About Cognita
Founded in 2004, Cognita is a leading global schools group with 90 schools across 21 countries, united by a single purpose: empowering students to thrive in a rapidly evolving world. With 100,000 students and more than 22,000 dedicated colleagues across Asia, Europe, Latin America, the Middle East, and the United States, Cognita offers a truly global education experience. Our schools prioritise academic excellence and go beyond it — fostering resilience, adaptability, and a growth mindset to equip young people with the skills they need to succeed.
About the Role
This role is part of Cognita’s Cyber Defence function and reports to the Group Senior Manager, Cyber Security Operations. The Senior Cyber Security Analyst will strengthen the organisation’s operational security capabilities across key areas such as detection engineering, incident response, vulnerability management, and secure configuration. As a technical subject matter expert, the Senior Cyber Security Analyst will drive the optimisation and integration of Microsoft Sentinel, Microsoft Defender, and associated security technologies across the global estate. The role will also support the coordination and operational integration of vulnerability and threat management activities, including Microsoft Defender Vulnerability Management and external vulnerability scanning platforms. The Senior Cyber Security Analyst will lead continuous enhancement of monitoring, detection, response and remediation processes, ensuring that security telemetry, vulnerability intelligence and threat insights are effectively integrated into operational security workflows. Working closely with Group, Regional and school-based IT teams, the role will help ensure security tooling, controls and processes operate consistently across diverse and geographically dispersed environments. The position is also responsible for producing clear, actionable reporting that supports informed operational decision‑making and strategic risk reduction across the organisation.
Key Responsibilities
1. Detection Engineering & Automation
* Configure and optimise Microsoft Sentinel; integrate Microsoft and Google security tools.
* Develop and tune detection logic across Microsoft Defender and Google technologies.
* Build and maintain SOAR workflows (Logic Apps) for triage and response.
* Integrate security tools and improve monitoring coverage across environments.
* Maintain clear documentation for detections and workflows.
2. Incident Response & Management
* Lead end-to-end incident response (detection to recovery).
* Coordinate with cross-functional teams and provide stakeholder updates.
* Maintain and improve IR policies, procedures, and playbooks.
* Conduct post‑incident reviews and drive continuous improvement.
3. Secure Configuration & Cloud Security
* Support secure configuration of Azure and cloud services.
* Maintain secure baselines across endpoints, servers, and Google Workspace.
* Configure Microsoft Defender policies and ensure alignment with standards.
* Promote secure‑by‑design practices with IT teams.
4. Threat & Vulnerability Management
* Support and improve vulnerability management processes.
* Assess vulnerabilities and drive remediation with stakeholders.
* Use threat intelligence to prioritise risks and improve defences.
* Track, report, and enhance cyber threat intelligence capabilities.
5. Collaboration & Security Culture
* Partner with global IT teams to support security operations.
* Act as a subject matter expert across key security domains.
* Ensure consistent control implementation and strong stakeholder engagement.
* Promote security awareness and shared responsibility.
6. Reporting, Governance & Improvement
* Produce reports on incidents, threats, and remediation.
* Maintain KPIs/KRIs aligned with governance frameworks.
* Provide updates to leadership on security posture and risks.
* Drive improvements in tools, processes, and documentation.
Who We Are Looking For
* Experience in a senior IT security role, overseeing & supporting security operations across infrastructure, cloud (including Microsoft, AWS or Google Cloud), and on‑prem environments, managing complex security solutions in a multi‑region setting.
* Proven experience in configuring and optimising Microsoft Sentinel and the Defender suite, as well as integrating with third‑party tools to enhance detection and response capabilities across both cloud and on‑premises environments.
* Extensive experience in leading incident response efforts, coordinating across global teams and multiple regions, ensuring effective remediation and resolution of security incidents in both cloud and on‑prem settings.
* Experience managing vulnerability management programmes, overseeing the identification, assessment, and remediation of vulnerabilities across hybrid infrastructures, and translating findings into actionable security improvements.
* Experience working with threat intelligence sources, integrating insights into detection frameworks and security operations for both cloud environments and on‑prem infrastructures.
Benefits at Cognita
* Competitive salary based on experience
* Private Medical Insurance & Healthcare Cash Plan
* GPP Pension
* Life Assurance
* 25 days annual leave allowance (plus Bank Holidays)
* Employee Assistance Programme
* Employee Discounts Site
* Professional Subscriptions
Equal Opportunity and Safeguarding
Cognita Schools is committed to safeguarding and promoting the welfare of children and young people. We expect all staff and volunteers to share this commitment. All appointments are subject to safer recruitment checks, including an enhanced DBS check. Our Safeguarding and Child Protection Policy is available on the school website. Details on Recruitment of Ex‑Offenders is included within the Application Guidance. We are an equal opportunities employer committed to diversity and treating all employees with dignity and respect regardless of background. Early applications are encouraged, we reserve the right to interview and appoint prior to closing date for the right applicant.
J-18808-Ljbffr