Security Analyst - SIEM

About The Role

The Security Analyst (SIEM) will be a key member of the Security Team, responsible for the ownership, management, and operational effectiveness of our cloud-based Security Information and Event Management (SIEM) solution. This role will be crucial in ensuring the proactive identification, analysis, and response to potential security threats across our technology environment, including cloud infrastructure and endpoint devices. The Security Analyst will leverage the SIEM to enrich security logs, develop and refine alerting rules, and investigate security incidents. Reporting directly to the Chief Executive Officer, the role holder will be a critical contributor to broader security projects and initiatives, supporting the overall security posture of the organisation.

Security Analyst - Key responsibilities:

SIEM Ownership and Management:

• Serve as the primary point of contact for all matters relating to the SIEM solution.
• Manage the day-to-day operation and configuration of the cloud-based SIEM platform, ensuring its optimal health, availability, and performance.
• Oversee the onboarding of new log sources from our infrastructure, cloud services, and endpoint devices.
• Collaborate with the Systems Team to ensure proper log collection and forwarding to the SIEM.
• Manage SIEM configurations and settings to align with security best practices and organisational needs.
• Maintain comprehensive documentation of the SIEM architecture, configurations, and processes.

Alerting and Incident Response:

• Develop, tune, and maintain SIEM correlation rules and use cases to detect relevant security events and potential threats within our environment.
• Monitor and analyse security alerts generated by the SIEM, prioritising and investigating them according to established procedures.
• Lead the initial triage and investigation of security incidents identified through the SIEM.
• Collaborate with the Systems Team and other relevant stakeholders to contain, eradicate, and recover from security incidents.
• Document security incidents, investigations, and remediation actions.
• Contribute to the development and improvement of incident response plans and procedures.

Log Analysis and Threat Intelligence:

• Perform in-depth analysis of security logs to identify suspicious activity, anomalies, and potential security weaknesses across our systems, including cloud infrastructure and endpoints.
• Stay up-to-date with the latest security threats, vulnerabilities, and attack techniques relevant to modern technology environments.
• Integrate threat intelligence feeds with the SIEM to enhance detection capabilities.
• Proactively identify potential security risks and recommend mitigation strategies based on SIEM analysis.

Security Project Support:

• Provide security expertise and support for various security projects and initiatives.
• Assist in the implementation and configuration of new security tools and technologies.
• Support security audits and compliance efforts, including providing data and evidence from the SIEM.
• Contribute to the development and maintenance of security policies and procedures.
• Contribute to security risk assessments and vulnerability management activities.

Collaboration and Communication:

• Collaborate with the wider Security Team on security governance, compliance, and risk management activities.
• Communicate security findings and recommendations clearly and effectively to both technical and non-technical audiences, including providing updates to the board of directors as required.
• Work closely with the Systems Team to ensure the effective integration of the SIEM with infrastructure, cloud services, and endpoints.
• Participate in security team meetings and provide updates on SIEM activities.

Security Analyst - You:

• Are passionate about cyber security and continuous learning.
• Have the ability to remain calm and effective under pressure during security incidents.
• Are proactive and self-motivated with a strong sense of ownership.
• Have strong ethical standards and commitment to data privacy.

Security Analyst - Skills and Experience:

• Proven experience (typically 3+ years) in a security operations role with a strong focus on SIEM administration and incident response.
• Strong understanding of security principles, common attack vectors, and mitigation techniques relevant to modern IT environments, including cloud and endpoint security.
• Experience with log analysis and security event correlation from diverse sources.
• Familiarity with endpoint operating systems (including macOS) and cloud environments (AWS preferred).
• Understanding of security frameworks and compliance standards relevant to the healthcare industry (e.g., NHS Data Security and Protection Toolkit, ISO 27001, GDPR).
• Excellent analytical and problem-solving skills with meticulous attention to detail.
• Strong communication and interpersonal skills, with the ability to collaborate effectively with technical and non-technical teams.
• Experience with SIEM platforms (experience with LogPoint is desirable but not essential; experience with other leading SIEM solutions like Splunk Cloud, Microsoft Sentinel, QRadar on Cloud will be considered).
• Ability to work independently and as part of a team in a fast-paced environment.

Desirable Skills and Experience:

• Relevant security certifications such as Security+, CySA+, CEH, AWS Certified Security – Specialty, or vendor-specific SIEM certifications (including LogPoint).
• Experience with scripting languages (e.g., Python, Bash) for automation and analysis.
• Familiarity with threat intelligence platforms and frameworks.
• Experience with vulnerability scanning and penetration testing tools.
• Knowledge of healthcare-specific security considerations.

Benefits

We offer a phenomenal working environment, exciting opportunities to learn new skills, and an excellent package of benefits including:

• private health insurance
• Pension (enhanced after successful completion of probation)
• personal training and conference budget
• onsite gym
• parking, including EV charging points
• life assurance
• 25 days annual leave plus bank holidays (with the option to buy or sell annual leave after probation is completed)

Hours and Location

The position is for a full time member of our team, 37.5 hours, Monday to Friday, 9am to 5pm.

Collaboration is one of our four company values - we work best together. We believe there is significant benefit from working face to face when doing so. At the same time, some work may be carried out just as effectively alone and away from the office. We have therefore created a flexible ‘place of work’ policy that asks everyone to be where the work of the day is best completed and overall spend enough time in the office with others to maintain relationships and communication.

This means there are no fixed days, or number of days, when you should be in the office or can work at home. In any given week you may need to work from the office everyday or no days! It all depends on the work being done and you are expected to be flexible. Many people find this approach means they work in the office 3 or more days a week but this varies according to role and the work they have to do.

Our Place of Work policy is available on request.

The role involves occasional travel.

You must be eligible to live and work in the UK. This role is not eligible for sponsorship by Mayden for a skilled worker visa. We are therefore unable to accept applications from individuals who would require an employer to sponsor them for a work permit.

How to apply

Please upload your CV and a covering letter describing your interest in the role and sharing a little about what you would bring to the team and to Mayden. We look forward to hearing from you!

We will review applications as they arrive and this role will therefore close upon receipt of applications reaching our limit or making a successful offer to a candidate.

Please note that successful applicants will be asked to complete a basic DBS check as part of their onboarding process. These checks are processed by the Disclosure and Barring Service (DBS) and will be paid for by Mayden. The need for DBS screening follows requirements from our customers and NHS England.

About Us

Mayden is a growing software company, awarded the 2024 EntreConf Employer and Health and Wellbeing awards and previous Development Team of the Year at the UK IT industry awards. We love that the work we do makes a difference in healthcare, changing what’s possible for clinicians and patients.

Mayden has a flat management structure and a coaching culture, with team members working together and supporting one another to make things happen.

Accessibility best practices and standards are important to us and our customers, you don’t have to have experience in all of these, just a willingness to learn.