Principal Security Analyst

We are seeking a Principal Security Analyst to join our cyber security operations team in a senior hands-on role focused on advanced detection, investigation, incident response, automation, AI-enabled SOC uplift, and continuous improvement.

This role operates at a senior or L3 capability level within the Security Operations Centre. You will act as a key escalation point for complex security events, lead high-impact investigations, improve detection and response capability, and provide technical guidance to analysts across the team. You will report to the Cyber Operations Team Lead and work closely with analysts at all levels, incident response leads, and cross-functional stakeholders including Group GRC.

A key part of the role is identifying opportunities to use AI, automation, and improved tooling to reduce manual effort, improve investigation quality, accelerate triage, and support consistent analyst decision-making while maintaining appropriate human oversight and security governance.

What You’ll Do

• Lead investigation and response to complex or high-severity security incidents, acting as the senior escalation point for SOC analysts.
• Conduct advanced threat hunting across enterprise, endpoint, identity, network, and cloud environments.
• Develop, tune, and improve detections across SIEM, EDR/XDR, cloud security, and identity platforms.
• Support digital forensic investigations, including endpoint, disk, memory, network, identity, and cloud evidence analysis.
• Develop automation and identify practical AI-assisted improvements across SOC workflows, including alert enrichment, triage, containment, reporting, and knowledge management.
• Improve incident response playbooks, runbooks, escalation criteria, and operating procedures.
• Build and maintain effective working relationships with Group GRC, supporting governance, compliance, and control validation activities as they relate to security operations.
• Produce clear investigation notes, incident reports, root cause analysis, and executive-ready summaries.
• Mentor junior and mid-level analysts through coaching, peer review, and knowledge sharing.

You are an experienced cyber security operations professional who takes ownership of complex investigations, makes sound decisions under pressure, and guides others during incidents. You are comfortable working across technical domains and can translate detailed findings into clear, actionable outcomes.

You Will Bring

• Significant hands-on experience in cyber security operations, SOC analysis, incident response, threat hunting, detection engineering, or a closely related field, operating at a senior analyst or L3 escalation level.
• Strong incident response experience across detection, containment, eradication, recovery, and lessons learned.
• Practical experience with SIEM platforms (e.g., Splunk, Microsoft Sentinel, or equivalent) and EDR/XDR platforms (e.g., CrowdStrike Falcon, Microsoft Defender XDR, or equivalent).
• Experience investigating activity across at least one major cloud platform (AWS, Azure, or GCP).
• Strong understanding of networking, common protocols, Windows and Linux operating systems, identity, and Active Directory environments.
• Experience using scripting or automation (e.g., Python, PowerShell, Bash, or similar).
• Familiarity with MITRE ATT&CK and its application in detection engineering, investigation, and threat hunting.
• Strong written and verbal communication skills, including the ability to produce clear technical reports and stakeholder updates.