SecOps Analyst

Job Title: MDA Security Operations (Sec Ops) Engineer

Clearance: DV required or ability to obtain

Location: Portsmouth

We are seeking a hand‑on Security Operations (Sec Ops) Engineer to secure and operate a MoD‑hosted private cloud environment and its associated services. You will play a key role in active defence of live services, combining security, vulnerability management, platform hardening, and operational security assurance. You will work across infrastructure, platform and data layers to ensure systems are secure, compliant and resilient within a highly governed environment.

• Monitor and respond to security events, alerts and incidents across cloud, platform, and application layers.
• Execute vulnerability scanning, patch assurance and configuration compliance checks.
• Maintain security tooling such as SIEM, EDR, vulnerability scanners, and cloud‑native controls.
• Support ISO 27001 control operation and evidence collection.
• Ensure compliance with MoD security standards including JSP 440 and SbD requirements.
• Support internal/external audit, accreditation and remediation activities.
• Maintain secure configurations, firewall rules, access control policies, and logging standards.
• Provide security assurance during change, deployment and release activities.
• Support improvement of Sec Ops processes, SOPs and monitoring automation.

• Experience operating within a Security Operations or Sec Ops function.
• Hands‑on experience with SIEM (e.g. ELK), EDR and vulnerability tooling.
• Experience securing Linux and Windows environments.
• Understanding of ISO 27001 and secure configuration principles.
• Experience supporting cloud or virtualised platforms (e.g. VMware).
• Ability to investigate and respond to security incidents.
• Strong understanding of operational security within governed environments.
• Eligible for DV clearance.

• Experience in MOD or classified environments.
• Automation experience (Ansible, Terraform, scripting).
• Experience with Nessus/Tenable or similar tools.
• Familiarity with JSP 440/441/453 and NCSC guidance.

To deliver security operations for a private cloud platform, ensuring systems are actively monitored, vulnerabilities are managed, and services remain secure, compliant and resilient.

• Monitor SIEM, EDR and platform telemetry.
• Investigate alerts and perform incident triage and escalation.
• Conduct structured incident response activities.

• Execute vulnerability scans and interpret results.
• Prioritise remediation based on risk and impact.
• Track and verify remediation activities.

• Maintain secure configurations across:
  • VMware / virtualisation platforms.
  • Linux and Windows systems.
  • Network security controls (firewalls, proxies).
• Support least privilege and zero‑trust principles.

• Operate and maintain SIEM, EDR and scanning tools.
• Improve detection rules and alert quality.
• Contribute to automation of security processes.

• Support ISO 27001 control operation and evidence collection.
• Maintain audit trails and configuration baselines.
• Support JSP 440/441/453 compliance and accreditation.

• Assess changes for security impact.
• Ensure deployments meet security requirements.
• Support secure‑by‑design implementation.

• Maintain SOPs, runbooks and incident documentation.
• Contribute to improvement of Sec Ops processes and tooling.