Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead investigations into security incidents and manage vulnerabilities across diverse platforms.
- Company: Join a dynamic security team in a hybrid work environment based in Cardiff.
- Benefits: Enjoy competitive pay, flexible working, and opportunities for professional growth.
- Other info: Collaborate with experts and develop your skills in a fast-paced, supportive environment.
- Why this job: Make a real difference by protecting clients from cyber threats and enhancing security measures.
- Qualifications: Experience in security analysis and incident response is essential.
The predicted salary is between 45000 - 55000 £ per year.
Operates under the direction of the Incident Manager during security incidents.
Location: UK (Hybrid) Office in Cardiff 1-2 days per week, regular client site travel.
Working Pattern: Monday to Friday with participation in the on-call Security and Major Incident rota as required.
Role Purpose: The Level 3 Security Analyst is responsible for the technical investigation, containment, remediation, and resolution of IT security incidents and vulnerabilities across a complex, multi-site customer estate supported by the MSP. The role acts as a senior technical authority for security incidents, working alongside Incident Management, Infrastructure, Network, and Application teams to ensure security issues are resolved end-to-end, correctly documented, and do not reoccur.
Key Accountabilities:
- Security Incident Investigation & Response: Act as the technical lead for the investigation of security incidents across supported platforms. Investigate malware, ransomware, account compromise, unauthorised access, suspicious activity, and security misconfiguration. Perform detailed root cause analysis across endpoint, identity, network, and application layers. Advise the Incident Manager on incident scope, impact, containment, eradication strategy, and recovery validation. Drive incidents through to full technical resolution, not temporary mitigation.
- Vulnerability Management: Investigate vulnerabilities identified via scanning platforms, endpoint and cloud tooling, supplier disclosures, and audit activity. Assess risk based on exploitability, exposure, and operational impact. Own remediation actions end-to-end, coordinating with Infrastructure, Network, and third-party suppliers. Validate remediation and ensure appropriate evidence is captured for assurance and audit.
- Platforms & Technology Scope: End-user devices including Windows, macOS, tablets, and peripherals. Microsoft 365 including Entra ID, Exchange, SharePoint, Defender, and endpoint protection. Identity and Access Management including privileged and service accounts. On-premises and cloud-hosted servers. Network infrastructure including firewalls, switches, wireless, and WAN connectivity. Cloud-hosted and supplier-managed applications.
- Documentation, Audit & Continuous Improvement: Produce clear, technically accurate documentation covering incidents, root cause analysis, and corrective actions. Support governance, customer assurance, and audit requirements. Contribute to post-incident reviews and lessons learned. Identify recurring issues and recommend long-term improvements. Ensure incidents and vulnerabilities are correctly logged and tracked within ITSM systems.
- Collaboration & Escalation: Work closely with Incident Managers, Security specialists, and Level 3 Infrastructure and Network teams. Act as a senior escalation point for Level 1 and Level 2 teams. Engage third-party suppliers to progress investigation and remediation. Participate in out-of-hours response as required.
Knowledge, Skills & Experience:
- Essential: Proven experience in a Level 3 or Senior Security Analyst or Incident Response role. Hands-on experience investigating and resolving incidents across endpoints, identity platforms, networks, and cloud services. Strong understanding of malware and ransomware response, identity compromise, and vulnerability remediation. Experience working with informal Security Incident and Major Incident processes. Strong written documentation and stakeholder communication skills.
- Desirable: Experience supporting multi-site or operationally sensitive environments. Familiarity with Defender, SIEM, EDR, and vulnerability management tools. Understanding of regulated or PCI-adjacent environments. Relevant security certifications or equivalent experience.
Behavioural Competencies: Takes ownership from detection through to resolution. Investigates thoroughly and challenges incomplete fixes. Calm, methodical, and decisive during live incidents. Understands operational and business impact. Professional and confident when engaging customers and suppliers.
Decision Making & Authority: Makes technical decisions relating to investigation, containment, and remediation of security incidents. Escalates risk and decision points appropriately to Incident Management and Service Delivery leadership.
Key Interfaces: Incident Management, Security Operations, Infrastructure and Network Services, Third-party suppliers, Customer stakeholders via structured incident communications.
Locations
3rd Line Security Analyst in Cardiff, Wales employer: Operations Resources Limited
Contact Detail:
Operations Resources Limited Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land 3rd Line Security Analyst in Cardiff, Wales
✨Tip Number 1
Network, network, network! Get out there and connect with people in the industry. Attend security meetups, webinars, or even local tech events. You never know who might have a lead on that perfect Level 3 Security Analyst role!
✨Tip Number 2
Don’t just apply for jobs; engage with the companies you’re interested in. Follow them on social media, comment on their posts, and share relevant content. This shows your enthusiasm and can help you stand out when they see your name pop up.
✨Tip Number 3
Prepare for interviews by brushing up on your technical skills and incident response strategies. Be ready to discuss real-life scenarios where you’ve tackled security incidents. We want to hear about your hands-on experience and how you’ve made an impact!
✨Tip Number 4
Finally, don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, we love seeing candidates who are proactive about their job search!
We think you need these skills to ace 3rd Line Security Analyst in Cardiff, Wales
Some tips for your application 🫡
Tailor Your CV: Make sure your CV is tailored to the Level 3 Security Analyst role. Highlight your experience with incident response and vulnerability management, and don’t forget to mention any relevant certifications. We want to see how your skills match what we’re looking for!
Craft a Compelling Cover Letter: Your cover letter is your chance to shine! Use it to explain why you’re passionate about security and how your previous experiences have prepared you for this role. Keep it concise but impactful – we love a good story!
Show Off Your Documentation Skills: Since strong written documentation is key for this role, make sure to showcase your ability to produce clear and accurate reports. Include examples of past incidents you've documented or processes you've improved. We appreciate attention to detail!
Apply Through Our Website: Don’t forget to apply through our website! It’s the best way for us to receive your application and ensures you’re considered for the role. Plus, it gives you a chance to explore more about StudySmarter and what we stand for!
How to prepare for a job interview at Operations Resources Limited
✨Know Your Stuff
Make sure you brush up on your technical knowledge related to security incidents and vulnerabilities. Be prepared to discuss your hands-on experience with malware, ransomware, and incident response. They’ll want to know how you’ve tackled similar issues in the past.
✨Showcase Your Documentation Skills
Since clear documentation is key in this role, be ready to talk about how you’ve produced accurate reports and root cause analyses in previous positions. Bring examples if you can, as this will demonstrate your attention to detail and commitment to thoroughness.
✨Prepare for Scenario Questions
Expect to face scenario-based questions that test your problem-solving skills during live incidents. Think through how you would handle various situations, from containment strategies to recovery validation, and articulate your thought process clearly.
✨Emphasise Collaboration
This role involves working closely with various teams, so highlight your experience in collaboration. Share examples of how you’ve effectively communicated with Incident Managers, Infrastructure teams, and third-party suppliers to resolve incidents and improve processes.