Security Operations Center Analyst

⚠️ This role is based in the UK and we unfortunately are not able to provide visa sponsorship. ⚠️ ⚠️ Also, this is an experienced hire role. Please do not apply if you are seeking your first role in cyber security - look out for our Graduate SOC Analyst roles instead ⚠️ What we’re offering (saves you scrolling straight to the bottom):Salary: £40,000–46,000 depending on experienceShares: We operate an EMI scheme and you will earn over time a slice of the CyPro pie.Holiday: 25 days paid holiday plus bank holidays (increases by 1 day per year worked up to 30 days)Flexible Working: We love getting the team together in the office, so we typically spend three days per week together in our lovely London office (39 floors up in Canary Wharf 👀). The rest of the time, you can work wherever you’re most productive.Working Hours: 4 days on, 4 days off, rotating day/night shiftsTraining: Budget for one certification/course per yearSocials: We meet regularly to have a drink, throw some axesStart Date: ASAPAbout CyPro:We are an innovative cyber security start-up united in a shared mission: to redefine cyber security for small and medium-sized businesses (SMBs).Our Founders – Jonny & Rob – spent most of their early careers delivering cyber security for large enterprises and central government. They saw a clear need for a new approach to cyber security as SMBs became increasingly targeted by cyber criminals. By 2022, SMBs accounted for 75% of attacks, largely due to being easy targets.Together, CyPro is already setting new standards, defining innovative solutions and equipping its clients with the cyber security they need to prevent attacks, secure bigger clients and scale to new heights.We are growing quickly, and the next few years promise more of the same. Joining CyPro means becoming an integral part of our mission and joining a team of industry experts embarking on this journey.The Role:This isn’t your typical SOC Analyst role where you’re pigeonholed into one narrow specialism. At CyPro, you’ll have the opportunity to get involved in a wide range of areas including monitoring, incident response, threat intelligence, detection engineering, automation and internal security operations.You’ll play a key role in our Security Operations Centre, delivering 365-day monitoring, detection and response to our growing customer base. You’ll contribute to building out our capabilities, improving tooling and processes, and shaping how we operate as the function matures.As the team grows further, you’ll have the flexibility to focus more deeply on the areas that interest you most – whether that’s advanced detection engineering, threat intelligence, incident response leadership or platform automation. If you’re ambitious and want to help shape something rather than simply follow a process, this is the right environment for you.Core Responsibilities:Security Monitoring & Incident ResponseMonitor security alerts generated by Microsoft Sentinel, Microsoft Defender, Datadog and Elastic.Assess severity and impact of alerts, triage and investigate incidents independently.Execute containment and remediation actions using defined runbooks and playbooks.Correlate data across platforms to identify anomalies, malicious patterns and attacker behaviour.Produce detailed incident reports, RCA and after-action reviews for internal and client use.Maintain accurate incident records in JIRA Service Management.Detection EngineeringDevelop and implement new detection rules in Microsoft Sentinel aligned to the MITRE ATT&CK framework.Draft and optimise KQL queries for detection and threat hunting.Refine existing detection logic based on false positive analysis and threat evolution.Threat Intelligence & EnrichmentAnalyse threat intelligence feeds to identify relevant threats and vulnerabilities.Review and tag IOCs and TTPs observed in client environments.Participate in proactive threat hunting sprints to identify risks before they escalate.Client Support & ReportingPrepare weekly and monthly SOC reports highlighting activity, incidents and trends.Join governance calls with senior analysts or managers to present SOC insights.Respond to client queries regarding investigations, coverage and data flows.Internal Security OperationsSupport the management of CyPro’s internal security environment.Administer and monitor identity management solutions.Manage and maintain our MDM platform to ensure secure and compliant device management.Help ensure our internal security posture reflects the same standards we deliver to clients.Process Improvement & AutomationDesign and develop Logic Apps to automate incident response workflows.Contribute to evolving internal runbooks and knowledge base articles.Identify gaps in visibility, tooling or processes and propose solutions.Professional DevelopmentWork toward and maintain relevant certifications (e.g. SC-200, AZ-500).Stay up to date with current threat trends, attacker TTPs and defensive strategies.Actively participate in ongoing training and capability development.Who we're looking for:Self-Starters – we’re not a large FTSE organisation with a procedure for everything. You’ll need to operate in an environment with few guardrails and help build things as we grow.Ambitious & Driven – whether your goal is to lead a team, specialise technically or move into leadership in future, we’ll support your development.Always Improving – we’re a growing business and want our people to grow with us.What we think you need to be successful:Education & ExperienceUniversity educated with a degree in computer science, information security or equivalentAt least one year of experience in a SOC environment monitoring and responding to incidentsMicrosoft Sentinel and Defender hands-on expertiseSC-200 certification or willingness to achieve itWithin commuting distance (~1 hour) of Canary Wharf, LondonTechnical SkillsStrong KQL skills for threat hunting and incident forensicsExperience with SIEM, IDS/IPS and threat intelligence platformsFamiliarity with incident response frameworks and security best practiceExperience with scripting and automation (e.g. Azure Logic Apps)Soft SkillsProblem-Solving: Identify, troubleshoot and resolve complex security issues.Attention to Detail: Ensure accurate detection, analysis and documentation.Analytical Thinking: Comfortable interpreting complex security data.Communication: Clear and confident communicator, able to translate technical issues for non-technical audiences.Calm Under Pressure: Maintain composure during incidents and escalate appropriately.Accountable & Humble: Take ownership and learn from experience.Curious: Dive into data sets and problems to uncover patterns and root causes.Our Two-stage Hiring Process:Intro Discussion (20 minutes, Remote): An initial chat to learn more about you and the role.Assessment Centre (2 hours, London): A mini project on-site (no prep required), some quick tests, followed by a final interview with the founders and our SOC Manager.