Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead investigations into security incidents and manage vulnerabilities across complex systems.
- Company: Join a dynamic security team in a hybrid work environment based in Cardiff.
- Benefits: Enjoy competitive pay, health benefits, and opportunities for professional growth.
- Other info: Collaborative culture with excellent career advancement opportunities.
- Why this job: Make a real difference in cybersecurity while working with cutting-edge technologies.
- Qualifications: Experience in security analysis and incident response is essential.
The predicted salary is between 45000 - 55000 £ per year.
Operates under the direction of the Incident Manager during security incidents.
Location: UK (Hybrid) - Office in Cardiff 1-2 days per week, regular client site travel.
Working Pattern: Monday to Friday with participation in the on-call Security and Major Incident rota as required.
Role Purpose: The Level 3 Security Analyst is responsible for the technical investigation, containment, remediation, and resolution of IT security incidents and vulnerabilities across a complex, multi-site customer estate supported by the MSP. The role acts as a senior technical authority for security incidents, working alongside Incident Management, Infrastructure, Network, and Application teams to ensure security issues are resolved end-to-end, correctly documented, and do not reoccur.
Key Accountabilities:
- Security Incident Investigation & Response: Act as the technical lead for the investigation of security incidents across supported platforms. Investigate malware, ransomware, account compromise, unauthorised access, suspicious activity, and security misconfiguration. Perform detailed root cause analysis across endpoint, identity, network, and application layers. Advise the Incident Manager on incident scope, impact, containment, eradication strategy, and recovery validation. Drive incidents through to full technical resolution, not temporary mitigation.
- Vulnerability Management: Investigate vulnerabilities identified via scanning platforms, endpoint and cloud tooling, supplier disclosures, and audit activity. Assess risk based on exploitability, exposure, and operational impact. Own remediation actions end-to-end, coordinating with Infrastructure, Network, and third-party suppliers. Validate remediation and ensure appropriate evidence is captured for assurance and audit.
- Platforms & Technology Scope: End-user devices including Windows, macOS, tablets, and peripherals. Microsoft 365 including Entra ID, Exchange, SharePoint, Defender, and endpoint protection. Identity and Access Management including privileged and service accounts. On-premises and cloud-hosted servers. Network infrastructure including firewalls, switches, wireless, and WAN connectivity. Cloud-hosted and supplier-managed applications.
- Documentation, Audit & Continuous Improvement: Produce clear, technically accurate documentation covering incidents, root cause analysis, and corrective actions. Support governance, customer assurance, and audit requirements. Contribute to post-incident reviews and lessons learned. Identify recurring issues and recommend long-term improvements. Ensure incidents and vulnerabilities are correctly logged and tracked within ITSM systems.
- Collaboration & Escalation: Work closely with Incident Managers, Security specialists, and Level 3 Infrastructure and Network teams. Act as a senior escalation point for Level 1 and Level 2 teams. Engage third-party suppliers to progress investigation and remediation. Participate in out-of-hours response as required.
Knowledge, Skills & Experience:
- Essential: Proven experience in a Level 3 or Senior Security Analyst or Incident Response role. Hands-on experience investigating and resolving incidents across endpoints, identity platforms, networks, and cloud services. Strong understanding of malware and ransomware response, identity compromise, and vulnerability remediation. Experience working with informal Security Incident and Major Incident processes. Strong written documentation and stakeholder communication skills.
- Desirable: Experience supporting multi-site or operationally sensitive environments. Familiarity with Defender, SIEM, EDR, and vulnerability management tools. Understanding of regulated or PCI-adjacent environments. Relevant security certifications or equivalent experience.
Behavioural Competencies: Takes ownership from detection through to resolution. Investigates thoroughly and challenges incomplete fixes. Calm, methodical, and decisive during live incidents. Understands operational and business impact. Professional and confident when engaging customers and suppliers.
Decision Making & Authority: Makes technical decisions relating to investigation, containment, and remediation of security incidents. Escalates risk and decision points appropriately to Incident Management and Service Delivery leadership.
Key Interfaces: Incident Management, Security Operations, Infrastructure and Network Services, Third-party suppliers, Customer stakeholders via structured incident communications.
3rd Line Security Analyst in Cardiff employer: Operations Resources Limited
Contact Detail:
Operations Resources Limited Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land 3rd Line Security Analyst in Cardiff
✨Tip Number 1
Network, network, network! Get out there and connect with people in the industry. Attend meetups, webinars, or even just grab a coffee with someone who works in security. You never know who might have a lead on your next opportunity!
✨Tip Number 2
When you land that interview, be ready to showcase your skills. Prepare for technical questions by brushing up on incident response scenarios and vulnerability management. We want to see how you think on your feet, so practice articulating your thought process.
✨Tip Number 3
Don’t forget to follow up after your interviews! A quick thank-you email can go a long way in keeping you top of mind. Plus, it shows you’re genuinely interested in the role and appreciate the time they took to meet with you.
✨Tip Number 4
Finally, apply through our website! We’ve got loads of opportunities waiting for talented individuals like you. It’s a great way to ensure your application gets the attention it deserves, and who knows, you might just find your dream job with us!
We think you need these skills to ace 3rd Line Security Analyst in Cardiff
Some tips for your application 🫡
Tailor Your CV: Make sure your CV is tailored to the 3rd Line Security Analyst role. Highlight your experience with incident response and vulnerability management, and don’t forget to mention any relevant tools you’ve used. We want to see how your skills match what we’re looking for!
Craft a Compelling Cover Letter: Your cover letter is your chance to shine! Use it to explain why you’re passionate about security and how your background makes you a great fit for our team. Keep it concise but impactful – we love a good story!
Show Off Your Documentation Skills: Since strong written documentation is key for this role, make sure to showcase your ability to produce clear and accurate reports. Include examples of past incidents you've documented or processes you've improved. We appreciate attention to detail!
Apply Through Our Website: We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you’re considered for the role. Plus, it’s super easy – just follow the prompts and you’ll be all set!
How to prepare for a job interview at Operations Resources Limited
✨Know Your Stuff
Make sure you brush up on your technical knowledge related to security incidents and vulnerabilities. Be ready to discuss your hands-on experience with malware, ransomware, and incident response. The more specific examples you can provide, the better!
✨Show Your Problem-Solving Skills
During the interview, be prepared to walk through how you would handle a security incident from start to finish. Think about how you would investigate, contain, and remediate an issue. This will demonstrate your ability to take ownership and think critically under pressure.
✨Communicate Clearly
Strong written and verbal communication skills are essential for this role. Practice explaining complex technical concepts in simple terms. You might even want to prepare a few scenarios where you had to communicate with stakeholders or document incidents clearly.
✨Be Ready for Scenario Questions
Expect to face scenario-based questions that test your decision-making and technical skills. Prepare by thinking of past incidents you've managed and how you approached them. This will help you articulate your thought process and show your experience in action.