Cyber Security Analyst

We are looking for a proactive and technically capable Cyber Security Analyst to join our Security Operations team. In this role, you will be responsible for detecting, investigating, and responding to security incidents across a diverse technology estate spanning both cloud and on‑premise environments. Reporting to the Security Operations Lead, you will strengthen our detection and response capabilities through developing high‑quality detections, improving playbooks, and conducting post‑incident reviews to drive continuous improvement.

• Proactively monitor and analyse security events to detect and respond to potential threats
• Investigate alerts and incidents, performing triage, containment, and remediation activities
• Develop, implement, and tune detection use cases aligned to frameworks such as MITRE ATT&CK
• Correlate data from multiple sources (endpoint, identity, network, and cloud) to identify suspicious behaviour
• Build and maintain dashboards, alerts, and reports to improve security visibility
• Conduct proactive threat hunting based on threat intelligence and behavioural patterns
• Develop and maintain incident response playbooks, continuously improving them based on emerging threats and lessons learned
• Perform post‑incident reviews to identify root causes and implement preventative measures
• Tune alerts and detections to reduce false positives and improve signal‑to‑noise ratio
• Contribute to the ongoing improvement and management of security tooling and processes
• Participate in an on‑call rota for high‑severity incident response

• Proven experience monitoring, investigating and responding to security incidents across enterprise environments
• Hands‑on experience with SIEM platforms such as Splunk, including detection engineering, alert tuning, and dashboard creation
• Experience with endpoint detection and response tools such as Microsoft Defender for Endpoint or similar
• Strong understanding of common attack techniques, tactics, and procedures (TTPs), ideally mapped to MITRE ATT&CK
• Experience analysing logs across multiple domains (endpoint, identity, network, cloud)
• Familiarity with SOAR platforms and automation
• Experience working within security frameworks such as PCI DSS, ISO 27001, or similar
• Strong analytical and problem‑solving skills with the ability to work independently
• Excellent communication skills, with the ability to clearly articulate security risks to non‑technical audiences

• Experience in threat hunting and behavioural‑based detection
• Experience reducing false positives and improving detection quality in a SOC environment
• Scripting or automation experience
• Understanding of web application security and common attack vectors

• Hybrid working (2‑3 days in the office at a minimum)
• 24 days holiday (+ 8 bank holidays)
• Annual bonus scheme
• Enhanced maternity and adoption leave
• Company pension with up to 8% N Brown contribution
• Mental Health support both internally and externally, including access to our wellbeing champions and counselling services
• Financial wellbeing support, including the Stream financial wellbeing tool
• Colleague discount across all N Brown brands
• On‑site café with subsidised rates and local restaurant discounts
• Life Assurance and Private Medical Insurance
• Paid volunteer time – all colleagues can take a full day paid to volunteer for a charity of their choice

We're an equal opportunity employer and value diversity. We do not discriminate based on race, religion, colour, national origin, sex, gender, gender expression, sexual orientation, age, marital status, veteran status, or disability status.