Senior Security Analyst

Senior Security Analyst

Glasgow | Personal Contract (dependent on skills and qualifications)

Full-time | Hybrid

Competitive pension scheme – Enhanced maternity/paternity pay – Life assurance – HolidayPlus – Cycle2work Scheme & more

RE 5277

We’re seeking a technical Senior Security Analyst to lead threat detection, incident response, and control validation across various cloud security platforms such as, but not exclusive to, Microsoft security suite, AWS workloads, CNAPP and CrowdStrike. You’ll drive operational benchmarking, automate reporting, and ensure UK compliance alignment (NCSC CAF, ISO 27001, NIST etc…)

• Make final calls during incidents or policy debates, train and guide junior analysts
• Handle complex threats, lead incident response, and shape security policy
• Oversee and lead investigations across various cloud security suites
• Develop and maintain KQL-based detection rules, hunting queries, and alert tuning strategies.
• Coordinate incident response playbooks across hybrid environments, including AWS EC2, Lambda, and containerized workloads.
• Contribute to the operational deployment and oversight of AI‑driven security tooling, ensuring alignment with threat detection, SOC workflows and UK compliance standards
• SOC workflows and UK compliance standards
• Operational Benchmarking & Reporting
• Build automated dashboards with tooling such as Power BI or Grafana, integrating various security tooling suites
• Benchmark SOC metrics (MTTD, MTTR, alert fidelity etc…) against UK peers and internal SLAs.
• Deliver structured weekly reports with versioning and audit traceability.
• Security Control Validation
• Validate endpoint coverage across EDR/XDR platforms ensuring telemetry integrity and policy enforcement.
• Integrate various security tooling into health dashboards.
• Drive remediation workflows with engineering teams to close gaps in control coverage.
• Threat Intelligence & Attribution
• Oversee the correlation of internal telemetry with external feeds (e.g., MISP, Recorded Future, Microsoft TI).
• Map adversary TTPs using MITRE ATT&CK, and produce attribution matrices for major incidents.
• Track UK‑relevant threats, including supply chain risks and sector‑specific campaigns.
• Coaching & Continuous Improvement
• Mentor analysts in cloud and endpoint telemetry interpretation.
• Lead tabletop exercises and purple team simulations using various tool sets
• Contribute to SOC maturity assessments and continuous improvement initiatives.

• 5+ years in SOC or incident response roles, with strong hands‑on experience in Microsoft security suite, AWS Security Services, and other EDR/XDR/CNAPP platforms
• Proficient in KQL, PowerShell, and Python for automation and enrichment.
• Experience with AWS IAM, GuardDuty, Security Hub, CloudTrail, and Config.
• Strong understanding of UK compliance frameworks (NCSC CAF, ISO 27001, GDPR).
• Familiarity with threat intel platforms, STIX/TAXII, and TTP mapping.

Research shows some people – particularly women and those from underrepresented backgrounds – may hesitate to apply unless they meet every criteria. At SGN, we value diverse backgrounds, experiences and perspectives.

If this role interests you but you’re not sure you tick every box, we’d still love to hear from you. You might be just who we’re looking for – now or in the future.

SGN is a leader in pioneering research and development toward a net‑zero energy system. Our cutting‑edge technologies and innovative thinking are driving change in the gas industry, all while keeping people safe and warm.

About us | Benefits | Diversity and inclusion

If you require any accommodations or support during the application process, reach out to us. We're here to help ensure an inclusive and accessible experience for everyone.

https://www.youtube.com/watch?v=7Q_sWyz7KEI