Senior Security Analyst

Senior Security Analyst (L3) / Security Architect

Location: [London / hybrid / remote]

Salary: £85,000

About the Role

We are seeking a highly experienced Level 3 Security Analyst to join a global cyber security function in an organisation who have recently had strong Private Equite investment , with a dual remit as a Security Architect. This is a senior, hands-on role within a regulated environment where security, data protection, and operational resilience are business critical.

Reporting to the Head of IT Security , you will act as a key technical authority for complex security incidents while shaping and strengthening our long term security controls across endpoints, cloud platforms, identity, and data. You will work closely with IT, Engineering, and senior stakeholders to design pragmatic, risk based security solutions that enable the business while meeting regulatory and compliance expectations.

This role suits someone who thrives at the intersection of deep technical investigation, architectural decision making, and operational improvement. The ideal applicant will be driven by progress and want to grow in a fast moving environment

________________________________________

Key Responsibilities

Security Operations & Incident Response

• Act as the L3 escalation point for security alerts and incidents, leading end to end response activities including investigation, containment, eradication, and post incident reviews.

• Drive continuous improvement in mean time to detect and respond, ensuring lessons learned are translated into stronger controls and detections.

Endpoint, Detection & Response

• Design, tune, and operationalise Microsoft Defender for Endpoint (EDR/XDR) use cases.

• Improve alert fidelity, triage workflows, and response playbooks to deliver efficient, repeatable outcomes within a regulated environment.

Data Protection & Insider Risk

• Own and mature Microsoft Purview controls, including Data Loss Prevention (DLP) and Insider Risk Management.

• Lead policy design, tuning, and investigations to protect sensitive and regulated data throughout its lifecycle.

Cloud & Infrastructure Security

• Provide security leadership across AWS, Azure, and GCP, including logging and visibility, identity and access guardrails, and secure cloud architecture patterns.

• Conduct security architecture and design reviews for cloud workloads and platform changes.

Vulnerability & Risk Management

• Lead vulnerability management activities (ideally using Qualys, or equivalent tools).

• Ensure effective scan coverage, risk based prioritisation, remediation tracking, and clear reporting aligned to regulatory expectations.

Security Architecture & Change Enablement

• Act as a security architect for projects and change initiatives.

• Perform threat modelling where appropriate and define proportionate, practical controls across endpoints, cloud, identity, and data.

Collaboration & Continuous Improvement

• Partner with IT and Engineering teams to enhance security telemetry, logging standards, and SIEM-driven detections.

• Contribute to secure by design practices; working knowledge of application security principles (e.g. OWASP Top 10, CI/CD controls) is advantageous.

________________________________________

Skills & Experience

Essential

• Significant hands on experience in senior (L3) security operations, including leading complex incident investigations in enterprise or regulated environments.

• Strong cloud security expertise across AWS, Azure, and/or GCP, including identity, logging, and native security services.

• Proven experience with EDR/XDR, ideally Microsoft Defender for Endpoint, including deployment, tuning, investigation, and response.

• Hands on experience with Microsoft Purview, including DLP and Insider Risk Management policy design and investigations.

• Solid vulnerability management experience (Qualys preferred) covering prioritisation, remediation coordination, and reporting.

• Strong understanding of networking and security fundamentals (DNS, HTTP(S), VPNs, TLS, segmentation) and modern identity controls (MFA, conditional access).

• Experience working with SIEM platforms and log driven investigations; the ability to write or refine detections is highly valued.

• Ability to produce clear, pragmatic security architecture guidance and influence technical and non technical stakeholders.

Desirable

• Scripting or automation experience (e.g. Python, PowerShell, Bash) and/or SOAR exposure.

• Relevant certifications such as CISSP, CCSP, Security+, or GIAC.

• Exposure to application security concepts is beneficial but not essential.