Cyber Security Analyst - Bicester
Job summary
Band 7 Cyber Security Analyst (SOC & SIEM Lead)
Join us and help define what great looks like
We are looking for an experienced Cyber Security Analyst to take a leading role in developing and running our Security Operations (SOC) and SIEM capability.
This role is ideal for someone who brings experience of well-established cyber operations and can apply that knowledge to strengthen and evolve our detection and response capability in a complex NHS environment, where patient safety and operational continuity are critical.
You will work with tools including Sophos Intercept X and Secureworks Taegis, while helping shape our future SOC model. Beyond tooling, you will play a key role in establishing effective, sustainable ways of working aligned to recognised good practice.
Main duties of the job
What you will do
Lead the day-to-day operation and ongoing development of our SOC and SIEM capability
Own and continuously improve detection use cases, alerting, triage, and response processes
Act as a technical lead for monitoring and detection, ensuring controls are effective, proportionate, and aligned to risk
Investigate and respond to security incidents, providing clear, risk-based analysis and recommendations
Use threat intelligence and operational insight to continually improve detection capability
Provide meaningful reporting and assurance on SOC performance and cyber posture
Support the evolution of our future SOC model, including partnership working where required
Provide guidance and mentoring to colleagues, helping to build capability and embed effective SOC and incident response practices across the team.
Why this role matters
- You will play a key role in strengthening our cyber resilience
- You will have real ownership and influence over how SOC services are delivered
- Your work directly supports frontline ambulance services and patient care
- You will help build a capable, sustainable internal cyber function
About us
Benefits we offer:
- Full training and support when you join and ongoing throughout your employment with us.
- Holiday entitlement is 27 days rising to 29 days after 5 years and 33 days after 10 years, plus 8 bank holidays (pro rata for part time).
- Enrolment into the NHS Pension Scheme.
- Access to continual professional development and opportunities within SCAS and the NHS.
- Occupational Health support along with an Employee Assistance Programme.
- NHS Discounts in over 200+ stores including Holidays, Days out, Car insurance, Restaurants and Clothing.
- Staff networking and support groups.
About Us
South Central Ambulance Service NHS Foundation Trust provides a range of emergency, urgent care and non-emergency healthcare services, along with commercial logistics services.
The Trust delivers most of these services to the populations of Berkshire, Buckinghamshire, Hampshire and Oxfordshire as well as non-emergency patient transport services in Sussex.
We serve a population of over 7 million and answer over 500,000 urgent calls a year. We employ 4,551 staff who, together with over 1,100 volunteers, enable us to operate 24 hours a day, seven days a week.
In SCAS, we know that colleagues who are cared for and valued are enabled to provide the right care, first time, every time. That is why we strive to foster a culture that balances fairness, compassion, learning and accountability; a 'just and learning culture'.
Job description
Job responsibilities
You will bring:
- Experience working within a well-established SOC or cyber defence function
- Proven ability to lead or significantly shape SIEM/SOC operations
- A clear understanding of effective detection engineering and incident response practices
- Experience configuring, tuning, and optimising SIEM and endpoint security tooling (e.g. Sophos, Secureworks, or equivalent)
- The ability to take ownership and drive improvements, not just operate existing processes
- Strong analytical and communication skills, with the ability to provide clear, actionable insight
- Experience supporting or mentoring others, with the ability to share knowledge and raise overall team capability
Relevant certifications (e.g. CISSP, CISM, GIAC or equivalent) are desirable, but practical experience and demonstrable impact are more important.
Youre likely a good fit if:
- Youve worked in a SOC where effective processes and standards are already embedded
- You enjoy improving how things work, not just operating them
- Youre comfortable acting as a technical lead and trusted point of reference
You take pride in developing others and promoting good practice.
Please see Job Description and Person Specification for full details.
Person Specification
Qualifications
- Masters level degree or equivalent level of experience
- Hold a security recognised qualification (e.g CISSP, CIPR)
Knowledge
- Knowledge of relevant information security and privacy related legislation and regulation - such as Data Protection Act 2018, Freedom of Information Act, etc.
- Working knowledge of the Data Security and Protection Toolkit (DSPT)
- Knowledge if IT systems implementation.
Skills
- Demonstrable experience in ICT/ Information Security Role
- Strong interpersonal skills & able to develop and maintain effective and credible relationship with business leaders and supplier management.
- Excellent working knowledge of all MS Office applications.
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Employer details
Employer name
South Central Ambulance Service NHS Foundation Trust
Address
Northern House, Unit 6
Talisman Business Centre, Talisman Road
Bicester
OX26 6HR
United Kingdom
Employer's website
https://scasjobs.co.uk/