Cyber Security Analyst
Hybrid (1 day per week in office in London)
£50,000 – £60,000 + benefits
An established, high‑growth SaaS business is looking for a Cyber Security Analyst to join their expanding InfoSec function. This is a newly created role with strong backing from the leadership team and a clear roadmap: completing SOC 2, achieving ISO 27001, and maturing security and compliance across the organisation.
The role
You will:
- Support day‑to‑day information security operations
- Triage and manage SOC alerts escalated from an external monitoring provider (no 24/7 shift work)
- Coordinate with an outsourced IT provider and internal engineering teams to drive resolution of security issues
- Contribute to implementation and ongoing maintenance of ISO 27001
- Maintain and improve security policies, standards and procedures
- Support risk assessments and control testing across the business
- Help align with other frameworks/standards (e.g. SOC 2, NIST)
- Identify opportunities to automate and streamline processes (e.g. alerting, access request workflows, evidence collection/deletion)
This is not a pure penetration testing or highly hands‑on engineering role; it sits at the intersection of security operations and GRC, with a strong advisory/consultative element.
Tech & environment
- Cloud‑native environment, primarily AWS (with some Azure integrations)
- Heroku and modern SaaS tooling
- External SOC and outsourced IT function
- Google Workspace (experience beneficial but not essential)
What we’re looking for
- ~3–4+ years’ experience in information security
- Hands‑on exposure to ISO 27001 (implementation and/or maintenance), or a similarly highly regulated environment (e.g. PCI, SOC 2)
- Broad understanding of security controls (MFA, firewalls, AV, logging, access management, etc.)
- Experience working with cloud environments (AWS strongly preferred; Azure experience also considered)
- Strong written and verbal communication skills; comfortable engaging non‑technical stakeholders and giving practical advice
- Ability to manage a busy workload and contribute in a fast‑moving, scaling environment
- Curious, proactive mindset – someone who brings ideas, suggests improvements, and enjoys shaping how things are done
Nice to have:
- Experience with Python and/or PowerShell (or similar) for basic automation and scripting
- Familiarity with SOC 2 and/or NIST frameworks
- Prior experience in a SaaS or product‑led tech company
Growth & development
- Direct mentoring from a seasoned security leader
- Opportunity to shape a growing security function from an early stage
- Scope to specialise over time – either further into security engineering (e.g. pen testing, cloud security engineering) or deeper into GRC and compliance
Working pattern
- Hybrid: typically 1 day per week in the London office (flexible)
- Increased in‑person time during the first 2–3 months to build relationships and get up to speed
- Occasional visits to a Leeds office for audits, testing and collaboration
- Standard Monday–Friday office hours; no formal on‑call rota at present
If this sounds like a good fit, apply today and one of the team will be in touch to run through the details.
