At a Glance
- Tasks: Lead threat hunts, investigate intrusions, and enhance security operations for public sector clients.
- Company: Join Made Tech, a forward-thinking company dedicated to secure digital services in the UK public sector.
- Benefits: Enjoy 30 days holiday, flexible hours, remote work options, and wellbeing support.
- Other info: Mentor junior analysts and contribute to a culture of continuous improvement and collaboration.
- Why this job: Make a real impact on national security while developing your skills in a supportive environment.
- Qualifications: Must hold a foundational security credential; experience with cloud security is a plus.
The predicted salary is between 55000 - 65000 £ per year.
Made Tech helps UK public sector organisations build and run secure, user‑centred digital services.
Our Cyber practice works directly with government departments, agencies and other public bodies, embedding alongside client teams to raise their security capability and deliver lasting solutions on secure digital services.
As a Senior Security Analyst you will be a core member of the practice operating in a security operations context.
You will lead threat hunts, investigate intrusions, author and tune detection content, and guide incident response to leave the SOC in a stronger state every day.
Responsibilities
- Lead threat hunts and intrusion investigations – form and test hypotheses, map adversary activity to MITRE ATT&CK, analyse forensic artefacts, and establish scope and root cause so the team and client can act on your findings.
- Author, tune and peer‑review detection content – treat detections as code (version‑controlled, reviewed).
Translate threat intelligence into new rules and improve the SIEM ruleset; onboard new log sources, including cloud and application feeds, to close coverage gaps.
- Own sub‑cycles of the intelligence lifecycle – run structured collection against defined requirements, track actor TTPs, manage indicator lifecycles, and produce situational‑awareness products that inform detection priorities and client risk decisions.
- Lead incident response and drive improvement – coordinate containment across engineering and analyst teams, communicate incident details clearly to client stakeholders, and turn every incident into improved detection content, hardening or runbook coverage.
Design for resilience by anticipating failure modes and ensuring systems degrade gracefully.
- Build SOAR playbooks and automate triage – identify toil and repetition in analyst workflows and build automation that saves time and improves consistency while retaining human judgement where it matters.
- Align security operations to UK public sector standards – ensure investigations, evidence handling and detection coverage reflect NCSC CAF Objective C, Gov Assure requirements and lawful‑monitoring obligations; feed gaps back into risk governance.
- Mentor junior analysts and raise team standards – pair deliberately on complex investigations, review triage work, share adversary tradecraft and help create a safe environment for raising concerns and learning from mistakes.
- Contribute to the practice beyond your immediate engagement – improve shared SOC standards and onboarding documentation, turn good solutions into reusable playbooks and accelerators, contribute detection content to practice‑level repositories, and engage with cross‑government security communities such as NCSC CISP and relevant ISA.
Qualifications
- Hold one of the following credentials: Systems Security Certified Practitioner (SSCP), Comp TIA Security+, or an equivalent foundational operational security credential expected of Senior SOC analysts.
- Certifications that would strengthen your application: Certified Cloud Security Professional (CCSP), Comp TIA Advanced Security Practitioner (CASP+), HTB Certified Defensive Security Analyst (HTB‑CSC).
- Experience applying structured analytic techniques (e. g., ACH, key‑assumption checks) to produce bias‑resistant intelligence assessments and a comfort with peer‑reviewing others’ analytic tradecraft.
- Working knowledge of cloud security event investigation and cloud detection tuning, particularly across AWS, Azure or GCP, with an understanding of infrastructure‑level telemetry.
- Experience framing security findings in risk terms for non‑technical stakeholders – communicating likelihood, impact and recommended treatment, reflecting asset criticality and threat context in prioritisation decisions.
- Evidence of building or improving SOAR playbooks, automated triage workflows or equivalent automation that reduced analyst toil in an SOC or detection‑engineering context.
- Familiarity with UK government security frameworks – NCSC CAF, Gov Assure, HMG Security Policy Framework – and aligning detection or response work to those standards in a government or regulated environment.
- Experience working within an agile or Kanban‑based team model, contributing to workflow improvement, running or participating in retrospectives, and helping the team improve its own practices.
- Experience acting as a trusted working‑level contact for client security stakeholders, anchoring on outcomes, raising concerns or opportunities proactively, and contributing subject‑matter expertise to proposals or contracts.
- Tools & Practice
- Hands‑on experience with at least one major SIEM platform (Splunk, Microsoft Sentinel or Elastic Security) – writing and tuning detection rules.
- Familiarity with threat‑intelligence platforms, OSINT tooling or indicator lifecycle management in an operational context.
Benefits
- 30 days holiday.
- Flexible working hours.
- Flexible parental leave.
- Part‑time remote working.
- Paid counselling and financial wellbeing support.
EEO Statement
We’re committed to building a happy, inclusive and diverse workforce.
#J-18808-Ljbffr