# Cyber Security Analyst - Bicester > NHS job listing from Job Clerk for South Central Ambulance Service NHS Foundation Trust. ## Canonical URLs - **HTML:** https://www.jobclerk.com/job/cyber-security-analyst-bicester/ea1b405f-f129-48a7-87a5-0749a89fa7ea - **Markdown:** https://www.jobclerk.com/job/cyber-security-analyst-bicester/ea1b405f-f129-48a7-87a5-0749a89fa7ea.md ## Summary - **Status:** Live - **Employer:** South Central Ambulance Service NHS Foundation Trust - **Town:** Bicester - **Region:** South East - **Country:** England - **Profession:** Administrative and IT - **Grade:** Band 7 - **Salary:** £49,387 - £56,515 pa pro rata per annum - **Contract type:** Permanent: Predominately Office based, but hybrid may be considered after probation and training. Please note we are not able to offer Visa sponsorship for this role - **Employment type:** Full time, Part time, Flexible working, 37.5 hours per week - **Closing date:** 2026-06-22T23:59:00.000Z - **Posted:** 2026-06-08T07:01:49.197Z - **Source information URL:** https://www.healthjobsuk.com/job/UK/Oxfordshire/Bicester/South_Central_Ambulance_Service_NHS_Foundation_Trust/Cyber_Security/Cyber_Security-v8064423 - **Application URL:** https://apps.trac.jobs/job-advert/8064423?ShowJobAdvert=&feedid=9002 - **Employer website:** https://www.scas.nhs.uk ## Job Content ### Job overview Band 7 Cyber Security Analyst (SOC & SIEM Lead) Join us and help define what great looks like We are looking for an experienced Cyber Security Analyst to take a leading role in developing and running our Security Operations (SOC) and SIEM capability. This role is ideal for someone who brings experience of well-established cyber operations and can apply that knowledge to strengthen and evolve our detection and response capability in a complex NHS environment, where patient safety and operational continuity are critical. You will work with tools including Sophos Intercept X and Secureworks Taegis, while helping shape our future SOC model. Beyond tooling, you will play a key role in establishing effective, sustainable ways of working aligned to recognised good practice. ### Main duties of the job What you will do - Lead the day-to-day operation and ongoing development of our SOC and SIEM capability - Own and continuously improve detection use cases, alerting, triage, and response processes - Act as a technical lead for monitoring and detection, ensuring controls are effective, proportionate, and aligned to risk - Investigate and respond to security incidents, providing clear, risk-based analysis and recommendations - Use threat intelligence and operational insight to continually improve detection capability - Provide meaningful reporting and assurance on SOC performance and cyber posture - Support the evolution of our future SOC model, including partnership working where required - Provide guidance and mentoring to colleagues, helping to build capability and embed effective SOC and incident response practices across the team. Why this role matters - You will play a key role in strengthening our cyber resilience - You will have real ownership and influence over how SOC services are delivered - Your work directly supports frontline ambulance services and patient care - You will help build a capable, sustainable internal cyber function ### Detailed job description and main responsibilities You will bring: - Experience working within a well-established SOC or cyber defence function - Proven ability to lead or significantly shape SIEM/SOC operations - A clear understanding of effective detection engineering and incident response practices - Experience configuring, tuning, and optimising SIEM and endpoint security tooling (e.g. Sophos, Secureworks, or equivalent) - The ability to take ownership and drive improvements, not just operate existing processes - Strong analytical and communication skills, with the ability to provide clear, actionable insight - Experience supporting or mentoring others, with the ability to share knowledge and raise overall team capability Relevant certifications (e.g. CISSP, CISM, GIAC or equivalent) are desirable, but practical experience and demonstrable impact are more important. You’re likely a good fit if: - You’ve worked in a SOC where effective processes and standards are already embedded - You enjoy improving how things work, not just operating them - You’re comfortable acting as a technical lead and trusted point of reference You take pride in developing others and promoting good practice. Please see Job Description and Person Specification for full details. ## Job Details Band 7 Cyber Security Analyst (SOC & SIEM Lead) Join us and help define what great looks like We are looking for an experienced Cyber Security Analyst to take a leading role in developing and running our Security Operations (SOC) and SIEM capability. This role is ideal for someone who brings experience of well-established cyber operations and can apply that knowledge to strengthen and evolve our detection and response capability in a complex NHS environment, where patient safety and operational continuity are critical. You will work with tools including Sophos Intercept X and Secureworks Taegis, while helping shape our future SOC model. Beyond tooling, you will play a key role in establishing effective, sustainable ways of working aligned to recognised good practice. ## Job Description What you will do Lead the day-to-day operation and ongoing development of our SOC and SIEM capability Own and continuously improve detection use cases, alerting, triage, and response processes Act as a technical lead for monitoring and detection, ensuring controls are effective, proportionate, and aligned to risk Investigate and respond to security incidents, providing clear, risk-based analysis and recommendations Use threat intelligence and operational insight to continually improve detection capability Provide meaningful reporting and assurance on SOC performance and cyber posture Support the evolution of our future SOC model, including partnership working where required Provide guidance and mentoring to colleagues, helping to build capability and embed effective SOC and incident response practices across the team. Why this role matters You will play a key role in strengthening our cyber resilience You will have real ownership and influence over how SOC services are delivered Your work directly supports frontline ambulance services and patient care You will help build a capable, sustainable internal cyber function ## Responsibilities You will bring: Experience working within a well-established SOC or cyber defence function Proven ability to lead or significantly shape SIEM/SOC operations A clear understanding of effective detection engineering and incident response practices Experience configuring, tuning, and optimising SIEM and endpoint security tooling (e.g. Sophos, Secureworks, or equivalent) The ability to take ownership and drive improvements, not just operate existing processes Strong analytical and communication skills, with the ability to provide clear, actionable insight Experience supporting or mentoring others, with the ability to share knowledge and raise overall team capability Relevant certifications (e.g. CISSP, CISM, GIAC or equivalent) are desirable, but practical experience and demonstrable impact are more important. You’re likely a good fit if: You’ve worked in a SOC where effective processes and standards are already embedded You enjoy improving how things work, not just operating them You’re comfortable acting as a technical lead and trusted point of reference You take pride in developing others and promoting good practice. Please see Job Description and Person Specification for full details. ## Person Specification ### Skills **Essential** - Demonstrable experience in ICT/ Information Security Role - Strong interpersonal skills & able to develop and maintain effective and credible relationship with business leaders and supplier management. - Excellent working knowledge of all MS Office applications. ### Knowledge **Essential** - Knowledge of relevant information security and privacy related legislation and regulation – such as Data Protection Act 2018, Freedom of Information Act, etc. - Working knowledge of the Data Security and Protection Toolkit (DSPT) - Knowledge if IT systems implementation. ### Qualifications **Essential** - Masters level degree or equivalent level of experience - Hold a security recognised qualification (e.g CISSP, CIPR) ## Documents - [scas values (pdf, 595.1kb)](https://www.healthjobsuk.com/documents?edoc=2563) - [cyber security analyst (pdf, 2.2mb)](https://www.healthjobsuk.com/documents?vdoc=10355069) - [benefits of working for scas (pdf, 78.2kb)](https://www.healthjobsuk.com/documents?edoc=2551) - [guidance notes for applicants (pdf, 138.9kb)](https://www.healthjobsuk.com/documents?edoc=2556) ## Agent Notes - This Markdown page is generated from the same Job Clerk job record as the HTML job detail page. - Use the canonical HTML URL for user-facing references. - Use the application URL when the user wants to apply on the source NHS site.