Senior Cyber Security Analyst – Incident Response
At Aberdeen, our ambition is to be the UK’s leading Wealth & Investments group. We are seeking a Senior Cyber Security Analyst to join our Cyber Security Operations team in Edinburgh.
About the Role
The Senior Cyber Security Analyst role is an integral part of the Cyber Security Operations team. It supports the Cyber Response Lead in responding to escalated security alerts from L1 and L2 analysts and proactively developing and tuning detection rules. The role reports directly to the Cyber Response Lead and works closely with the Cyber Security Operation Centre, other security functions, 3rd‑party suppliers, and global IT and business teams.
Key Responsibilities
* Conduct thorough investigations to determine the root cause, scope, and impact of security alerts escalated from L1 and L2 analysts.
* Monitor detection and response KPIs.
* Support detection rule management, implementing new rules and tuning out false positives.
* Maintain incident response plans and playbooks.
* Document incidents and response actions in detailed post‑incident reporting.
* Manage the Information Security Queue in relation to Cyber Response tickets.
* Coordinate and collaborate with internal and external stakeholders, such as IT, business, and audit teams on security‑related matters.
* Recommend and implement security posture improvements, collaborating with IT teams to ensure security measures are integrated into systems.
About the Candidate
* Experience in Cyber Security, ideally within an international asset management or large organisation.
* Passion for security and self‑development to keep up to date with evolving threat landscape and technologies.
* Able to work in an international matrix organisation with complex and dynamic drivers and constraints.
* Comfortable with a fast‑paced, multi‑threaded working environment.
* Proficiency in Microsoft Security Stack – strong hands‑on experience with Microsoft Defender suite (MDE, MDO, MDA, MDI) and identity protection technologies (Azure AD Identity Protection, Conditional Access).
* Proficiency with Microsoft Sentinel (SIEM/SOAR) – practical experience configuring, tuning, and maintaining solutions, analysing alerts and incidents, developing KQL queries, automation playbooks, and integration.
* Experience with security tools outside of Microsoft ecosystem (IDS/IPS, vulnerability scanners, web/email filtering, firewalls, DDoS protections, proxies, host‑based protections, malware analysis engines).
* Strong understanding of Cyber Detection and Response concepts such as MITRE ATT&CK framework.
Benefits
We offer 40 days annual leave, a 16% employer pension contribution, discretionary performance‑based bonus, private healthcare, gym discounts, season ticket loans, and an employee discount portal.
We’re Proud to be Disability Confident
If you have a disability and would like to apply, please notify us via the “Disability Confident” section in your application. We will support you through the application process.
#J-18808-Ljbffr