Senior Security Analyst

Working in the Information Security team you will focus on Incident Response across the Next technology estate, with a particular focus on our Warehouse environment, responding to and investigating events generated by our security controls. You will work closely with Information Security's Vulnerability Management Team and other teams located at the warehouse, focusing on the warehouse specific technologies and identifying control and monitoring gaps among that technology.

You will be responsible for identifying improvement areas in processes, whether through Automation or Process driven. You will ensure that Security Incidents are promptly identified, contained and eradicated, working closely with IT, our security partners and the wider business to do so.

The successful candidate will be monitoring our SIEM and SOAR alongside other security controls to identify potential threats and then use all of the controls and resources at their disposal to determine what steps need to be taken to contain and eradicate confirmed threats.

Where necessary you will ensure that any forensic evidence is correctly captured and stored in case it is required for future reference. Following an incident you will work with other teams involved to identify opportunities to improve our controls and processes, making recommendations for addressing any lessons learned and implementing where appropriate. They will act as an escalation point for members of the team to elevate higher severity and higher complexity incidents.

You will also be expected to maintain an awareness of the changing threat landscape and industry standards. Proactively work with Vulnerability Management and Engineering to identify control gaps and alert opportunities to improve the security of our environment.

The role involves participating in a shift and call out rota to help ensure our environment is monitored and supported on a 24x7 basis.

A monthly visit to the Enderby Head Office in Leicester is required, with additional visits scheduled as needed by the business or management.

• Continuously monitor Next's technical security controls in order to promptly identify and investigate potential threats.
• Respond to Security Incidents ensuring prompt containment and recovery.
• Carry out forensic investigations following security incidents.
• Ensure all investigations and incidents are accurately logged and managed in our ITSM tool.
• Participate in lessons learned meetings and make recommendations for improvements to controls or processes ensuring these are implemented where agreed.
• Liaise with other IT Teams, business areas and 3rd Parties to aid in incident investigations and response.
• Ensure continuous awareness of new and emerging threats and understand the TTPs and their relevance to the Next environment.
• Identify false positives and tuning requirements for security controls and work with the Security Engineering team to implement improvements.
• Work with our Security Engineering and Vulnerability & Threat Management Team to test our controls and processes in order to proactively identify opportunities for improvement.
• Create and maintain operational procedures and technical documentation.
• Manage and maintain metrics and reporting to ensure the security threats and trends impacting our business are understood.

• Proven Information Security experience with a good understanding of analyst investigations.
• Strong analytical and troubleshooting skills within Windows and Linux environments
• Understanding of Information Security including malware, emerging threats, attacks, and vulnerability management.
• A team player who is hardworking and self‑motivated.
• Excellent attention to detail.
• Ability to remain calm under pressure and clearly communicate to all levels of management.
• Understand and operate change management processes.
• Experience using, configuring and maintaining common security tools such as EDR, IDS/IPS, SIEM, SOAR
• Experience working in a Security Operations Centre.

• Relevant industry recognised security qualification (i.e SANS 503, CySA+, Security+).
• Experience with security or compliance standards such as PCI‑DSS or ISO27001.
• Understanding and experience of working for a Retail company.
• Experience with Regex, Scripting
• Experience working in an Infrastructure or Network Operations Centre
• Experience conducting Digital Forensics investigations
• Understanding of Cloud based infrastructure
• Experience with Warehouse Processes and Technologies

You know Next, but did you know we're a FTSE‑100 retail company employing over 35,000 people across the UK and Ireland. We're the UK's 2nd largest fashion retailer and for Kidswear we're the market leader. At the last count we have over 500 stores, plus the Next Online and it's now possible to buy on‑line from over 70 countries around the world! So we've gone global!

• 25% off most NEXT, MADE*, Lipsy*, Gap* and Victoria's Secret* products (*when purchased through NEXT)
• Company performance based bonus
• Sharesave scheme
• 10% off most partner brands & up to 15% off Branded Beauty
• Early VIP access to sale stock
• Access a digital GP and other free health and wellbeing services
• Financial Wellbeing - Save, track and enhance your financial wellbeing
• Apprenticeship - Grow and develop on the job whilst gaining a qualification
• Direct to Work - Discount online and instore, collect your items the next day for free from your place of work or local store
• Support Networks - Access to Network Groups to empower and celebrate each other
• Wellhub - Discounted flexible monthly gym memberships, with apps, PT sessions and more

Conditions apply to all benefits. These benefits are discretionary and subject to change.

We aim to support all candidates during the application process and are happy to provide workplace adjustments when necessary. Should you need support with your application due to a disability or long‑term condition, feel free to get in touch with us by email headoffice_careers@next.co.uk (please include 'Workplace Adjustments' in the subject line), or call us on 0116 284 2486 and leave a voicemail.