Job overview
Band 7 Cyber Security Analyst (SOC & SIEM Lead)
Join us and help define what great looks like
We are looking for an experienced Cyber Security Analyst to take a leading role in developing and running our Security Operations (SOC) and SIEM capability.
This role is ideal for someone who brings experience of well-established cyber operations and can apply that knowledge to strengthen and evolve our detection and response capability in a complex NHS environment, where patient safety and operational continuity are critical.
You will work with tools including Sophos Intercept X and Secureworks Taegis, while helping shape our future SOC model. Beyond tooling, you will play a key role in establishing effective, sustainable ways of working aligned to recognised good practice.
Main duties of the job
What you will do
· Lead the day-to-day operation and ongoing development of our SOC and SIEM capability
· Own and continuously improve detection use cases, alerting, triage, and response processes
· Act as a technical lead for monitoring and detection, ensuring controls are effective, proportionate, and aligned to risk
· Investigate and respond to security incidents, providing clear, risk-based analysis and recommendations
· Use threat intelligence and operational insight to continually improve detection capability
· Provide meaningful reporting and assurance on SOC performance and cyber posture
· Support the evolution of our future SOC model, including partnership working where required
· Provide guidance and mentoring to colleagues, helping to build capability and embed effective SOC and incident response practices across the team.
Why this role matters
* You will play a key role in strengthening our cyber resilience
* You will have real ownership and influence over how SOC services are delivered
* Your work directly supports frontline ambulance services and patient care
* You will help build a capable, sustainable internal cyber function
Working for our organisation
Benefits we offer:
* Full training and support when you join and ongoing throughout your employment with us.
* Holiday entitlement is 27 days rising to 29 days after 5 years and 33 days after 10 years, plus 8 bank holidays (pro rata for part time).
* Enrolment into the NHS Pension Scheme.
* Access to continual professional development and opportunities within SCAS and the NHS.
* Occupational Health support along with an Employee Assistance Programme.
* NHS Discounts in over 200+ stores including Holidays, Days out, Car insurance, Restaurants and Clothing.
* Staff networking and support groups.
About Us
South Central Ambulance Service NHS Foundation Trust provides a range of emergency, urgent care and non-emergency healthcare services, along with commercial logistics services.
The Trust delivers most of these services to the populations of Berkshire, Buckinghamshire, Hampshire and Oxfordshire as well as non-emergency patient transport services in Sussex.
We serve a population of over 7 million and answer over 500,000 urgent calls a year. We employ 4,551 staff who, together with over 1,100 volunteers, enable us to operate 24 hours a day, seven days a week.
In SCAS, we know that colleagues who are cared for and valued are enabled to provide the right care, first time, every time. That is why we strive to foster a culture that balances fairness, compassion, learning and accountability; a ‘just and learning culture’.
Detailed job description and main responsibilities
You will bring:
* Experience working within a well-established SOC or cyber defence function
* Proven ability to lead or significantly shape SIEM/SOC operations
* A clear understanding of effective detection engineering and incident response practices
* Experience configuring, tuning, and optimising SIEM and endpoint security tooling (e.g. Sophos, Secureworks, or equivalent)
* The ability to take ownership and drive improvements, not just operate existing processes
* Strong analytical and communication skills, with the ability to provide clear, actionable insight
* Experience supporting or mentoring others, with the ability to share knowledge and raise overall team capability
Relevant certifications (e.g. CISSP, CISM, GIAC or equivalent) are desirable, but practical experience and demonstrable impact are more important.
You’re likely a good fit if:
* You’ve worked in a SOC where effective processes and standards are already embedded
* You enjoy improving how things work, not just operating them
* You’re comfortable acting as a technical lead and trusted point of reference
You take pride in developing others and promoting good practice.
Please see Job Description and Person Specification for full details.
Person specification
Qualifications
Essential criteria
* Masters level degree or equivalent level of experience
* Hold a security recognised qualification (e.g CISSP, CIPR)
Knowledge
Essential criteria
* Knowledge of relevant information security and privacy related legislation and regulation – such as Data Protection Act 2018, Freedom of Information Act, etc.
* Working knowledge of the Data Security and Protection Toolkit (DSPT)
* Knowledge if IT systems implementation.
Skills
Essential criteria
* Demonstrable experience in ICT/ Information Security Role
* Strong interpersonal skills & able to develop and maintain effective and credible relationship with business leaders and supplier management.
* Excellent working knowledge of all MS Office applications.
We understand that some applicants may choose to use AI tools to assist with completing their application. While this is not against our guidelines, it’s important that your application remains an accurate and honest reflection of your own skills, experience, and achievements. Please ensure that any content generated or supported by AI truly represents you and your capabilities, as this will form the basis of our assessment throughout the recruitment process.
We actively welcome job applications from candidates who have a disability or who are members of the BAME, LGBTQ+ and Armed Forces community (including: Reservists, Veterans, Spouses and Cadets). Here at SCAS we are proud to have a workforce that reflects the diverse community we serve. Applicants who have a disability or are members of the armed forces community who meet the minimum shortlisting criteria for their post of interest will be invited for an interview and/or assessment (where applicable).
Please be assured that any requests for reasonable adjustments will not negatively affect your application.
As well as standard NHS benefits like generous holiday entitlement and an excellent pension scheme, we offer lots of extras for our staff.