24 x 7 Security Analyst

Job ID:43242
Location:LRQA Nettitude:Birmingham :1  
Position Category:Information Technology
Position Type:Employee Regular

About this role

The purpose of this role is to lead a team of SOC analysts, who are collectively operating on a 24/7/365 basis. This role reports to SOC Team Lead. As the SOC Senior Analyst, you will be accountable for the effective delivery of your tasks, ensuring expected performance standards while continuously developing your skills as part of a high trust, high performing security service.

You will leverage your experience in security operations to enable the smooth delivery of our award-winning defensive monitoring service, supporting proactive detection and response for clients across the globe.

You will be expected to work hands on technically, including deep dive investigations, incident response escalations, threat hunting, tuning detections, delivering technical training, and driving process and capability improvements.

Strong technical knowledge is essential to mentor junior analysts, develop their capabilities, and ensure the team remains at the forefront of security operations.  As part of your role, you will effectively manage, motivate, and develop SOC analysts to ensure high performance, engagement, and continuous professional growth across all shifts.

As a SOC Senior Analyst, you must proactively initiate actions and work independently to quickly mitigate threats, set an example, maintain operational continuity, make informed decisions, and ensure team efficiency under pressure.

The roles and responsibilities of the SOC Senior Analyst are reviewed annually to ensure alignment with current organisational needs, emerging threats, and industry best practice.

Collaboration with other teams

As Senior Analyst, you will be working closely with Threat Intelligence, Engineering and Incident Response teams as this is essential to strengthen the SOC’s ability to detect, investigate, and respond to emerging threats. This collaboration ensures timely sharing of actionable intelligence, refinement of detection rules, improvement of security tools, and alignment of operational processes, ultimately enhancing overall organizational security posture.

Continual improvement

This role drives continuous improvement within the SOC by identifying gaps in processes, detection capabilities, and team performance, and implementing solutions to enhance operational efficiency.

The Senior Analyst must work to refine triage and response workflows, ensuring that lessons learned are incorporated into updated playbooks and best practices

Role details

Senior Analyst & Operations Oversight:

• Lead day-to-day activities of the Senior SOC analysts across all shifts.
• Ensure all alarms/cases are reviewed and responded to within SLA by the team.
• Act as the first point of escalation for security events.
• Maintain and keep documentation up to date (including design specifications, diagrams and documentation for users).
• Complete all Halo Case files on time and with accurate and timely data/results.
• Aim to ensure high-quality incident triage and investigation following predefined and agreed SOC processes.

Key Performance Indicators, Service Level Agreements & Reporting:

• Key Performance Indicators (KPIs) are goals that must be achieved to demonstrate satisfactory or above performance for this job role. 
• KPIs will be monitored on an ongoing basis throughout each year and will be explored in further depth as part of the performance management process.
• Service KPIs/SLAs and deliverables are tracked, adhered to and any deviations remediated through root cause analysis and non-conformance.

Threat Detection:

• The analyst continuously monitors security alerts and logs across all customer environments using SIEM, EDR and other security and monitoring tools used by LRQA/Nettitude SOC Team.

Key responsibilities include:

• Review real‑time alerts and telemetry to identify suspicious activity or breaches.
• Analyse logs, network flows and endpoint data to validate alerts and understand threat context.
• Maintain and tune SIEM/SOAR correlation rules and endpoint detection signatures to reduce false positives and improve coverage.
• Triage and investigate unusual events to confirm incidents or dismiss benign anomalies.

Threat Hunting:

Proactively search for hidden threats and improve detection.

Responsibilities include:

• Lead hypothesis‑driven threat hunts across multiple client networks using telemetry, threat intelligence and the MITRE ATT&CK framework.
• Identify weak spots or blind spots in monitoring coverage and recommend new rules, queries or sensors to close them.
• Analyse Indicators of Compromise (IOCs) and emerging threat data to discover stealthy intrusions. Document hunting methods, findings and update detection content as needed.
• Use advanced analytics in SIEM/SOAR and EDR to dig deeper than automated alerts, leveraging both in‑house and public threat intelligence.

Management Reports:

• These management reports are written on Monthly, Bimonthly and Quarterly.
• The production of management reports is a shared responsibility between Senior and Junior Analysts. When a report is prepared by a Junior Analyst, a Senior SOC Analyst is responsible for carrying out the quality assurance review.
• When a report is prepared by a Senior SOC Analyst, the quality assurance must be completed by another Senior Analyst or the SOC Team Lead before the document is shared with the client.
• Due to the usual workload, the production of management reports is generally completed by the night shift, with support from the day shift when operationally feasible.
• The full procedure is described in the “MMR Production Process” documentation on Confluence.

Incident Handling & Escalation:

• Oversee the detection, validation, and containment of security incidents/alerts.
• When/if required provide technical guidance during live incidents and ensure appropriate escalation.

Quality Assurance & Process Improvement:

• Monitor analyst performance and quality of alerts handled or closed.
• Identify and eliminate false positives by identifying new fine-tuning detection rules in collaboration with the Team Leads and Engineering team.
• Recommend improvements to XDR/SIEM/SOAR configurations and workflows.

Reporting & Communication:

• Communicate important incidents to the Cybersecurity Leadership team as needed.
• Maintain clear documentation of:
• Incidents
• Lessons learned
• Operational notes.

Training & Mentoring:

• Mentor junior SOC analysts, helping them grow technically and operationally.
• Conduct on-the-job training, tabletop simulations, and after-action reviews.
• Identify skill gaps and propose training plans to the Team Lead and/or SOC Manager.

Compliance & Governance Support:

• Ensure analysts follow LRQA Cybersecurity established security policies, procedures, and SLAs.
• Help align SOC practices with frameworks (e.g., ISO 27001 & MITRE ATT&CK).
• Make sure incident documentation meets regulatory and audit requirements.

Collaboration:

• Work closely with Threat Intelligence, Vulnerability Management, and Incident Response teams to enhance detection capability.
• Collaborate with IT Operations and network teams for containment and recovery actions.
• Serve as the communication bridge between SOC analysts and Team Leads/SOC manager.
• Maintain regular verbal and written communication with customers, suppliers and internally as required.

Client Success:

• Client feedback is actively encouraged and serves as a key measure of success. Positive feedback reflects our achievements, while suggestions or complaints are reviewed with senior management to assess potential inclusion in service improvements.

Professional and Technical Requirements:

• Experience supporting incident management.
• Proficient in SIEM, EDR, XDR, EPP, and NetMon tools, including usage, configuration, architecture, and identifying a need for new rule creation.
• Skilled in analysing log data across multiple device types to support incident management.
• In-depth understanding of attack vectors, with the ability to distinguish normal from abnormal activity and recommend appropriate countermeasures and remediation.
• Proven experience working in complex, high-performing enterprise SOC/MSSP environments.
• Familiarity with offensive tools, techniques, and vulnerabilities, including Kali, Metasploit, Veil, MITRE ATT&CK, CVE, and OWASP frameworks.

Core Soft Skills & Emotional Intelligence:

• Strong soft skills, including effective communication, collaboration, and emotional intelligence, enabling clear stakeholder engagement and the ability to manage high-pressure situations with composure.

Pre-Employment Checks 

If you are successful in securing a role with us, we will carry out pre-employment checks in accordance with what is allowed under local law.  

These checks will include, (as permitted):- right to work, identification, verification of employment history, education, and criminal records.

We may involve the third-party supplier to run the background checks as needed and your data will be retained for a period as needed for the purpose of employing you. 

Your data will be stored in accordance with all relevant privacy legislation.  

Please contact us if you have any questions or concerns. 

Diversity and Inclusion at LRQA:

We are on a mission to be the place where we all want to work and we are passionate about embracing different perspectives because we understand the value this brings to our business, our clients and each other. We are all about creating a safer and more sustainable future and our inclusive culture is right at the heart of our business.

Together our employees make our communities better and we want you to be part of our diverse team!

LRQA is a leading global assurance provider.  The integrity and expertise we bring to our partnership with clients support their journey to a safer, more secure and more sustainable future. (Group entities).

Copyright © LRQA 2021. All rights reserved. Terms of use.  Privacy Policy.