Monitor and investigate security alerts and events across security tooling, cloud environments, business systems, and applications.
Support incident response activities including detection, analysis, containment, eradication, recovery, and lessons learned.
Develop and improve security monitoring, alerting, playbooks, and operational procedures.
Assist with threat hunting and proactive identification of security risks and suspicious activity.
Maintain awareness of emerging cyber threats, vulnerabilities, and attack techniques relevant to SaaS businesses.
Own day-to-day vulnerability management activities across infrastructure, cloud platforms, applications, and endpoints.
Work with technology teams to prioritise and coordinate remediation activities.
Track vulnerabilities through to resolution and provide reporting on remediation performance.
Support penetration testing activities and coordinate remediation of findings.
Support the security of cloud environments and SaaS platforms through implementation and monitoring of security controls.
Assist with identity and access management initiatives, including privileged access management, role-based access control, and identity governance.
Review cloud security recommendations and assist with remediation activities.
Partner with engineering teams to support secure software development practices.
Assist with the identification, triage, and remediation of application security vulnerabilities.
Support security testing activities including SAST, DAST, dependency scanning, and secrets detection.
Contribute to threat modelling and secure design discussions where appropriate.
Support the continued operation and improvement of the Information Security Management System (ISMS).
Assist with security audits, compliance activities, evidence collection, and control reviews.
Contribute to the development and maintenance of security policies, standards, procedures, and guidance.
Support risk assessments and assist with tracking risk treatment activities.
Help maintain compliance with frameworks and standards including ISO 27001 and applicable data protection requirements.
Respond to customer and prospect security questionnaires and due diligence requests.
Conduct security reviews of suppliers, partners, and third-party services.
Requirements
Experience in a Security Analyst, Information Security, Cyber Security, Systems Administration, Infrastructure, Cloud Operations, or DevOps role with demonstrable security responsibilities.
Experience working within a security or compliance framework such as ISO 27001.
Understanding of security operations and incident response processes.
Experience with vulnerability management, remediation tracking, and security risk reduction.
Knowledge of identity and access management principles.
Understanding of cloud security concepts and security controls within major cloud providers.
Hands-on experience of an array of core security technologies.
Understanding of common application security risks and OWASP principles.
Strong communication skills with the ability to engage technical and non-technical stakeholders.
Ability to manage multiple priorities and work independently in a fast-paced environment.
A pragmatic and business-focused approach to security.
Desirable: Experience supporting secure software development practices.
Experience conducting supplier security reviews and risk assessments.
Familiarity with automation or scripting using PowerShell, Python, or similar technologies.
Understanding of data protection and privacy requirements.
Experience working within a SaaS, technology, or cloud-first organisation.
Tech Stack
Cloud
Cyber Security
Python
Benefits
Commission & bonus opportunities
Annual leave that increases with service + option to buy more
Additional paid wellbeing days + annual wellbeing reward