SecOps Analyst

SecOps Analyst

Posted 1 day ago by GCS

Negotiable
Undetermined
Undetermined
England, UK

Summary: A leading financial services firm is seeking an experienced Information Security Analyst SME to enhance their cybersecurity team. The role focuses on hands-on activities such as penetration testing, threat hunting, and incident response, requiring deep expertise in vulnerability assessment and strategic threat defense. The successful candidate will work to protect high-value assets by proactively identifying and mitigating evolving threats.

Key Responsibilities:

  • Perform web application and network penetration testing using manual and automated tools (eg Burp Suite, Metasploit, Qualys, Python, Kali Linux).
  • Collaborate with engineering and DevOps teams to triage, prioritise, and remediate vulnerabilities.
  • Simulate real-world attack scenarios using open-source tooling and custom scripts to assess system resilience.
  • Support third-party penetration tests and ensure alignment with compliance frameworks and regulatory requirements.
  • Use the MITRE ATT&CK framework to assess advanced persistent threats (APTs), model risks, and enhance defensive measures.
  • Implement and manage SIEM solutions (eg Splunk, QRadar), performing daily log analysis and threat investigations.
  • Lead vulnerability scanning, patch management, and remediation using tools like Nessus and Qualys.
  • Conduct proactive threat hunting across assets to detect and mitigate suspicious activities.
  • Respond to security incidents, perform forensic investigations, and reduce downtime and impact.
  • Analyse and reverse-engineer malware, producing detailed intelligence reports for internal stakeholders.
  • Drive internal phishing campaigns and user awareness training, increasing employee resilience to social engineering.

Key Skills:

  • Strong background in penetration testing, threat detection, and incident response
  • Hands-on experience with Burp Suite, Kali Linux, Metasploit, Python, and Qualys/Nessus
  • Familiarity with frameworks such as MITRE ATT&CK, NIST, and regulatory standards (eg ISO 27001, PCI-DSS)
  • Experience with SIEM implementation and analysis
  • Comfortable working in fast-paced, cross-functional environments
  • Excellent documentation and reporting skills for audit, compliance, and remediation tracking

Salary (Rate): undetermined

City: undetermined

Country: UK

Working Arrangements: undetermined

IR35 Status: undetermined

Seniority Level: undetermined

Industry: IT

Detailed Description From Employer:

Job Description:

A leading [Financial Services/SaaS/Analytics/Enterprise] firm is seeking an experienced Information Security Analyst SME to join their growing cybersecurity team. This is a hands-on role for a candidate who excels in penetration testing, threat hunting, and incident response-bringing deep expertise in vulnerability assessment and strategic threat defence.

You'll work at the cutting edge of cybersecurity, helping to protect high-value assets through proactive identification and mitigation of evolving threats.

Key Responsibilities:

  • Perform web application and network penetration testing using manual and automated tools (eg Burp Suite, Metasploit, Qualys, Python, Kali Linux).

  • Collaborate with engineering and DevOps teams to triage, prioritise, and remediate vulnerabilities.

  • Simulate real-world attack scenarios using open-source tooling and custom scripts to assess system resilience.

  • Support third-party penetration tests and ensure alignment with compliance frameworks and regulatory requirements.

  • Use the MITRE ATT&CK framework to assess advanced persistent threats (APTs), model risks, and enhance defensive measures.

  • Implement and manage SIEM solutions (eg Splunk, QRadar), performing daily log analysis and threat investigations.

  • Lead vulnerability scanning, patch management, and remediation using tools like Nessus and Qualys.

  • Conduct proactive threat hunting across assets to detect and mitigate suspicious activities.

  • Respond to security incidents, perform forensic investigations, and reduce downtime and impact.

  • Analyse and reverse-engineer malware, producing detailed intelligence reports for internal stakeholders.

  • Drive internal phishing campaigns and user awareness training, increasing employee resilience to social engineering.


Skills & Experience Required:

  • Strong background in penetration testing, threat detection, and incident response

  • Hands-on experience with Burp Suite, Kali Linux, Metasploit, Python, and Qualys/Nessus

  • Familiarity with frameworks such as MITRE ATT&CK, NIST, and regulatory standards (eg ISO 27001, PCI-DSS)

  • Experience with SIEM implementation and analysis

  • Comfortable working in fast-paced, cross-functional environments

  • Excellent documentation and reporting skills for audit, compliance, and remediation tracking


Desirable Certifications:

  • CEH, OSCP, CISSP, GIAC, or equivalent (not mandatory but a strong plus)

GCS is acting as an Employment Business in relation to this vacancy.