Senior Security Analyst

Senior Security Analyst

Glasgow | Personal Contract (dependent on skills and qualifications)

Full-time | Hybrid

Competitive pension scheme – Enhanced maternity/paternity pay – Life assurance – Holiday Plus – Cycle2work Scheme & more

We’re seeking a technical Senior Security Analyst to lead threat detection, incident response, and control validation across various cloud security platforms such as, but not exclusive to, Microsoft security suite, AWS workloads, CNAPP and Crowd Strike. You’ll drive operational benchmarking, automate reporting, and ensure UK compliance alignment (NCSC CAF, ISO 27001, NIST etc…).

We deliver safety, warmth, and comfort to homes and businesses. Every role, whether in the office or on the front line, plays a key part in this mission. Here’s how you will contribute…

• Make final calls during incidents or policy debates, train and guide junior analysts
• Handle complex threats, lead incident response, and shape security policy
• Oversee and lead investigations across various cloud security suites
• Develop and maintain KQL-based detection rules, hunting queries, and alert tuning strategies.
• Coordinate incident response playbooks across hybrid environments, including AWS EC2, Lambda, and containerized workloads.
• Contribute to the operational deployment and oversight of AI-driven security tooling, ensuring alignment with threat detection, SOC workflows and UK compliance standards
• Operational Benchmarking & Reporting
• Build automated dashboards with tooling such as Power BI or Grafana, integrating various security tooling suites
• Benchmark SOC metrics (MTTD, MTTR, alert fidelity etc…) against UK peers and internal SLAs.
• Deliver structured weekly reports with versioning and audit traceability.
• Security Control Validation
• Validate endpoint coverage across EDR/XDR platforms ensuring telemetry integrity and policy enforcement.
• Integrate various security tooling into health dashboards.
• Drive remediation workflows with engineering teams to close gaps in control coverage.
• Threat Intelligence & Attribution
• Oversee the correlation of internal telemetry with external feeds (e.g., MISP, Recorded Future, Microsoft TI).
• Map adversary TTPs using MITRE ATT&CK, and produce attribution matrices for major incidents.
• Track UK-relevant threats, including supply chain risks and sector-specific campaigns.
• Coaching & Continuous Improvement
• Mentor analysts in cloud and endpoint telemetry interpretation.
• Lead tabletop exercises and purple team simulations using various tool sets
• Contribute to SOC maturity assessments and continuous improvement initiatives.

• 5+ years in SOC or incident response roles, with strong hands‑on experience in Microsoft security suite, AWS Security Services, and other EDR/XDR/CNAPP platforms
• Proficient in KQL, Power Shell, and Python for automation and enrichment.
• Experience with AWS IAM, Guard Duty, Security Hub, Cloud Trail, and Config.
• Strong understanding of UK compliance frameworks (NCSC CAF, ISO 27001, GDPR).
• Familiarity with threat intel platforms, STIX/TAXII, and TTP mapping.

Not sure you meet every requirement? Research shows some people – particularly women and those from underrepresented backgrounds – may hesitate to apply unless they meet every criteria. At SGN, we value diverse backgrounds, experiences and perspectives.

If this role interests you but you’re not sure you tick every box, we’d still love to hear from you. You might be just who we’re looking for – now or in the future.

SGN is a leader in pioneering research and development toward a net‑zero energy system. Our cutting‑edge technologies and innovative thinking are driving change in the gas industry, all while keeping people safe and warm.

If you require any accommodations or support during the application process, reach out to us. We’re here to help ensure an inclusive and accessible experience for everyone.