We're looking for an experienced Information Security Analyst who takes real ownership of protecting enterprise systems. If you enjoy digging into logs, chasing down alerts, and building security controls that actually hold up under pressure, this role is worth a look.
You'll be the person keeping an eye on our security posture day to day, monitoring events, assessing risk, tightening controls, and making sure we stay on the right side of industry standards and regulatory requirements. You won't be doing this in isolation either; you'll work closely with IT, engineering, compliance, and business teams to keep security baked into how we operate, not bolted on afterward.
What you'll be doing
- Monitoring security alerts, events, and system logs, and investigating anything that looks off
- Running vulnerability assessments, risk assessments, and compliance reviews
- Supporting incident response, threat investigation, containment, eradication, recovery
- Writing and maintaining information security policies, standards, and procedures
- Conducting security audits and pushing for improvements where controls are weak
- Working with infrastructure, cloud, and dev teams on secure system and application architecture
- Supporting IAM, endpoint security, and data protection efforts
- Helping run security awareness training across the organisation
- Keeping documentation current for risk assessments, incidents, and compliance activity
- Tracking emerging threats and flagging mitigation steps before they become problems
- Supporting business continuity, disaster recovery, and regulatory compliance work
- Putting together security reports for both technical teams and senior stakeholders
What you'll bring
- A bachelor's degree in Cybersecurity, Computer Science, Information Technology, Information Security, or a related field
- At least 3 years' experience in information security, cybersecurity, or IT security
- Solid understanding of network security, operating systems, endpoint security, encryption, and authentication technologies
- Hands-on experience with SIEM platforms, vulnerability management tools, firewalls, IDS/IPS, EDR, and other security monitoring tech
- Comfort working with cloud security across AWS, Azure, or GCP
- Working knowledge of frameworks like ISO/IEC 27001, NIST CSF, CIS Controls, Cyber Essentials, GDPR, and PCI DSS
- Experience with incident response, threat intelligence, and risk management in practice, not just on paper
- Sharp analytical and investigative instincts, and the communication skills to explain findings to non-technical stakeholders
- Certifications like Security+, CISSP, CISM, CEH, GIAC, or ISO 27001 Lead Implementer are a strong plus, though not a dealbreaker if your experience speaks for itself
What's in it for you
- Competitive salary with annual reviews
- Company pension scheme
- Private healthcare and wellbeing support
- Flexible and hybrid working
- Generous annual leave on top of bank holidays
- Sponsored certifications and ongoing professional development
- Real, enterprise-scale security work
- A clear path toward senior security, GRC, or security architecture roles
- A workplace that actually values input from its security team
Why this role
You'd be stepping into a position where your work genuinely matters, protecting live business operations against real, evolving threats, with the tools and support to do it properly. If you're ready to grow your career somewhere that takes security seriously, we'd like to hear from you.
Pay: $95,000.00 - $107,000.00 per year
Benefits:
- 401(k)
- Dental insurance
- Health insurance
- Life insurance
- Vision insurance
Work Location: In person