Security Analyst - Environment

This role is focused on providing rapid detection, triage, and initial investigation of security alerts and incidents across multiple client environments. You will be the first point of contact for potential security events, ensuring timely escalation and accurate documentation to support deeper forensic analysis and incident resolution, working in our 24x7x365 Manchester based SOC.

Key Responsibilities

• Monitor SIEM dashboards and security tools (e.g., Microsoft Sentinel, Microsoft Defender for Cloud) for alerts, anomalies, and suspicious activity.
• Perform initial triage to validate alerts, assess severity, and determine escalation paths.

• Execute first-line incident response actions, including containment steps (e.g., isolating endpoints, blocking malicious IPs).
• Document all findings and actions taken in accordance with DFIR best practices.
• Escalate complex incidents to 2nd/3rd line DFIR teams with detailed evidence and timelines.

• Collect and preserve volatile data (e.g., memory captures, log exports) for forensic analysis.
• Assist in evidence handling and chain-of-custody documentation.
• Support phishing and malware investigations by extracting indicators and preparing reports.

• Conduct basic packet inspection and log analysis to identify indicators of compromise (IOCs).
• Fine-tune SIEM rules and alert thresholds to reduce false positives and improve detection accuracy.

• Ensure adherence to SLAs, SOC processes, and regulatory requirements.
• Produce clear, concise incident reports for internal teams and clients.

• Provide guidance to junior analysts and assist with knowledge transfer.
• Work closely with Cyber Security, IT operations, and client stakeholders during investigations.

• Hands-on experience with SIEM and Threat Detection tools (Microsoft Sentinel & Defender for Cloud preferred).
• Exposure to DFIR principles and incident handling methodologies.
• Understanding of common attack vectors, malware types, and network protocols.
• Strong documentation and reporting skills for incident timelines and evidence logs.
• Familiarity with ITIL principles and ability to apply them in SOC operations.
• Comfortable working in a 24x7 shift environment and responding to high‑pressure situations.
• UK SC clearance (or ability to obtain).

• Basic scripting (Power Shell, Python, KQL) for automation of triage tasks.
• Knowledge of MITRE ATT&CK framework and its application in detection engineering.
• Experience with phishing analysis and malware sandboxing tools.

Why people choose to grow their careers at UBDS Group

Professionals choose to grow their careers at UBDS Group for its reputation as a dynamic and forward‑thinking organisation that is deeply committed to both innovation and employee development. At UBDS Group, employees are given unique opportunities to work on cutting‑edge projects across a diverse range of industries, exposing them to new challenges and learning opportunities that are pivotal for professional growth.

The Group’s culture emphasises continuous improvement, offering ample training programs, mentorship, and the chance to gain certifications that enhance their skills and marketability.

UBDS Group fosters a collaborative environment where creativity and innovation are encouraged, allowing employees to contribute ideas and solutions that have a tangible impact on the company and its clients. This combination of professional development, a culture of innovation, and the opportunity to make meaningful contributions makes UBDS Group an attractive place for those looking to advance their careers and be at the forefront of technological and operational excellence.

• Training – All team members are offered a number of options in terms of personal development, whether it is technical led, business acumen or methodologies. We want you to grow with us and to help us achieve more
• Private medical cover for you and your spouse/partner, offered via Vitality
• Discretionary bonus based on a blend of personal and company performance
• Holiday – You…