The Position
Gelato continues its global expansion, and we are seeking a Junior Security Analyst to join our growing security function. This is a hands‑on, execution‑focused role built around analysing security events—you’ll be the person who picks up requests for the wider organisation such as reviewing PRs, triaging security alerts, investigating events, and driving incidents through to resolution.
You don’t need to have seen everything. You need curiosity, a structured approach to problem‑solving, and the drive to grow fast. Reporting to the Head of Information Security, you’ll work alongside experienced engineers and have a clear path to develop your skills in detection engineering, threat analysis, and security automation.
Our security team operates as enablers, not blockers—the job is to keep the business safe without slowing it down.
Responsibilities
Incident response and detection
* Own the day‑to‑day triage and investigation of security alerts across our SIEM, EDR, and cloud monitoring tooling.
* Drive incident‑response activities for severity events: containment, evidence collection, root‑cause analysis, and post‑incident documentation.
* Participate in an on‑call rotation, providing timely responses and escalations for security incidents outside of business hours.
* Escalate high‑severity or complex incidents to senior team members, providing clear and complete hand‑over documentation.
* Maintain and improve incident‑response runbooks, playbooks, and internal knowledge bases.
Monitoring and threat analysis
* Monitor security tooling (SIEM, WAF, EDR, IAM) for suspicious activity and anomalous behaviour.
* Contribute to the tuning of detection rules and alert thresholds to reduce noise and improve signal quality.
* Proactively analyse threat intelligence and translate findings into actionable detection improvements.
AI‑powered security operations
* Use AI and LLM tools daily to accelerate alert triage, generate incident summaries, and draft communications for stakeholders.
* Contribute to automation workflows that reduce manual toil in detection and response pipelines.
* Experiment with AI‑assisted approaches to threat hunting, log analysis, and runbook generation.
Compliance and governance support
* Support evidence collection and control testing for compliance frameworks including ISO 27001, SOC 2, and NIST CSF.
* Assist with vulnerability management activities, including tracking remediation progress and communicating status to stakeholders.
* Help educate the wider Gelato team on security best practices through documentation and awareness activities.
Requirements
* 1–3 years of experience in a security operations, IT security, or related technical role — including internships, apprenticeships, or equivalent hands‑on exposure.
* Practical experience with SIEM or EDR tooling — whether professionally, in a lab, or through CTF/home‑lab environments.
* Solid understanding of core security concepts: attack frameworks (MITRE ATT&CK), the incident‑response lifecycle, common vulnerability classes.
* Comfortable working in cloud environments, particularly AWS — you understand IAM, logging, and basic cloud‑native threat vectors.
* AI‑native working style — you actively use LLMs and AI assistants as productivity tools and are eager to apply them in security contexts.
* Clear written and verbal communication in English; able to document incidents accurately and concisely for both technical and non‑technical audiences.
Good to have
* Exposure to scripting (Python, Bash, or PowerShell) for automating repetitive tasks or parsing log data.
* Familiarity with compliance frameworks such as ISO 27001 or SOC 2.
* Experience with tools such as Cloudflare, the ELK stack, or vulnerability scanners (Semgrep, CodeCI, SonarQube, Coana, etc.).
* Relevant certifications: CompTIA Security+, CySA+, BTL1, or equivalent; or progress toward GIAC certifications.
* Hands‑on experience building simple automation or integrations between security tools.
* Degree in Computer Science, Information Security, or a related field — though we consider demonstrated experience over credentials.
J-18808-Ljbffr