Security Operations Center Analyst

Important : you must be UK based – we are unable to provide visa sponsorship, and you must meet all 4 minimum requirements below.

⚠️ Also, this is an experienced hire role. Please do not apply if you are seeking your first role in cyber security - look out for our Graduate SOC Analyst roles instead ⚠️

What we’re offering (saves you scrolling straight to the bottom):

  • Salary: £40,000–46,000 depending on experience
  • Holiday: 25 days paid holiday plus bank holidays (increases by 1 day per year worked up to 30 days)
  • Flexible Working: We love getting the team together in the office, so we typically spend three days per week together in our lovely London office (39 floors up in Canary Wharf 👀). The rest of the time, you can work wherever you’re most productive.
  • Working Hours: Unique and well-balanced rolling 5-week shift pattern that largely revolves around Monday - Friday. Includes working 1 weekend in 5; and 7 on-call nights every 5 weeks.
  • Training: Budget for one certification/course per year
  • Socials: We meet regularly to have a drink, throw some axes
  • Start Date: ASAP

Minimum Requirements

You must meet all 4 of these minimum requirements , please do not apply if you do not – your application will be rejected.

  1. Experience: 1–3 years in an administrative, operations, or assistant role supporting senior stakeholders
  2. IT literacy: highly confident using Microsoft Office 365, especially Outlook (calendar + inbox management), Word, Excel and PowerPoint
  3. Fluent in English: you must be highly proficient with business-level written and spoken English
  4. Location: must be within a reasonable commute of Canary Wharf, London for occasional in-person time

About CyPro:

  • We are an innovative cyber security start-up united in a shared mission: to redefine cyber security for small and medium-sized businesses (SMBs).
  • Our Founders – Jonny & Rob – spent most of their early careers delivering cyber security for large enterprises and central government. They saw a clear need for a new approach to cyber security as SMBs became increasingly targeted by cyber criminals.
  • Together, CyPro is already setting new standards, defining innovative solutions and equipping its clients with the cyber security they need to prevent attacks, secure bigger clients and scale to new heights.
  • We are growing quickly, and the next few years promise more of the same. Joining CyPro means becoming an integral part of our mission and joining a team of industry experts embarking on this journey.

The Role:

  • This isn’t your typical SOC Analyst role where you’re pigeonholed into one narrow specialism. At CyPro, you’ll have the opportunity to get involved in a wide range of areas including monitoring, incident response, threat intelligence, detection engineering, automation and internal security operations.
  • You’ll play a key role in our Security Operations Centre, delivering 365-day monitoring, detection and response to our growing customer base. You’ll contribute to building out our capabilities, improving tooling and processes, and shaping how we operate as the function matures.
  • As the team grows further, you’ll have the flexibility to focus more deeply on the areas that interest you most – whether that’s advanced detection engineering, threat intelligence, incident response leadership or platform automation. If you’re ambitious and want to help shape something rather than simply follow a process, this is the right environment for you.

Core Responsibilities:

Security Monitoring & Incident Response

  • Monitor security alerts generated by Microsoft Sentinel, Microsoft Defender, Datadog and Elastic.
  • Assess severity and impact of alerts, triage and investigate incidents independently.
  • Execute containment and remediation actions using defined runbooks and playbooks.
  • Correlate data across platforms to identify anomalies, malicious patterns and attacker behaviour.
  • Produce detailed incident reports, RCA and after-action reviews for internal and client use.
  • Maintain accurate incident records in JIRA Service Management.

Detection Engineering

  • Develop and implement new detection rules in Microsoft Sentinel aligned to the MITRE ATT&CK framework.
  • Draft and optimise KQL queries for detection and threat hunting.
  • Refine existing detection logic based on false positive analysis and threat evolution.

Threat Intelligence & Enrichment

  • Analyse threat intelligence feeds to identify relevant threats and vulnerabilities.
  • Review and tag IOCs and TTPs observed in client environments.
  • Participate in proactive threat hunting sprints to identify risks before they escalate.

Client Support & Reporting

  • Prepare weekly and monthly SOC reports highlighting activity, incidents and trends.
  • Join governance calls with senior analysts or managers to present SOC insights.
  • Respond to client queries regarding investigations, coverage and data flows.

Internal Security Operations

  • Support the management of CyPro’s internal security environment.
  • Administer and monitor identity management solutions.
  • Manage and maintain our MDM platform to ensure secure and compliant device management.
  • Help ensure our internal security posture reflects the same standards we deliver to clients.

Process Improvement & Automation

  • Design and develop Logic Apps to automate incident response workflows.
  • Contribute to evolving internal runbooks and knowledge base articles.
  • Identify gaps in visibility, tooling or processes and propose solutions.

Professional Development

  • Work toward and maintain relevant certifications (e.g. SC-200, AZ-500).
  • Stay up to date with current threat trends, attacker TTPs and defensive strategies.
  • Actively participate in ongoing training and capability development.

Who we're looking for:

  1. Self-Starters – we’re not a large FTSE organisation with a procedure for everything. You’ll need to operate in an environment with few guardrails and help build things as we grow.
  2. Ambitious & Driven – whether your goal is to lead a team, specialise technically or move into leadership in future, we’ll support your development.
  3. Always Improving – we’re a growing business and want our people to grow with us.

What we think you need to be successful:

Education & Experience

  • University educated with a degree in computer science, information security or equivalent
  • At least one year of experience in a SOC environment monitoring and responding to incidents
  • Microsoft Sentinel and Defender hands-on expertise
  • SC-200 certification or willingness to achieve it
  • Within commuting distance (~1 hour) of Canary Wharf, London

Technical Skills

  • Strong KQL skills for threat hunting and incident forensics
  • Experience with SIEM, IDS/IPS and threat intelligence platforms
  • Familiarity with incident response frameworks and security best practice
  • Experience with scripting and automation (e.g. Azure Logic Apps)

Soft Skills

  • Problem-Solving: Identify, troubleshoot and resolve complex security issues.
  • Attention to Detail: Ensure accurate detection, analysis and documentation.
  • Analytical Thinking: Comfortable interpreting complex security data.
  • Communication: Clear and confident communicator, able to translate technical issues for non-technical audiences.
  • Calm Under Pressure: Maintain composure during incidents and escalate appropriately.
  • Accountable & Humble: Take ownership and learn from experience.
  • Curious: Dive into data sets and problems to uncover patterns and root causes.

Our Two-stage Hiring Process:

  1. Intro Discussion (20 minutes, Remote): An initial chat to learn more about you and the role.
  2. Assessment Centre (2 hours, London): A mini project on-site (no prep required), some quick tests, followed by a final interview with the founders and our SOC Manager.
Apply Now
Apply Now

Job Details

Company
CyPro
Location
London Area, United Kingdom
Posted