The role
As a Senior CSIRT Analyst you will play a key role in G-Research’s Cyber Security Incident Response Team (CSIRT), specialising in cloud detection and response across AWS and hybrid environments.
You will investigate, respond and proactively hunt for threats across a diverse technology landscape, including high-performance compute clusters, Kubernetes and containerised infrastructures, and corporate Windows environments.
You will use cloud-native security tooling and multi‑SIEM operations, such as Elastic, Azure, AWS, to strengthen detection and response capabilities. You will also participate in purple team and red team exercises, continuously validating and improving the team’s effectiveness against advanced adversaries.
As a senior member of the team, you will also mentor junior analysts, contribute to automation initiatives and support the on‑call escalation rota for out‑of‑hours response.
Key responsibilities
- Investigating and responding to complex security incidents across cloud, hybrid, and on‑premise environments
- Proactively hunting for threats and developing detection logic across SIEM and cloud security systems
- Participating in red and purple team exercises to test, validate and enhance detection and response capabilities
- Developing and maintaining automation workflows using tools such as Tines and Python
- Collaborating with engineering teams to improve log ingestion, detection rules and platform reliability
- Mentoring and supporting junior analysts through knowledge sharing and technical guidance
- Participating in the on‑call escalation rota for out‑of‑hours incidents
- Improving CSIRT processes, playbooks and threat models
Who are we looking for?
The ideal candidate will have the following skills and experience:
- Significant experience in cyber incident response, detection engineering or SOC and CSIRT operations
- Strong cloud security expertise across AWS and Azure, including hands‑on incident investigation
- Proficiency with SIEM platforms and log analysis
- Experience with red and purple team exercises and adversary simulation
- Knowledge of containerised environments and cloud‑native infrastructure security
- Programming or scripting experience, preferably in Python, and exposure to automation platforms
- Strong understanding of modern attack techniques, threat actors and the MITRE ATT&CK framework
- Experience mentoring or leading within a security operations environment
- Strong analytical skills with the ability to investigate complex threats, identify root causes and operate effectively under pressure
- Collaborative approach with the ability to work across teams while supporting and developing others
- Proactive mindset with an interest in automation and continuously improving detection and response
Why should you apply?
- Highly competitive compensation plus annual discretionary bonus
- Lunch provided (via Just Eat for Business) and dedicated barista bar
- 30 days’ annual leave
- 9% company pension contributions
- Informal dress code and excellent work/life balance
- Comprehensive healthcare and life assurance
- Cycle‑to‑work scheme
- Monthly company events
#J-18808-Ljbffr