Cyber Security Ops Analyst in Birmingham

We are seeking a Security Operations Analyst to join our Cyber Security team and play a key role in protecting our organisation from evolving cyber threats. Working as part of a Security Operations Centre (SOC), you will monitor, detect, investigate, and respond to security incidents across our technology estate. This role offers a strong opportunity for a technically curious professional with experience in cyber security monitoring, data loss prevention (DLP), automation, and an interest in applying Large Language Models (LLMs) within a cyber security context. This is a hybrid role requiring just 2 days per month onsite in Birmingham, with participation in a 1-in-6 on-call rota working either 7:00am–3:30pm or 9:00am–5:30pm shifts.

What You Will Do

• You will play a key role in monitoring, investigating, and responding to cyber security threats, while helping to enhance our detection, automation, and data protection capabilities across the organisation.
• Monitor and analyse security alerts from multiple tools, including Google SecOps, Microsoft Defender, and Forcepoint, escalating incidents where required.
• Carry out initial and intermediate investigations to assess the severity, scope, and impact of security incidents.
• Perform proactive threat hunting using telemetry and intelligence from SIEM, EDR, and threat intelligence feeds.
• Use automation platforms such as Microsoft Power Automate, Python, or scripting tools to improve investigation and response workflows.
• Assist in developing LLM-based workflows to support security automation use cases including alert enrichment, triage, and documentation.
• Support the configuration, monitoring, and continuous improvement of DLP policies across Microsoft Purview, email, and endpoint channels.
• Contribute to the creation and maintenance of incident response playbooks, procedures, and documentation in line with best practice.
• Work with asset owners to ensure the security tooling inventory remains accurate and effective.
• Maintain high-quality incident records and contribute to post-incident reviews to drive continuous improvement.
• Support wider cyber security initiatives to improve detection, visibility, and response across the organisation.

What You Will Have

• You will bring hands-on experience in security operations and incident response, alongside strong technical, analytical, and communication skills, with a keen interest in automation and emerging technologies within cyber security.
• Strong foundational experience in security monitoring, incident response, or threat analysis within a SOC or similar environment.
• Hands-on experience with SIEM platforms, ideally Google SecOps (Chronicle) or equivalent.
• Practical experience using automation tools such as Microsoft Power Automate, Python, or PowerShell.
• Awareness of how Large Language Models can be applied in cyber security, including prompt design, data sanitisation, and responsible AI use.
• Understanding of Data Loss Prevention principles, including policy creation, triage, and escalation.
• Familiarity with the Microsoft Defender security ecosystem is highly desirable.
• Strong analytical and problem-solving skills, with attention to detail and a continuous improvement mindset.
• Clear written and verbal communication skills, with the ability to document incidents and collaborate with technical and non-technical teams.
• Relevant certifications such as CompTIA Security+, Microsoft SC-200, or similar are beneficial but not essential.

What We Do For You

• 26 days’ holiday + bank holidays (and the option to buy more) plus 1 paid volunteering day every year.
• Exceptional family leave, 26 weeks fully paid maternity/adoption, 4 weeks fully paid paternity, 22 weeks fully paid shared parental leave, plus 5 days paid bereavement leave.
• Robust sick pay of up to 13 weeks full pay + 13 weeks half pay.
• 24/7 Employee Assistance Programme for confidential support.
• Private medical insurance for everyone, no medical-history exclusions.
• Performance-based rewards tailored to your role, from company-wide bonuses to OTE and commission structures.
• Income protection: up to 75% salary for 5 years if you ever need it.
• Grow your career with us through SkillsHub learning platform with leadership pathways, future-manager training, and a huge online library.
• Access to external training and apprenticeships.
• Fundraise for a cause close to your heart and OneAdvanced will match part of the funding.
• Plus plenty other flexible benefits to suit your lifestyle on our RewardHub.

Who We Are

At OneAdvanced, we are at the forefront of delivering sector-focused technology solutions that simplify complexity, drive meaningful progress, and help build a fairer, more inclusive society. We’re much more than a software company. We deliver SaaS workflow applications and IT services that power organisations across Education, Government, Healthcare, Legal, Manufacturing, Housing, Retail, and more. OneAdvanced is one of the UK’s largest business software and services companies. Based in Birmingham (The Mailbox), operating across the UK, Ireland, India, and Australia. Our secure, scalable platform, including OneAdvanced AI, our private AI service for UK organisations, powers connectivity and innovation across critical sectors. Alongside our software are our IT services, including hosting, managed services, and application modernisation. We strive to create an inclusive workplace that drives innovation and collaboration, championing diverse perspectives and ideas. Our Environmental, Social and Governance (ESG) strategy is embedded in everything we do, guiding us to create meaningful impact for our people, our customers and the planet. Proud to be recognised in the Financial Times’ Best Employers 2026 list for the second-year running, an independent and data led ranking based on employee feedback.