, adhered to and deviations remediated through root‑cause analysis and non‑conformance.
• Threat Detection: Review real‑time alerts and telemetry to identify suspicious activity or breaches. Analyse logs, network flows and endpoint data to validate alerts and understand threat context. Maintain and tune SIEM/SOAR correlation rules and endpoint detection signatures to reduce false positives and improve coverage. Triage and investigate unusual events to confirm incidents or dismiss benign anomalies.
• Threat Hunting: Perform hypothesis‑driven threat hunts across multiple client networks using telemetry, threat intelligence and the MITRE ATT&CK framework. Identify weak spots or blind spots in monitoring coverage and recommend new rules, queries or sensors to close them. Analyse Indicators of Compromise (IOCs) and emerging threat data to discover stealthy intrusions, document hunting methods, findings and update detection content as needed. Use advanced analytics in SIEM/SOAR and EDR to dig deeper than automated alerts, leveraging both in‑house and public threat intelligence.
• Management Reports: These reports are written on a monthly, bimonthly and quarterly basis. The production of reports is a shared responsibility between senior and junior analysts. When a report is prepared by a SOC analyst, it must be reviewed for quality assurance by a senior analyst or the SOC team lead before sharing with the client. Due to the usual workload, the production of management reports is generally completed by the night shift, with support from the day shift when operationally feasible.
• Incident Handling & Escalation: Oversee detection, validation and containment of security incidents/alerts. When required, provide technical guidance during live incidents and ensure appropriate escalation.
• Quality Assurance & Process Improvement: Identify and eliminate false positives by creating new fine‑tuning detection rules in collaboration with team leads and engineering. Recommend improvements to XDR/SIEM/SOAR configurations and workflows.
• Reporting & Communication: Communicate important incidents to the cybersecurity leadership team as needed. Maintain clear documentation of incidents, lessons learned and operational notes.
• Training & Mentoring: Support training for new SOC analysts, helping them grow technically and operationally.
• Compliance & Governance Support: Ensure analysts follow LRQA Cybersecurity established security policies, procedures, and SLAs. Align SOC practices with frameworks (e.g., ISO 27001 & MITRE ATT&CK). Ensure incident documentation meets regulatory and audit requirements.
• Collaboration: Work closely with Threat Intelligence, Vulnerability Management and Incident Response teams to enhance detection capability. Collaborate with IT operations and network teams for containment and recovery actions. Maintain regular verbal and written communication with customers, suppliers and internally as required.
• Client Success: Client feedback is actively encouraged and serves as a key measure of success. Positive feedback reflects our achievements, while suggestions or complaints are reviewed with management to assess potential inclusion in service improvements.
• Experience & Qualifications: Experience supporting incident management. Proficient in SIEM, EDR, XDR, EPP and NetMon tools, including usage, configuration and rule creation. Skilled in analysing log data across multiple device types to support incident management. In‑depth understanding of attack vectors, with the ability to distinguish normal from abnormal activity and recommend countermeasures and remediation. Proven experience working in complex, high‑performing enterprise SOC/MSSP environments. Familiarity with offensive tools, techniques and vulnerabilities, including Kali, Metasploit, Veil, MITRE ATT&CK, CVE and OWASP frameworks.
• Core Soft Skills & Emotional Intelligence: Strong soft skills, including effective communication, collaboration and emotional intelligence, enabling clear stakeholder engagement and the ability to manage high‑pressure situations with composure.

Diversity and Inclusion at LRQA: We are on a mission to be the place where we all want to work and we are passionate about embracing different perspectives because we understand the value this brings to our business, our clients and each other. We are all about creating a safer and more sustainable future and our inclusive culture is right at the heart of our business. Together our employees make our communities better and we want you to be part of our diverse team! LRQA is a leading global assurance provider. The integrity and expertise we bring to our partnership with clients support their journey to a safer, more secure and more sustainable future.