Security Operations Analyst in Edinburgh

We are looking for a high‑calibre Security Operations Analyst to help lead and mature Security Operations at Nucleus. This is a key role in our first line of defence and is suited to someone who can combine excellent investigation skills with strong operational judgement, stakeholder management, and a passion for improving detection and response capability.

This role is responsible for helping ensure Nucleus identifies, analyzes, and responds to security threats across our technology estates. As a Security Operations Analyst, you will support the monitoring of the security resilience of our technology estate by operating the processes that enable us to detect and respond to potentially disruptive events. You will help manage our queues and dashboards; work with teams across Nucleus to collaborate on response actions; and identify opportunities for continuous improvement.

The Information Security team aims to make sure that Nucleus is a trusted partner to the firms and people we work with. Being able to demonstrate that our systems are secure, by effectively managing our security controls, is a core component of building that trust. This role is critical to delivering that outcome as part of our first line of defence. You will work with SMEs across Nucleus, and within the team you will help ensure that the Information Security Analysis team has appropriate evidence to demonstrate that our risks are effectively managed and provide input to the Application Security team that facilitates an effective change programme.

• Subject Matter Expert for security monitoring, ensuring we have capabilities that enable appropriate detective controls and response processes to mitigate Nucleus’ security risks.
• Threat hunting to ensure emerging or unforeseen threats are identified and managed.
• Ensuring data and audit trails are maintained to support effective reporting.
• Able to effectively engage with stakeholders across the business.
• Ensure appropriate management of security incidents by creating clarity in complex and developing circumstances and making rapid decisions, and providing input to the company‑wide Incident, Crisis, and Operational Resilience plans.
• Support Audit and Due Diligence activities to help evidence Nucleus’s capabilities.
• Manage security queues and dashboards, setting high standards for triage quality, documentation, and follow‑through.
• Maintain high‑quality investigation records, evidence, and audit trails suitable for regulated environments and audit scrutiny.
• Drive post‑incident reviews / lessons learned, ensuring improvement actions are owned, tracked, and completed.
• Own investigations and incident actions through to closure, including follow‑ups and verification that outcomes are complete and effective.
• Provide regular incident updates using agreed cadence and formats, including concise written updates, timelines, and stakeholder‑ready summaries.
• Create clear written updates and presentations for the wider security team and stakeholders (e.g., incident summaries, monthly reporting, trends, improvement proposals).
• Deliver continuous improvement by identifying, prioritising, delivering, and tracking improvements to detection, response, and operational processes.
• Build, maintain, and regularly review security playbooks/runbooks, ensuring they remain current, technically accurate, and aligned with how teams across Nucleus operate.
• Mentor and support less experienced analysts, sharing knowledge, coaching investigation quality, and helping raise operational consistency across the team.
• Take responsibility in everything you do to deliver good outcomes for our customers.
• Be able to take part in an on‑call rota / Out‑Of‑Hours if this was to be implemented.

Your friends might describe you as “the safe pair of hands.” You pay attention to the details, identifying where things can go wrong, before they go wrong. Being hands on and collaborating to put solutions in place to catch them before it can happen.

You are naturally inquisitive — you ask “why?” or “what does good look like?” and you do not stop at the first obvious answer. You enjoy being a problem solver, building a clear picture from incomplete information, and working methodically through an investigation.

You will enjoy working within a fast‑paced, sometimes high‑pressure environment, where priorities can change quickly and you may need to make progress with incomplete information. You stay calm, communicate clearly, and can balance urgency with accuracy during live investigations and incidents.

You will be dependable in your abilities to investigate a wide range of incidents, but still confident enough to ask for help or a second opinion when needed. You will also enjoy working as part of a diverse and supportive team, collaborating with your colleagues to share ideas and knowledge, and suggest improvements. You take strong ownership of your work, are accountable for tasks from start to finish, and you follow through to clear outcomes.

• Experience working in financial services / a regulated financial institution (audit‑heavy, high integrity operational requirements).
• Strong experience in Security Operations, including monitoring, investigation, and incident response in complex environments.
• Proven capability to manage and lead security incidents (decision‑making, coordination across teams, and clear stakeholder communications).
• Strong knowledge of common attack techniques and defensive concepts across identity, email threats, endpoint, networking, and cloud fundamentals.
• Ability to produce high‑quality investigation notes, evidence packs, and audit trails suitable for regulated environments.
• Excellent written and verbal communication skills, including creating clear summaries, executive‑ready updates, and presentations.
• Ability to prioritise, stay agile under pressure, and drive work to completion.
• Building dashboards and meaningful reporting.
• Strong experience building and maintaining security playbooks/runbooks and partnering with development/engineering teams to review and improve them.
• Experience raising the bar through coaching/mentoring and improving operational processes/runbooks.
• Managing detection lifecycle (use cases, change control, continuous tuning).

• Security engineering / detection engineering / SIEM engineering experience, specifically: creating, tuning, and managing detections/correlation rules to improve coverage and reduce noise.
• Automation experience, such as creating workflows/flows to enrich alerts, reduce manual effort, improve triage consistency, and speed response.

Our key Security Operations tools currently include: Rapid7 Insight IDR, Microsoft 365 suite with Security and Compliance features.

We’re the Nucleus Financial Platforms group and we help make retirement more rewarding. People come first – whether it’s our colleagues, or the advisers and customers we support, we know that working in partnership and collaboration leads to the best outcomes. Together, we’ve shaped the platform to how it is today. We work hard, and we celebrate hard too.

Our ambition is to create a platform with a difference, putting the customer centre stage meant tearing up the rule book and starting from scratch. We’ve come a long way since then, but our mission remains just as focused. That’s why our culture, values, and social responsibility are things we keep at the top of our agenda – because we know they matter and have a big impact.

Our culture is one of the many things that sets us apart from the pack. We want to have an environment where our people feel that they can make a real difference, know they’ll be rewarded for their efforts and more importantly, enjoy themselves at work.

As with most things in life, who cares, wins. We really care about inclusion. For us it’s not a tick box exercise; inclusion and diversity are embedded in our culture and everything we do. It’s a commercial imperative. It isn’t about being PC. It’s about being future‑relevant and durable. We owe it to ourselves and the industry to ensure we are playing our part in creating a fair, balanced and transparent financial services sector.

More diversity means broader experience, a wider set of perspectives and a better collective ability to problem‑solve. And it means being more representative of customer groups, which supports areas such as product development.

At Nucleus, we offer a generous blend of benefits for the things that really matter to our people, including a non‑contributory pension, bonus, enhanced parental leave, paid time off for emergencies, health and wellbeing initiatives and flexible working options.