Cyber Security Specialist

Location: City of Edinburgh

Wood Mackenzie is the global leader in analytics, insights and proprietary data across the entire energy and natural resources landscape.

For over 50 years our work has guided the decisions of the world’s most influential energy producers, utilities companies, financial institutions and governments.

Now, with the world’s energy system more complex and interconnected than ever before, sector-specific views are no longer enough. That’s why we’ve redefined what’s possible with Intelligence Connected.

By fusing our unparalleled proprietary data with the sharpest analytical minds, all supercharged by Synoptic AI, we deliver a clear, interconnected view of the entire value chain. Our trusted team of 2,700 experts across 30 countries breaks siloes and connects industries, markets and regions across the globe.

This empowers our customers to identify risk sooner, spot opportunities faster and recalibrate strategy with confidence – whether planning days, weeks, months or decades ahead.

Wood Mackenzie  Intelligence Connected
** Wood Mackenzie Values
**** Position Overview
** We are seeking an experienced Cyber Security Lead Analyst to join our cyber security team. The ideal candidate will have a minimum of 5 years cyber security experience and 3+ years in cloud security and/or application security.  The candidate will be able to demonstrate a proven track record of protecting enterprise environments against evolving cyber threats. This role requires a technically proficient lead analyst who can lead security initiatives and ensure our cloud and application infrastructure maintains the highest security standards, whilst maintaining business partnerships across the group.
** Key Responsibilities
*** Monitor and analyze security events across cloud and on-premises environments using SIEM and security analytics tools
* Conduct thorough investigations of security incidents and provide detailed incident reports
* Develop and maintain incident response playbooks and procedures
* Experience with threat intelligence platforms and threat hunting
* Experience with security orchestration, automation and response (SOAR) platforms
* Understanding of data protection and encryption technologies
* Experience in regulated industries (financial services, healthcare, energy)
* Background in offensive security or penetration testing
* Design, implement, and maintain security controls across cloud platforms (AWS, Azure, GCP)
* Conduct cloud security assessments and architecture reviews
* Ensure compliance with cloud security best practices and frameworks (CIS Benchmarks, CSA CCM, NIST)
* Manage cloud-native security tools including CSPM, CWPP, and cloud WAF solutions
* Implement and maintain identity and access management (IAM) policies and controls
* Lead cyber security programs and coordinate remediation efforts
* Collaborate with Dev Ops teams to integrate security into CI/CD pipelines (Dev Sec Ops )
* Stay current with emerging threats, vulnerabilities, and security technologies
* Contribute to security awareness training and documentation
* Facilitate Supplier Management and security input into bids
* Support compliance initiatives (SOC 2, ISO 27001, PCI-DSS, GDPR, etc.)
* Develop and enforce security policies, standards, and procedures
* Conduct security audits and risk assessments
* Maintain security documentation and metrics reporting
** Required Qualifications
*** 5+ years of experience in cybersecurity roles
* 3+ years of hands-on experience with cloud security (AWS, Azure, or GCP)
* Proven experience leading security incidents and coordinating response efforts
* Experience with security frameworks such as NIST CSF, MITRE ATT&CK, or Zero Trust architecture
** Technical Skills
*** Strong expertise in cloud security services and tools (AWS & Azure)
* Experience working with SIEM platforms (Splunk, Sentinel)
* Understanding of network security, firewalls, IDS/IPS, and VPN technologies
* Familiarity with security testing tools (vulnerability scanners, SAST/DAST, penetration testing tools)
* Experience with endpoint detection and response (EDR) solutions
** Certifications (one or more preferred)
*** CISSP (Certified Information Systems Security Professional)
*…