Security Operations Analyst

We are looking to expand our security operations capabilities within a rapidly expanding team that provides security services to protect our business and clients. This role will report into our Security Operations Manager and will work closely across all IT Teams and business units.

In this role, you will be responsible for monitoring, detecting, and responding to security incidents, as well as managing the overall security posture of the organisation's Microsoft ecosystem. The ideal candidate will have a deep understanding of Microsoft security tools, systems, and best practices. Your success will contribute to helping improve security across the business, making recommendations and assisting with the delivery of a continuous improvement security strategy. Training time and support will be provided for you to achieve accreditations from Microsoft Security Operations Analyst through to Microsoft Certified Security Administrator Associate.

Requirements

General Duties and Responsibilities

• Actively monitor security logs, alerts, and events from Microsoft security solutions (e.g., Microsoft Sentinel, Microsoft Defender for Identity, Microsoft Defender for Endpoint, Azure Security Center) to detect potential security threats and vulnerabilities.
• Analyse security and risk issues, to provide risk-weighted recommendations to internal users and customers.
• Investigate, analyse, and respond to security incidents involving Microsoft environments. Provide root cause analysis and document findings for post-incident reviews.
• Monitor, react to, investigate, and respond to all real or perceived information security and cyber related events, issues, incidents, threats and attacks.
• Gather, analyse, and integrate threat intelligence related to Microsoft products and services to enhance detection and response capabilities.
• Work with existing teams (Service desk, Software Engineering, DevOps, Data) to quickly assess security issues and process the most appropriate action.
• Follow, create and improve standard security operation procedures and practices to protect the business and clients.
• Support internal and external audits related to Microsoft environments, ensuring compliance with security policies, regulatory requirements (e.g., GDPR), and best practices.
• Provide guidance and training to internal teams on best practices for securing Microsoft environments, including safe use of Microsoft 365, Azure Active Directory, and other key Microsoft services.
• Ability to install security software and applications.

Incident Management

• Track and manage security incidents, ensuring incidents are triaged, prioritized, and responded to within the organisation's SLAs. Provide clear and concise communication with stakeholders regarding incident status and resolution.
• Assist and support the manager in event/incident handling and investigations.
• Support the Critical Incident Management process for cyber related events.
• Inclusion with our 24/7 on call rota.

Collaboration and Effective Communication

• Work closely with IT, system administrators, and other security teams to coordinate incident response efforts, identify vulnerabilities, and implement mitigation strategies across the Microsoft technology stack.
• Communicate regularly with the Service Delivery managers and Service Delivery team members.
• Ensure that the IT Security documentation is maintained and updated regularly as required.

• 2+ years of experience in Security Operations, IT security, or a similar field, with a focus on Microsoft technologies.
• Experience with security incident detection, analysis, and response in a Microsoft-centric environment.
• Familiarity with Microsoft Defender for Endpoint, Microsoft Sentinel, Microsoft Defender for Identity, and Azure Security Center.
• Experience of working in a diverse Global Company.
• Excellent knowledge of Computer Networking and IT Security and strong endpoint and networks troubleshooting skills.
• Experience with Security frameworks, ISO 27001, Cyber Essentials, NIST, PCI.
• Experience of investigating security issues/incidents.
• Desirable knowledge of security solutions and technologies including Network Firewalls, proxy technologies, EDR, SIEM.
• Desirable qualifications Microsoft Certified: Azure Security Engineer Associate, Microsoft Certified: Security, Compliance, and Identity Fundamentals, CompTIA Security+, Certified Information Systems Security Professional (CISSP), or other relevant security certifications.
• Good communication (English Writing, Reading and Speaking) skills and ability to articulate subjects clearly.
• Proven analytical and problem-solving skills.
• Strong documentation skills.
• Organised, methodical and self-motivated.
• Keeping abreast of industry trends and security technologies.
• Takes the initiative to proactively resolve issues within own remit and recognises when escalation is required.
• Uses own knowledge and experience to make sounds judgements or assist others with sound judgements.
• Considers the regional and global implications of what we do in our own areas of responsibility.
• Identifies and builds relationships across team and region.
• Understands need to work within project scope, including price.
• Shows understanding of others in order to influence as appropriate.