Principal Cyber Security Analyst

We are seeking a Senior Cyber Security Analyst to serve as the main escalation point within our Security Operations Centre (SOC). This role requires a strong background in programming, security engineering, or offensive security, bringing a hacker mindset to security operations, threat hunting, and incident response.

The ideal candidate will have experience in penetration testing, scripting, automation, and security tooling development. You will also play a key role in mentoring junior analysts, enhancing SOC capabilities, creating Incident Management playbooks, and driving proactive security strategies

Requirements..

Key Responsibilities

Incident Detection & Response

• Act as the primary escalation point for advanced security incidents.
• Conduct deep forensic investigations, malware analysis, and threat assessments.
• Develop and refine incident response playbooks for cloud, network, and endpoint security.
• Perform reverse engineering of malware and suspicious binaries.
• Improve SOC automation through scripting and integration with SOAR platforms.

Threat Hunting & Offensive Security

• Lead proactive threat hunting using behavioural analytics and adversary TTPs.
• Design and execute controlled adversary emulations (Red Teaming/Adversary Simulation).
• Apply MITRE ATT&CK to develop proactive detection methodologies.
• Identify zero-day threats and develop detection signatures for SIEM, EDR, and IDS solutions.

Security Engineering & Automation

• Develop and optimise custom security tools and scripts in Python, PowerShell, Bash, and or Go.
• Engineer log analysis and automation workflows using SIEM, SOAR, and XDR solutions.
• Strengthen cloud security in AWS, Azure, and GCP with automated security controls.
• Harden containerised workloads and Kubernetes clusters against security threats.

Mentorship & Leadership

• Provide technical mentorship to Tier 1 and Tier 2 SOC analysts.
• Conduct hands-on training on exploit development, scripting, and threat hunting techniques.
• Drive SOC maturity by improving response workflows and automation.

Reporting & Compliance

• Generate detailed security reports and post-incident summaries for executive leadership using appropriate tools such as Power BI and Excel pivot tables.
• Ensure compliance with ISO 27001, NIST, CIS, ASD Essential 8, and MITRE D3FEND frameworks.

Key Skills & Qualifications

Technical Skills

• Programming & Automation – Proficiency in Python, Go, Rust, PowerShell, or Bash.
• Offensive Security – Experience with penetration testing, exploit development, or adversary emulation.
• SOC Operations – Expertise in SIEM (CrowdStrike NGSIEM, Splunk and LogScale), EDR (CrowdStrike), SOAR (Swimlane), IDS/IPS, and XDR platforms.
• Threat Intelligence & Reverse Engineering – Malware analysis, YARA rules, threat hunting.
• Cloud & DevSecOps – AWS/Azure/GCP security, Infrastructure-as-Code security, Kubernetes hardening.
• Network & System Security – Strong understanding of TCP/IP, DNS, HTTP, encryption, and OS internals.

Preferred Certifications (Not mandatory but highly desirable)

• OSCP, OSCE, OSEP, GXPN, GREM (For offensive security experience)
• GIAC GCIA, GCIH, GCFA, GMON (Forensics & SOC Operations focus)
• CISSP, CISM, CCSP (For broader security leadership roles)
• AWS Security Specialty, Azure Security Engineer (For cloud security expertise)

Soft Skills

• Strong analytical thinking and problem-solving skills.
• Ability to explain complex security threats to technical and non-technical stakeholders.
• Excellent collaboration skills for driving and working with red, blue, and purple teams.
• Passion for continuous learning and mentoring others

Experience in leading and running incident response efforts;

• Strong attention to detail;
• Analytical mindset;
• Fact and evidence oriented (never assume);
• ICT diploma or bachelor’s OR equivalent experience;
• Proven experience developing security monitoring and detection use cases;
• Proven experience with threat hunting including hypothesis development and methodologies;
• Proven experience with MITRE frameworks;
• Min of 2 years’ experience with Splunk Enterprise;
• Min of 1 year experience with Splunk Enterprise Security;
• Min of 1 year experience with CrowdStrike products;
• 3+ years’ experience working within Security Operations teams;
• Strong technical skills, with self-motivation to quickly learn new tools and products;
• Excellent communication skills both written and oral;
• Excellent interpersonal soft skills to build and maintain relationships with peers and clients.

Benefits

Why Join Us?

• Work with cutting-edge security technologies and offensive security tools.
• Career growth with certification support and mentorship opportunities.
• Flexible remote/hybrid work options.
• Be part of a high-impact security team protecting critical infrastructure.