Security Analyst (Tier 2)

Security Operations · Cardiff, Cardiff
Department Security Operations
Employment Type Full-Time

This role will support the Security Analyst (Tier 3) and Head of Security Operations in developing SOC & SOAR functions within Kocho, working closely with other teams as required to build services and solutions in accordance with both security good practice and client assurance requirements, including (but not limited to) Cyber Essentials and ISO27001.

The primary purpose of the Tier 2 Security Analyst role is to complete all operational SOC and SOAR activities as defined or advised by the Tier 3 Security Analyst and Head of Security Operations. The successful candidate will be responsible for contributing to the efficient and effective day to day running of the SOC considering people, processes and technology, ensuring that all client SLAs are met, and acceptable client satisfaction scores are achieved and maintained.

You will be required to assist with recruitment, mentoring and support activities, working with members of the Security Operations team to ensure all SOC & SOAR operational tasks are completed on time and work tickets updated / closed with satisfactory technical details included, and where appropriate escalate suspicious / malicious events to senior team members and Kocho or client incident response personnel in order to identify, contain and remediate active threats. You will also be required to develop and update operational documentation, as necessary.

Tier 2 Security Analysts will be comfortable engaging at both technical and non-technical levels, contributing as required in technical workshops and client briefings / service reviews. You will be working in an incredibly passionate environment, with great people in which you can actively contribute to develop and deliver our SOC & SOAR capability.

Key responsibilities of the role

Strategy and Leadership:

  • Tier 2 Security Analysts capable of maintaining performance within the Security Operations function.
  • Provide information and guidance on security matters as an Analyst within the SOC team.
  • Partner with stakeholders across Kocho and clients to raise awareness of Cyber Security Threats, Risks and imminent / active Cyber-Attacks.
  • Support Kocho technical workshops and networking events.

Technical Specialism:

  • Ability to understand and support the provision of Kocho security offerings such as Cyber Essentials, ISO27001 consultancy.
  • Ability to support the provision of appropriate and proportionate assurance relating to Security Operations managed services.
  • Ability to communicate in both technical and non-technical terms, tailoring approach to the audience.
  • Self-motivated learner of technologies and methodologies to support best practice.
  • Actively contributing to knowledge sharing across the business.

Security Operations:

  • Act as an operational point of contact during significant cyber security events
  • Assist in the support of major incident handling within the SOC, and where applicable for clients
  • Provide support and guidance regarding monitoring activities
  • Provide “hands on” resource, working to ensure Kocho objectives and client SLA targets are achieved.
  • Provide input and support for stakeholder communication.
  • Support other Security analysts and clients on rules/policies/filters/use cases and SOC tooling.
  • Assist with the implementation of improvements as part of on-going service enhancement or “lessons learned” following incident investigation (cause and affect).
  • Assist in the review of incident closures, post incident reports and act upon improvements identified
  • Contribute to team development through knowledge sharing, briefing and production of guides, incident scenarios and playbooks.
  • Show flexibility in developing knowledge of supporting areas and performing their responsibilities during times of operational need.
  • Maintain currency in relation to security concepts, tools and best practices
  • Willingness to work shifts (including unsociable hours and bank holidays) as part of 24x7 team working

Business Operations:

  • Ability to work effectively with internal systems such as Kimble, Teams, SharePoint and Office 365.
  • Effective personal resource and time management with a commercial approach to work.
  • Working remotely, on client site or other; applying an agile approach to business and client needs.

Delivery and KPIs:

  • Contribute to the full lifecycle of client solutions and service offerings, from proposition through to delivery and support.
  • Communicate technical solutions in a clear, and concise approach for a variety of audiences from both a technical and business background.
  • Contribute to well written and professional documentation, performance, and client reports.
  • Assist the Tier 3 Security Analyst and Head of Security Operations in development of new service offerings, procedures, techniques, and policies.
  • Assist in the recruitment, training, and development of the security operations team.
  • Promoting and practicing high quality outcomes across all aspects of work.

Skills and experience


  • Demonstrable experience of operating within a security operations function.
  • Strong IT Security knowledge, understanding the balance of business objectives and information security.
  • A technical understanding of the security components and their impact.
  • Good working knowledge of multiple SOC tooling including SIEM / SOAR
  • Good understanding of network methodologies and OSI Model layers.
  • Good understanding of network technologies, Routers, Switches, Firewalls, ID/IPS, WAF & Proxy’s etc.
  • Experience of working at technical levels within a SOC service.
  • Demonstrable ability to troubleshoot and fault find technical issues.
  • Knowledge of Cyber Essentials and ISO27001:2013 standards
  • Good communication and report writing skills.
  • Knowledge of Backup and Disaster Recovery methodologies.


  • Knowledge of Risk Assessment methodologies.
  • Knowledge of Business Continuity methodologies.
  • Experience in supporting and assisting a Senior Incident Responder.
  • PCI DSS V3 knowledge would be advantageous.
  • Experience with or understanding of Microsoft’s security stack, technologies - Microsoft Sentinel, Microsoft Defender suite etc.
  • Experience with or understanding IT Infrastructure - Windows / Linux Servers, Firewalls etc

Education & qualifications

  • ITIL V3
  • CompTIA Security (or equivalent)
  • CompTIA Network (or equivalent)
  • EC SOC Analyst or equivalent

Thank You

Your application was submitted successfully.

  • Location
    Cardiff, Cardiff
  • Department
    Security Operations
  • Employment Type