Cyber Security Analyst

Hybrid (1 day per week in office in London)

£50,000 – £60,000 + benefits

An established, high‑growth SaaS business is looking for a Cyber Security Analyst to join their expanding InfoSec function. This is a newly created role with strong backing from the leadership team and a clear roadmap: completing SOC 2, achieving ISO 27001, and maturing security and compliance across the organisation.

The role

You will:

• Support day‑to‑day information security operations
• Triage and manage SOC alerts escalated from an external monitoring provider (no 24/7 shift work)
• Coordinate with an outsourced IT provider and internal engineering teams to drive resolution of security issues
• Contribute to implementation and ongoing maintenance of ISO 27001
• Maintain and improve security policies, standards and procedures
• Support risk assessments and control testing across the business
• Help align with other frameworks/standards (e.g. SOC 2, NIST)
• Identify opportunities to automate and streamline processes (e.g. alerting, access request workflows, evidence collection/deletion)

This is not a pure penetration testing or highly hands‑on engineering role; it sits at the intersection of security operations and GRC, with a strong advisory/consultative element.

Tech & environment

• Cloud‑native environment, primarily AWS (with some Azure integrations)
• Heroku and modern SaaS tooling
• External SOC and outsourced IT function
• Google Workspace (experience beneficial but not essential)

What we’re looking for

• ~3–4+ years’ experience in information security
• Hands‑on exposure to ISO 27001 (implementation and/or maintenance), or a similarly highly regulated environment (e.g. PCI, SOC 2)
• Broad understanding of security controls (MFA, firewalls, AV, logging, access management, etc.)
• Experience working with cloud environments (AWS strongly preferred; Azure experience also considered)
• Strong written and verbal communication skills; comfortable engaging non‑technical stakeholders and giving practical advice
• Ability to manage a busy workload and contribute in a fast‑moving, scaling environment
• Curious, proactive mindset – someone who brings ideas, suggests improvements, and enjoys shaping how things are done

Nice to have:

• Experience with Python and/or PowerShell (or similar) for basic automation and scripting
• Familiarity with SOC 2 and/or NIST frameworks
• Prior experience in a SaaS or product‑led tech company

Growth & development

• Direct mentoring from a seasoned security leader
• Opportunity to shape a growing security function from an early stage
• Scope to specialise over time – either further into security engineering (e.g. pen testing, cloud security engineering) or deeper into GRC and compliance

Working pattern

• Hybrid: typically 1 day per week in the London office (flexible)
• Increased in‑person time during the first 2–3 months to build relationships and get up to speed
• Occasional visits to a Leeds office for audits, testing and collaboration
• Standard Monday–Friday office hours; no formal on‑call rota at present

If this sounds like a good fit, apply today and one of the team will be in touch to run through the details.