Embedded Cyber Detection and Response Analyst

Control Risks

The Cyber Detection and Response Analyst supports day-to-day detection, investigation, and response activities as part of a Cyber Detection and Response Team (DART). This is a hands-on technical role focused on identifying, analysing, and responding to cyber threats across the client’s environment, working closely with Security Engineering and broader security stakeholders.

This role will be a part of a 24/7 team and cover one of two shifts: Sunday-Thursday 9:00 am-5:00 pm GMT or Tuesday-Saturday 9:00 am-5:00 pm GMT

Requirements

Responsibilities

  • Monitor, triage, and investigate security alerts and events across endpoint, network, cloud, and identity systems.
  • Support incident response activities including analysis, containment, remediation, and documentation.
  • Execute established incident response playbooks and contribute to their continuous improvement.
  • Perform threat hunting activities to identify potential compromises and gaps in detection coverage.
  • Leverage threat intelligence to inform investigations and detection tuning.
  • Collaborate with Security Engineering to tune detection logic and improve security controls.
  • Produce clear, concise incident reports and support root cause analysis and remediation efforts.
  • Support on-call rotations and escalation processes as part of a 24/7 detection and response capability.

Qualifications

  • 3–5 years of experience in cybersecurity, with a focus on incident response, SOC operations, or cyber defense.
  • Hands-on experience with SIEM, EDR/XDR, and log analysis tools (e.g., Splunk, Sentinel, CrowdStrike).
  • Practical understanding of incident response methodologies and frameworks such as MITRE ATT&CK and NIST.
  • Familiarity with threat hunting, malware analysis, or forensic investigation techniques.
  • Exposure to cloud environments (AWS, Azure, or GCP) and modern enterprise architectures is preferred.
  • Strong analytical and problem-solving skills, with the ability to communicate technical findings clearly.
  • Relevant certifications (e.g., Security+, GCIH, GCIA, or equivalent) are a plus.