The Senior Security Analyst is a hands-on security operations role providing 24/7 operational coverage within a regulated financial services environment. You will own security incidents end-to-end, from detection through to investigation, response, and remediation coordination.
Operating within a small, senior team, you will also deliver proactive security activities including threat hunting, vulnerability management, and tooling validation—ensuring continuous improvement of the client’s security posture.
This role operates on a 24/7 shift pattern (12-hour shifts, 4-on / 4-off including nights and weekends).
Key Responsibilities
* Monitor and investigate alerts across Microsoft Defender, SIEM, and security tooling
* Own security incidents end-to-end, including investigation, containment, and resolution
* Perform deep-dive investigations using KQL and multi-source telemetry
* Correlate data across endpoint, identity, cloud, and network environments
* Determine threat severity and risk aligned to client and regulatory context
* Coordinate response actions with IT, cloud, and platform teams
* Escalate complex incidents to security engineering or leadership where required
* Conduct vulnerability scanning and review findings (e.g. Qualys)
* Run breach and attack simulations and exposure validation (e.g. XM Cyber, AttackIQ)
* Perform web application scanning and triage vulnerabilities
* Execute proactive threat hunting aligned to MITRE ATT&CK
* Optimise detection rules and reduce false positives
* Validate and maintain security tooling effectiveness
* Drive remediation actions through to completion across multiple teams
* Produce clear documentation, incident reports, and audit-ready records
Experience & Knowledge
Essential:
* Strong experience in security operations (incident detection, investigation, response)
* Experience working with Microsoft Defender XDR and security tooling
* Experience with SIEM platforms (ideally Microsoft Sentinel, KQL querying)
* Strong understanding of threat detection, incident response, and root cause analysis
* Experience in regulated environments (e.g. financial services)
* Knowledge of networking, operating systems (Windows/Linux), and security fundamentals
* Strong analytical and problem-solving skills with ability to work independently
* Experience collaborating with cross-functional technical teams
Desirable:
* Experience with vulnerability management tools (e.g. Qualys)
* Experience with attack simulation and exposure tools (AttackIQ, XM Cyber)
* Knowledge of threat intelligence and malware analysis
* Awareness of security frameworks (MITRE ATT&CK, NIST, ISO 27001)
* Basic scripting knowledge (PowerShell, Python, Bash)