Security Operations Analyst; SecOps

Security Operations Analyst

Attio is on a mission to redefine CRM for the AI era. We’re building the first AI-native CRM — designed for the most ambitious go-to-market teams. We recently announced our $52M Series B, led by GV (Google Ventures), with support from Redpoint, Balderton, Point Nine, and 01A. Our team thrives on solving complex technical challenges, delighting our users, and setting a new standard for the industry.

The Security Operations Analyst is a mission‑critical role within the Security, Infrastructure and Performance team, directly responsible for maintaining a vigilant and robust security posture for the entire organisation. This position focuses on real‑time protection of all organisational assets, infrastructure, and data. The Analyst is the frontline defender, dedicated to ensuring business continuity and protecting the confidentiality, integrity, and availability of all critical resources.

• Security Monitoring, Triage & Improvement:
  Rapidly detect and prioritise active threats and vulnerabilities through continuous monitoring (SIEM, EDR, Cloud), ensuring insights from root‑cause analysis and proactive threat hunting are fed back into engineering to refine detection capabilities.
• Incident Response:
  Serve as the initial responder to security events. Rapidly analyse, classify, and prioritise reported or detected incidents, determining scope, severity, and impact to the platform.
• Compliance:
  Enforce compliance with internal security policies and regulatory requirements, maintaining meticulous records of all detected events, analysis findings, and incident response activities.

• Security Information and Event Management (SIEM) Platform Expertise
  • Must have:
    Hands‑on experience operating, administering and maintaining a major SIEM platform.
  • Desirable:
    Experience with Google Sec Ops (formerly Chronicle), including data ingestion, rule creation, dashboard development, and optimisation.
  • Desirable:
    Proficiency in Google Sec Ops SOAR tooling, developing automation for alert triage and incident mitigation.
• Security Incident Response
  • Must have:
    Proven experience developing, documenting and executing comprehensive incident response playbooks.
  • Must have:
    Practical experience in triage, containment, eradication, recovery and post‑mortem analysis (malware, unauthorised access, data exfiltration, cloud compromises).
  • Desirable:
    Ability to lead and coordinate incident response across cross‑functional teams under pressure.
• Security Log and Network Analysis
  • Must have:
    Deep expertise analysing security logs from diverse sources to identify anomalies, IOCs and root causes.
  • Must have:
    Expert knowledge of common attack vectors, MITRE ATT&CK framework, and attacker TTPs.
  • Desirable:
    Comprehensive understanding of network protocols (TCP/IP, DNS, HTTP/S) for detecting malicious activity.
• Vulnerability Management
  • Must have:
    Familiarity with vulnerability scanning tools (Nessus, Qualys, Rapid7, Trivy).
  • Desirable:
    Experience managing a vulnerability disclosure or bug bounty programme.
  • Desirable:
    Experience running a continuous vulnerability management lifecycle, including scanning, reporting, prioritisation and remediation tracking.

• Competitive base salary of £80,000 to £95,000
• Equity in an early‑stage tech company on an incredible trajectory
• 25 days holiday plus local public holidays
• Apple hardware
• Private medical insurance through AXA
• Pension contribution through Hargreaves Lansdown
• Enhanced family leave
• Team off‑site trips (Barcelona, Lisbon, Malta, Split)

Seniority level:
Mid‑Senior level

Employment type:

Full‑time

Location:

London, England, United Kingdom

We are an equal opportunity employer. All qualified applicants will receive consideration for employment regardless of race, color, religion, sex, gender identity, sexual orientation, national origin, protected veteran status, or disability status.