SecOps Analyst

SecOps Analyst

Posted 4 days ago by GCS

Apply
Negotiable
Undetermined
Undetermined
England, UK
Apply
Burp Suite Certified Information Systems Security Professional (CISSP) Cyber Incident Response Cyber Security DevOps External Auditing Financial Services Kali Linux Linux Log Analysis Management Metasploit Nessus Open Source Development Oracle Linux Patch Management Penetration Testing Python (Programming Language) Social Engineering Splunk Stakeholder Management Vulnerability Vulnerability Assessments

Summary: A leading financial services firm is seeking an experienced Information Security Analyst SME to enhance their cybersecurity team. The role focuses on hands-on activities such as penetration testing, threat hunting, and incident response, requiring deep expertise in vulnerability assessment and strategic threat defense. The successful candidate will work to protect high-value assets by proactively identifying and mitigating evolving threats.

Key Responsibilities:

  • Perform web application and network penetration testing using manual and automated tools (eg Burp Suite, Metasploit, Qualys, Python, Kali Linux).
  • Collaborate with engineering and DevOps teams to triage, prioritise, and remediate vulnerabilities.
  • Simulate real-world attack scenarios using open-source tooling and custom scripts to assess system resilience.
  • Support third-party penetration tests and ensure alignment with compliance frameworks and regulatory requirements.
  • Use the MITRE ATT&CK framework to assess advanced persistent threats (APTs), model risks, and enhance defensive measures.
  • Implement and manage SIEM solutions (eg Splunk, QRadar), performing daily log analysis and threat investigations.
  • Lead vulnerability scanning, patch management, and remediation using tools like Nessus and Qualys.
  • Conduct proactive threat hunting across assets to detect and mitigate suspicious activities.
  • Respond to security incidents, perform forensic investigations, and reduce downtime and impact.
  • Analyse and reverse-engineer malware, producing detailed intelligence reports for internal stakeholders.
  • Drive internal phishing campaigns and user awareness training, increasing employee resilience to social engineering.

Key Skills:

  • Strong background in penetration testing, threat detection, and incident response
  • Hands-on experience with Burp Suite, Kali Linux, Metasploit, Python, and Qualys/Nessus
  • Familiarity with frameworks such as MITRE ATT&CK, NIST, and regulatory standards (eg ISO 27001, PCI-DSS)
  • Experience with SIEM implementation and analysis
  • Comfortable working in fast-paced, cross-functional environments
  • Excellent documentation and reporting skills for audit, compliance, and remediation tracking

Salary (Rate): undetermined

City: undetermined

Country: UK

Working Arrangements: undetermined

IR35 Status: undetermined

Seniority Level: undetermined

Industry: IT

Detailed Description From Employer:

Job Description:

A leading [Financial Services/SaaS/Analytics/Enterprise] firm is seeking an experienced Information Security Analyst SME to join their growing cybersecurity team. This is a hands-on role for a candidate who excels in penetration testing, threat hunting, and incident response-bringing deep expertise in vulnerability assessment and strategic threat defence.

You'll work at the cutting edge of cybersecurity, helping to protect high-value assets through proactive identification and mitigation of evolving threats.

Key Responsibilities:

  • Perform web application and network penetration testing using manual and automated tools (eg Burp Suite, Metasploit, Qualys, Python, Kali Linux).

  • Collaborate with engineering and DevOps teams to triage, prioritise, and remediate vulnerabilities.

  • Simulate real-world attack scenarios using open-source tooling and custom scripts to assess system resilience.

  • Support third-party penetration tests and ensure alignment with compliance frameworks and regulatory requirements.

  • Use the MITRE ATT&CK framework to assess advanced persistent threats (APTs), model risks, and enhance defensive measures.

  • Implement and manage SIEM solutions (eg Splunk, QRadar), performing daily log analysis and threat investigations.

  • Lead vulnerability scanning, patch management, and remediation using tools like Nessus and Qualys.

  • Conduct proactive threat hunting across assets to detect and mitigate suspicious activities.

  • Respond to security incidents, perform forensic investigations, and reduce downtime and impact.

  • Analyse and reverse-engineer malware, producing detailed intelligence reports for internal stakeholders.

  • Drive internal phishing campaigns and user awareness training, increasing employee resilience to social engineering.


Skills & Experience Required:

  • Strong background in penetration testing, threat detection, and incident response

  • Hands-on experience with Burp Suite, Kali Linux, Metasploit, Python, and Qualys/Nessus

  • Familiarity with frameworks such as MITRE ATT&CK, NIST, and regulatory standards (eg ISO 27001, PCI-DSS)

  • Experience with SIEM implementation and analysis

  • Comfortable working in fast-paced, cross-functional environments

  • Excellent documentation and reporting skills for audit, compliance, and remediation tracking


Desirable Certifications:

  • CEH, OSCP, CISSP, GIAC, or equivalent (not mandatory but a strong plus)

GCS is acting as an Employment Business in relation to this vacancy.

Apply
Similar Jobs
Loading data...