Security Operations Center Analyst

CyPro is an innovative cyber security start-up focused on redefining cyber security for small and medium-sized businesses. The Security Operations Center Analyst will play a key role in monitoring, incident response, and threat intelligence, contributing to the development of capabilities and processes within the Security Operations Centre.

Responsibilities

• Monitor security alerts generated by Microsoft Sentinel, Microsoft Defender, Datadog and Elastic
• Assess severity and impact of alerts, triage and investigate incidents independently
• Execute containment and remediation actions using defined runbooks and playbooks
• Correlate data across platforms to identify anomalies, malicious patterns and attacker behaviour
• Produce detailed incident reports, RCA and after-action reviews for internal and client use
• Maintain accurate incident records in JIRA Service Management
• Develop and implement new detection rules in Microsoft Sentinel aligned to the MITRE ATT&CK framework
• Draft and optimise KQL queries for detection and threat hunting
• Refine existing detection logic based on false positive analysis and threat evolution
• Analyse threat intelligence feeds to identify relevant threats and vulnerabilities
• Review and tag IOCs and TTPs observed in client environments
• Participate in proactive threat hunting sprints to identify risks before they escalate
• Prepare weekly and monthly SOC reports highlighting activity, incidents and trends
• Join governance calls with senior analysts or managers to present SOC insights
• Respond to client queries regarding investigations, coverage and data flows
• Support the management of CyPro’s internal security environment
• Administer and monitor identity management solutions
• Manage and maintain our MDM platform to ensure secure and compliant device management
• Help ensure our internal security posture reflects the same standards we deliver to clients
• Design and develop Logic Apps to automate incident response workflows
• Contribute to evolving internal runbooks and knowledge base articles
• Identify gaps in visibility, tooling or processes and propose solutions
• Work toward and maintain relevant certifications (e.g. SC-200, AZ-500)
• Stay up to date with current threat trends, attacker TTPs and defensive strategies
• Actively participate in ongoing training and capability development

Skills

• University educated with a degree in computer science, information security or equivalent
• At least one year of experience in a SOC environment monitoring and responding to incidents
• Microsoft Sentinel and Defender hands-on expertise
• SC-200 certification or willingness to achieve it
• Within commuting distance (~1 hour) of Canary Wharf, London
• Strong KQL skills for threat hunting and incident forensics
• Experience with SIEM, IDS/IPS and threat intelligence platforms
• Familiarity with incident response frameworks and security best practice
• Experience with scripting and automation (e.g. Azure Logic Apps)
• Problem-Solving: Identify, troubleshoot and resolve complex security issues
• Attention to Detail: Ensure accurate detection, analysis and documentation
• Analytical Thinking: Comfortable interpreting complex security data
• Communication: Clear and confident communicator, able to translate technical issues for non-technical audiences
• Calm Under Pressure: Maintain composure during incidents and escalate appropriately
• Accountable & Humble: Take ownership and learn from experience
• Curious: Dive into data sets and problems to uncover patterns and root causes

Benefits

• 25 days paid holiday plus bank holidays (increases by 1 day per year worked up to 30 days)
• Flexible Working: We love getting the team together in the office, so we typically spend three days per week together in our lovely London office (39 floors up in Canary Wharf 👀). The rest of the time, you can work wherever you’re most productive.
• Working Hours: Unique and well-balanced rolling 5-week shift pattern that largely revolves around Monday - Friday. Includes working 1 weekend in 5; and 7 on-call nights every 5 weeks.
• Training: Budget for one certification/course per year
• Socials: We meet regularly to have a drink, throw some axes

Company Overview