This list contains only the countries for which job offers have been published in the selected language (e.g., in the French version, only job offers written in French are displayed, and in the English version, only those in English).
United Kingdom, Any UK Office Hub (Bristol / London / Manchester / Swansea) Employment contract 50000.00 - 60000.00 GBP / Year · Job Posted July 14, 2026
Made Tech helps UK public sector organisations build and run secure, user-centred digital services. Our Cyber practice works directly with government departments, agencies, and other public bodies — embedding alongside client teams to raise their security capability, not just deliver a report and leave. As a Senior Security Analyst, you'll be a core part of that practice, operating in a security operations context where the stakes are real: the systems we protect carry sensitive public data and underpin services that people depend on. This is a hands-on technical role with genuine scope and influence. You'll lead threat hunts and intrusion investigations, author and tune detection content, and help your team respond to incidents in a way that leaves things better than you found them. You'll translate threat intelligence into actionable detections, align your work to frameworks like the NCSC Cyber Assessment Framework and GovAssure, and communicate clearly with client security stakeholders who need to understand what's happening and why it matters. You'll own significant pieces of the SOC's work end-to-end - not just executing tasks, but making considered decisions and being clear about the trade-offs. At Senior level, though, the role is about more than your own output. You'll help junior analysts develop their triage tradecraft, normalise pairing on incident response, contribute to shared detection standards across the practice, and model the kind of blameless, collaborative culture that makes a security team genuinely effective.
Job Responsibility
Lead threat hunts and intrusion investigations
Author, tune, and peer-review detection content
Own sub-cycles of the intelligence lifecycle
Lead incident response and drive improvement
Build SOAR playbooks and auto-triage
Align security operations to UK public sector standards
Mentor junior analysts and raise team standards
Contribute to the practice beyond your immediate engagement
Requirements
Hold one of the following - Systems Security Certified Practitioner (SSCP), CompTIA Security+, or an equivalent foundational operational security credential expected of Senior SOC analysts
Certifications that would strengthen your application: Certified Cloud Security Professional (CCSP), CompTIA Advanced Security Practitioner (CASP+), HTB Certified Defensive Security Analyst (HTB CDSA)
Experience applying structured analytical techniques - ACH, key-assumptions checks, or similar, to produce rigorous, bias-resistant intelligence assessments, and comfort peer-reviewing others' analytic tradecraft
Working knowledge of cloud security event investigation and cloud detection tuning, particularly across AWS, Azure, or GCP environments, including understanding of infrastructure-level telemetry
Experience framing security findings in risk terms for non-technical stakeholders — communicating likelihood, impact, and recommended treatment clearly, and reflecting asset criticality and threat context in prioritisation decisions
Evidence of building or improving SOAR playbooks, automated triage workflows, or equivalent automation that reduced analyst toil in a SOC or detection-engineering context
Familiarity with UK government security frameworks — in particular the NCSC CAF, GovAssure, and HMG Security Policy Framework — and experience aligning detection or response work to those standards in a government or regulated environment
Experience working within an agile or Kanban-based team model, contributing to workflow improvement, running or participating in retrospectives, and helping the team improve its own practices — not just delivering within them
Experience acting as a trusted working-level contact for client security stakeholders — anchoring on their actual outcomes, raising concerns or opportunities proactively, and contributing subject-matter expertise to proposals or bids
Hands-on experience with at least one major SIEM platform (for example, Splunk, Microsoft Sentinel, or Elastic Security) including writing and tuning detection rules
Familiarity with threat intelligence platforms, OSINT tooling, or indicator lifecycle management in an operational context
Nice to have
Certifications: Certified Cloud Security Professional (CCSP)