Salary: £63,000 - 63,000 per year Requirements: Proven experience in a Level 3 or Senior Security Analyst or Incident Response role. Hands-on experience investigating and resolving incidents across endpoints, identity platforms, networks, and cloud services. Strong understanding of malware and ransomware response, identity compromise, and vulnerability remediation. Experience working with informal Security Incident and Major Incident processes. Strong written documentation and stakeholder communication skills. Relevant security certifications or equivalent experience are desirable. Experience supporting multi-site or operationally sensitive environments is a plus. Familiarity with Defender, SIEM, EDR, and vulnerability management tools is advantageous. Understanding of regulated or PCI-adjacent environments is beneficial. Responsibilities: Act as the technical lead for the investigation of security incidents across supported platforms. Investigate malware, ransomware, account compromise, unauthorized access, suspicious activity, and security misconfiguration. Perform detailed root cause analysis across endpoint, identity, network, and application layers. Advise the Incident Manager on incident scope, impact, containment, eradication strategy, and recovery validation. Drive incidents through to full technical resolution, avoiding temporary mitigation. Investigate vulnerabilities identified via scanning platforms, endpoint and cloud tooling, supplier disclosures, and audit activity. Assess risk based on exploitability, exposure, and operational impact. Own remediation actions end-to-end, coordinating with Infrastructure, Network, and third-party suppliers. Validate remediation and ensure appropriate evidence is captured for assurance and audit. Produce clear, technically accurate documentation covering incidents, root cause analysis, and corrective actions. Support governance, customer assurance, and audit requirements. Contribute to post-incident reviews and lessons learned. Identify recurring issues and recommend long-term improvements. Ensure incidents and vulnerabilities are correctly logged and tracked within ITSM systems. Work closely with Incident Managers, Security specialists, and Level 3 Infrastructure and Network teams. Act as a senior escalation point for Level 1 and Level 2 teams. Engage third-party suppliers to progress investigation and remediation. Participate in out-of-hours response as required. Technologies: Cloud Support ITSM Network Security macOS SharePoint More: We are a dynamic company committed to ensuring the security of our multi-site customer estate. As a Level 3 Security Analyst, you will be at the forefront of security incident response and vulnerability management within a hybrid working model, based in our Cardiff office 1-2 days per week. We offer a collaborative environment where you will work closely with incident management and infrastructure teams. You will have opportunities for professional growth and development, and we value your contributions to improving our security posture. last updated 19 week of 2026