Cyber Security Operations Specialist in Bath

As our new Cyber Security Operations Specialist, you will perform essential cyber security operational activities to defend the organisation, its systems and assets. You will be responding to internal and external reports and alerts, exercising skill, training, and judgment to investigate alerts and incidents and to provide immediate response and defensive measures, employing a range of resources, tools and services.

What you'll do

• Monitor IT, OT and cloud environments using enterprise security tooling to detect, validate and assess potential security events and intrusion attempts.
• Conduct a structured triage of alerts, determining scope, impact and threat actor behaviour through disciplined investigative methodology.
• Execute timely containment, eradication and recovery actions to minimise operational disruption and preserve system integrity.
• Escalate incidents in accordance with severity thresholds, ensuring appropriate engagement of senior stakeholders and specialist resources.
• When acting as an Incident specialist, coordinate cross-functional response activity across Security, IT, OT and business stakeholders.
• Ensure accurate classification, documentation and reporting of incidents.
• Contribute to post-incident analysis by identifying root causes, control gaps and detection improvements.
• Support threat hunting initiatives led by the Purple Team by validating detection logic and operationalising hunt-derived insights.
• Translate intelligence insights into practical defensive measures, including detection rule updates, IOC ingestion and configuration changes.
• Optimise operational security tooling, including SIEM, EDR, SEG, SWG and related monitoring platforms.
• Develop and refine detection rules, correlation logic, alert thresholds and response workflows.
• Act as a point of contact for Cyber Security, ensuring accurate and timely operational communication during live incidents and security events.
• Coordinate day-to-day operational engagement between the MSSP (CSOC), IT Service Desk, OT field teams and business stakeholders.
• Produce clear, structured incident and investigation reports for management.
• Identify recurring trends, control weaknesses and process inefficiencies arising from operational activity.
• Develop, maintain and continuously improve Security Operations Standard Operating Procedures (SOPs), playbooks and detection use cases.
• Translate incident findings, threat intelligence, and vulnerability disclosures into measurable improvements in security configuration and detection logic.
• Maintain technical expertise in Windows environments, with working knowledge of Linux systems.
• Provide technical guidance and mentorship to analysts, junior colleagues and apprentices.
• Set clear performance expectations and hold team members accountable for operational standards.
• Share operational insight to strengthen collective team capability.
• Engage in a collaborative and professional culture across the team.
• Engage confidently with technical and non-technical stakeholders.

What you'll need

• Demonstrable experience contributing to the operational delivery of security capability enhancements.
• Strong hands-on experience administering and optimising security tooling, including Microsoft security platforms and SIEM technologies.
• Deep understanding of core security principles and structured incident response methodologies.
• Proven experience investigating and responding to security events within cloud and on-premise environments.
• Demonstrated commitment to continuous improvement of detection quality and operational effectiveness.
• Strong written communication skills, with the ability to produce structured investigation reports and clear risk-based reporting.
• Confident verbal communicator, capable of engaging stakeholders at varying technical levels.
• Ability to collaborate across multidisciplinary teams, including IT, OT, engineering, and external service providers.
• Familiarity with adversary tactics, techniques and procedures (TTPs), including MITRE ATT&CK.
• Practical experience analysing and investigating security alerts across Microsoft Windows environments, with working knowledge of Linux systems.

You must have at least one of the following or equivalent industry qualifications:

• EC-Council Incident Handler
• EC-Council Network Defender
• Microsoft MS-500
• Microsoft SC-200
• Microsoft SC-300
• Microsoft SC-400
• Microsoft SC-900

Ideally, you will also have:

• Certified Ethical Hacker (CEH)
• CompTIA Security +

What you'll receive

• A combined pension contribution of up to 20%.
• Career progression and professional development opportunities.
• 25 days' holiday rising to 28 with length of service.
• The opportunity to sell up to five days of holiday every year.
• The opportunity to buy up to ten days of holiday each year (subject to conditions).
• A healthcare package that allows you to claim back healthcare costs.
• Life assurance of up to eight times your salary.
• The opportunity to lease a new electric car through salary sacrifice (subject to conditions).
• Cashback and discounts from more than 3,000 retailers.
• One paid volunteering day each year.
• Enhanced family leave and pay arrangements.
• Access to an interactive health and wellbeing platform.
• Support from trained mental health first aiders.
• A £1,000 referral fee if you recommend someone who is successfully recruited by us.

We are passionate about diversity and inclusion – with that in mind, all applicants are welcome. We are delighted to have signed the Armed Forces Covenant and are a Disability Confident Employer. If you require reasonable adjustments to be made during the recruitment process, please inform a member of our Recruitment team.