Cyber Security Analyst - Bicester

Job overview

Band 7 Cyber Security Analyst (SOC & SIEM Lead)

Join us and help define what great looks like

We are looking for an experienced Cyber Security Analyst to take a leading role in developing and running our Security Operations (SOC) and SIEM capability.

This role is ideal for someone who brings experience of well-established cyber operations and can apply that knowledge to strengthen and evolve our detection and response capability in a complex NHS environment, where patient safety and operational continuity are critical.

You will work with tools including Sophos Intercept X and Secureworks Taegis, while helping shape our future SOC model. Beyond tooling, you will play a key role in establishing effective, sustainable ways of working aligned to recognised good practice.

Main duties of the job

What you will do

• Lead the day-to-day operation and ongoing development of our SOC and SIEM capability
• Own and continuously improve detection use cases, alerting, triage, and response processes
• Act as a technical lead for monitoring and detection, ensuring controls are effective, proportionate, and aligned to risk
• Investigate and respond to security incidents, providing clear, risk-based analysis and recommendations
• Use threat intelligence and operational insight to continually improve detection capability
• Provide meaningful reporting and assurance on SOC performance and cyber posture
• Support the evolution of our future SOC model, including partnership working where required
• Provide guidance and mentoring to colleagues, helping to build capability and embed effective SOC and incident response practices across the team.

Why this role matters

• You will play a key role in strengthening our cyber resilience
• You will have real ownership and influence over how SOC services are delivered
• Your work directly supports frontline ambulance services and patient care
• You will help build a capable, sustainable internal cyber function

Detailed job description and main responsibilities

You will bring:

• Experience working within a well-established SOC or cyber defence function
• Proven ability to lead or significantly shape SIEM/SOC operations
• A clear understanding of effective detection engineering and incident response practices
• Experience configuring, tuning, and optimising SIEM and endpoint security tooling (e.g. Sophos, Secureworks, or equivalent)
• The ability to take ownership and drive improvements, not just operate existing processes
• Strong analytical and communication skills, with the ability to provide clear, actionable insight
• Experience supporting or mentoring others, with the ability to share knowledge and raise overall team capability

Relevant certifications (e.g. CISSP, CISM, GIAC or equivalent) are desirable, but practical experience and demonstrable impact are more important.

You’re likely a good fit if:

• You’ve worked in a SOC where effective processes and standards are already embedded
• You enjoy improving how things work, not just operating them
• You’re comfortable acting as a technical lead and trusted point of reference

You take pride in developing others and promoting good practice.

Please see Job Description and Person Specification for full details.