Lead Security Analyst in Bristol

Lead Security Analyst in Bristol

Bristol Full-Time 65000 - 80000 £ / year (est.) Home office (partial)
Made Tech Limited

At a Glance

  • Tasks: Lead a team in detecting and responding to cyber threats for UK public sector clients.
  • Company: Join Made Tech, a forward-thinking tech company dedicated to improving public services.
  • Benefits: Enjoy 30 days holiday, flexible hours, remote work options, and paid counselling.
  • Other info: Be part of a diverse team that values growth and inclusivity.
  • Why this job: Make a real impact on national security while developing your skills in a dynamic environment.
  • Qualifications: CISSP or CISM certification and experience in SOC environments required.

The predicted salary is between 65000 - 80000 £ per year.

Made Tech helps UK public sector organisations build and run better digital services. Our Cyber practice sits at the heart of that mission – working alongside government departments, agencies, and critical national infrastructure owners to improve how they detect, respond to, and learn from cyber threats.

As a Lead Security Analyst, you will be the most senior analyst on your engagement, setting the technical direction for the SOC and owning the quality of what the team produces – from detection engineering to threat-hunting to incident response. This isn’t a role where you disappear into a ticket queue. You will shape the threat-landscape narrative for your engagement, drive the detection backlog, and build the capability of the analysts around you. That means pairing on complex investigations, setting tradecraft standards, and ensuring the team's detection content is version-controlled, peer-reviewed, and continuously improved – not left to age in a SIEM.

You will also be the trusted technical interface for client security stakeholders, translating what the SOC is seeing into the language that informs decisions. The UK public sector context matters here. You will align your work to NCSC guidance, the Cyber Assessment Framework, and OFFICIAL handling requirements – not because compliance is the goal, but because those frameworks reflect the real risk environment your clients operate in. You will engage with cross-government security communities, feed detection content and runbooks back into the Cyber practice, and help grow a bench of analysts who can operate at the same standard.

Key Responsibilities
  • Set the detection engineering standard: author, tune, and peer-review detections in KQL, SPL, EQL, or Sigma; manage the false-positive backlog; map coverage to MITRE ATT-CK; and train L1/L2 analysts to write and tune detections themselves.
  • Own the threat-landscape narrative for your engagement: turn intelligence from NCSC advisories, sector feeds, and threat actor reporting into hunt themes, coverage gap analysis, and detection priorities that the SOC and client stakeholders can act on.
  • Run the intelligence cycle as a managed discipline: maintain a collection plan, produce timely and rigorous intelligence products, and build feedback loops that keep the cycle honest and improving.
  • Establish and lead security incident response practice: build playbooks, define the severity model, run exercises, and lead the team's response to significant incidents; run blameless post-mortems that the team actually learns from.
  • Design the log and telemetry pipeline that detections run on: include bespoke application telemetry in cloud environments, not just commodity endpoint feeds; ensure the right signals are collected, parsed, and retained for both detection and investigation.
  • Be the trusted technical interface for client security stakeholders: communicate what the SOC is detecting, investigating, and covering without losing fidelity; surface risks early and honestly, and align the team's priorities to the client's risk picture.
  • Grow the analysts around you: pair on detection authorship and incident response as a default, set pairing as the team norm, and actively build the capability of L1 and L2 analysts through structured mentoring and coaching so knowledge isn’t concentrated in one person.
  • Contribute to the Cyber practice beyond your engagement: feed detection content, runbooks, and lessons learned back into shared practice resources; contribute to analyst assessment and hiring; and engage with public-sector security communities including NCSC CISP and relevant ISACs.
Skills, Knowledge & Expertise
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • CompTIA Advanced Security Practitioner (CASP+)
  • Experience leading detection engineering in a SOC or similar environment – including writing and tuning detections in KQL, SPL, EQL, or Sigma, and managing coverage against MITRE ATT-CK
  • Experience designing or improving a log and telemetry pipeline, including application-level telemetry from cloud-hosted services (AWS is a strong preference at this grade), with an understanding of how to design monitoring for failure modes and degraded states
  • Evidence of running the intelligence cycle as a managed discipline – collection planning, production, and feedback – rather than consuming finished intelligence
  • Working knowledge of UK government security standards and frameworks, including NCSC CAF Objective C, GovAssure, and OFFICIAL handling requirements
  • Experience establishing incident response practice – playbooks, severity models, and exercises – not just responding to individual incidents
  • Evidence of growing the technical capability of less-experienced analysts through pairing, structured mentoring, or coaching, including setting clear goals and tracking progress over time
  • Experience anchoring delivery on client outcomes rather than task completion – challenging the brief where it serves the client and making value visible rather than reporting effort
  • Evidence of contributing reusable assets – detection playbooks, runbooks, templates, or accelerators – back into a practice or community, rather than leaving knowledge within a single team
Tools and Practices
  • Familiarity with SOAR tooling and automation of triage and enrichment workflows
  • Experience working in Kanban-led operating models, including managing triage queues, WIP limits, and class-of-service for incidents
  • Experience running or contributing to skills-based technical assessments that evaluate demonstrated capability rather than credentials or years of experience
Job Benefits
  • 30 days Holiday – we offer 30 days of paid annual leave
  • Flexible Working Hours – we are flexible with what hours you work
  • Flexible Parental Leave – we offer flexible parental leave options
  • Remote Working – we offer part-time remote working for all our staff
  • Paid counselling – we offer paid counselling as well as financial and legal advice
  • Smart Tech scheme, Cycle to work scheme, and an individual benefits allowance which you can invest in a Health care cash plan or Pension plan
  • Optional social and wellbeing calendar of events for all employees
Eligibility

SC Eligibility: An increasing number of our customers are specifying a minimum of SC (security check) clearance in order to work on their projects. As a result, we’re looking for all successful candidates for this role to have eligibility. Eligibility for SC requires 5 years’ UK residency and 5 year’ employment history (or back to full-time education). Please note that if at any point during the interview process it is apparent that you may not be eligible for SC, we won’t be able to progress your application and we will contact you to let you know why.

Equal Opportunity

We believe we can use tech to make public services better. We also believe this can happen best when our own team represents the society that actually uses the services we work on. We're collectively continuing to grow a culture that is happy, healthy, safe and inspiring for people of all backgrounds and experiences, so we encourage people from underrepresented groups to apply for roles with us. We also welcome any feedback on how we can improve the experience for future candidates.

Lead Security Analyst in Bristol employer: Made Tech Limited

Made Tech is an exceptional employer, dedicated to fostering a collaborative and inclusive work culture that empowers employees to grow and thrive. With a focus on professional development, we offer tailored benefits such as paid counselling, flexible working arrangements, and opportunities to attain recognised cyber certifications, all while working on impactful projects that enhance public services across the UK. Join us in a dynamic environment where your expertise will shape the future of security assurance in government programmes, making a real difference in the lives of citizens.

Made Tech Limited

Contact Details:

Made Tech Limited Recruitment Team

StudySmarter Expert Advice🤫

We think this is how you could land Lead Security Analyst in Bristol

Get Involved in the Cybersecurity Community

Diving into the cybersecurity community is key for landing that full-time gig. Join forums like Reddit's r/cybersecurity or attend local meetups to connect with industry veterans and other job seekers. Networking is everything in this field—don’t just be a passive lurker!

Show Off Your Skills with Capture the Flag Competitions

Participate in Capture the Flag (CTF) competitions; these are not just a fun way to boost your skills but also a chance to showcase your talent to potential employers. Many companies, including Made Tech Limited, love seeing candidates who actively engage in these challenges.

Tailor Your Online Presence

Make sure your LinkedIn and any professional profiles reflect your cybersecurity expertise. Share your projects, whether they’re personal or from a previous role, to catch the eye of hiring managers. This is how they’ll find your passion and commitment to the field!

Apply Directly Through Made Tech Limited

Don’t forget to head straight to our website and check out any openings for cybersecurity roles at Made Tech Limited. Applying directly can sometimes give you an edge, especially if you can mention that you've been following our work or engaging in the community.

We think you need these skills to ace Lead Security Analyst in Bristol

Certified Information Systems Security Professional (CISSP)
Certified Information Security Manager (CISM)
CompTIA Advanced Security Practitioner (CASP+)
Detection Engineering
KQL
SPL
EQL

Some tips for your application 🫡

Show off your technical skills:In cybersecurity, it's crucial to highlight your technical prowess. Make sure your CV showcases specific skills like network security, penetration testing, or threat analysis. If you have relevant certifications (like CEH or CISSP), pop those on the front page to grab attention!

Tailor your portfolio for the role:Even for a full-time role, a portfolio can set you apart. If you've worked on any cybersecurity projects—be it CTF challenges, security assessments, or research papers—include these in your application. This demonstrates not just your skills, but also your hands-on experience!

Use real-world examples:When writing your cover letter, don’t just stick to your qualifications. Share real-world examples of how you’ve tackled security issues or vulnerabilities. This gives the hiring team at Made Tech Limited insight into your practical problem-solving abilities and makes your application memorable.

Demonstrate your passion for cybersecurity:Cybersecurity is an ever-evolving field, so show us that you’re always learning! Mention any recent courses, webinars, or industry events you’ve attended. This not only exhibits your enthusiasm but also signals to Made Tech Limited that you’re committed to staying ahead in the game.

How to prepare for a job interview at Made Tech Limited

Sharpen Your Technical Skills

For a role in cybersecurity, it’s essential to be up-to-date with the latest tools and techniques. Brush up on your knowledge of firewalls, intrusion detection systems, and vulnerability assessment tools. Be ready to discuss specific scenarios where you’ve applied these skills, as hands-on experience can really set us apart in interviews.

Prepare for Scenario-Based Questions

Expect the interviewers at Made Tech Limited to throw in some hypothetical situations to see how you’d handle them. Think about common security breaches or incidents and be prepared to explain how you would respond. This not only shows your problem-solving skills but also your understanding of real-world cybersecurity challenges.

Highlight Your Certifications

Certifications like CompTIA Security+, CISSP, or CEH can give you a significant edge in a full-time role in cybersecurity. Make sure to mention these during your interview and be prepared to discuss what you learned through those certifications and how they relate to the position at Made Tech Limited.

Show Your Passion for Cybersecurity

Since you’re going for a full-time gig, showing genuine enthusiasm for the field can make all the difference. Share any personal projects, blogs, or communities you’re part of that relate to cybersecurity. This not only showcases your passion but also your commitment to staying engaged in this ever-evolving field.