Senior Security Operations Analyst

Job Title

Senior Security Operations Analyst Department Security Operations-BG-UK Overview of Department Purpose of Role As a Senior Security Operations Analyst at Baillie Gifford, you will be a pivotal member of our Security Operations team, driving innovation and continuously enhancing our detection and response capabilities. You will serve as the subject matter expert on threat detection, incident response, and security monitoring across our SIEM, SOAR, and EDR platforms.

In this role, you will leverage your technical proficiencies to research and comprehend modern tactics, techniques, and procedures (TTPs) and attack patterns, developing and implementing high-fidelity custom detections and validation frameworks. You will be responsible for detection engineering, creating custom detection rules that identify sophisticated threats whilst minimising false positives.

You will lead threat intelligence integration, ensuring our detection capabilities stay ahead of emerging threats. Your expertise will be crucial in threat hunting activities, proactively searching for indicators of compromise and advanced persistent threats. You will also play an integral role in incident response, acting as a senior responder within our CSIRT team and leading complex security incident investigations.

You will actively participate in red and purple team engagements, collaborating with offensive security teams to understand attack methodologies and enhance our defensive capabilities through the creation of custom detections based on these exercises.

Effective communication is essential. You will articulate complex security threats and incident findings to both technical and non-technical stakeholders across different departments, fostering a comprehensive and inclusive security culture. Responsibilities

As a Senior Security Operations Analyst, you will have a varied role, including, but not limited to, the following:

• Develop and improve detection capabilities through custom rule creation and validation testing
• Research emerging threat actors, TTPs, and attack patterns to enhance our detection coverage
• Lead threat hunting activities and proactive threat identification across our environment
• Integrate threat intelligence feeds into detection platforms and incident response processes
• Design and implement SOAR playbooks for automated threat detection and response
• Conduct complex security incident investigations and forensic analysis
• Validate detection effectiveness through attack simulation and testing methodologies
• Participate in red team and purple team engagements to enhance defensive capabilities
• Create custom detections based on red team exercise findings and attack simulations
• Mentor junior analysts in threat detection techniques and incident response procedures
• Participate actively in our cyber security incident response team (CSIRT) processes
• Collaborate with threat intelligence sources to understand relevant attack campaigns
• Optimise SIEM detection rules and reduce false positive rates through continuous tuning

Your Knowledge and Skills

• Extensive experience in threat detection, incident response, and security monitoring
• Deep understanding of attack methodologies, kill chains, and MITRE ATT&CK framework
• Strong experience in detection engineering and validation techniques
• Experience participating in red team or purple team exercises and translating findings into detections
• Proficiency with SIEM platforms (query languages like KQL, CQL) for detection rule creation
• Experience with SOAR platforms for automation and orchestration of security responses
• Hands-on experience with EDR solutions for endpoint threat hunting and investigation
• Knowledge of threat intelligence sources, indicators of compromise (IOCs), and threat actor TTPs
• Experience using PowerShell, Bash, Python, or similar scripting languages for automation
• Strong understanding of network protocols, log analysis, and forensic techniques
• Experience in threat hunting methodologies and proactive threat identification

Qualifications

• Security certifications (CySA+, SC-200, AZ-500, GCIH, GCFA, GCTI GNFA, CISSP) (Desirable)

The Type of Candidate That We're Looking For

You have extensive experience in cybersecurity operations with a focus on threat detection and incident response. You possess comprehensive knowledge of attack patterns, detection methodologies, and validation techniques essential for staying ahead of sophisticated threats.

You have strong proficiency in SIEM, SOAR, and EDR platforms, coupled with experience in scripting languages for automation and detection rule development. You can research and analyse emerging TTPs, implement custom detections, and validate their effectiveness through testing and simulation.

You are skilled in threat hunting techniques, forensic analysis, and incident response procedures. Your ability to integrate threat intelligence into operational security processes and create automated response workflows sets you apart. Experience with red team or purple team engagements and translating offensive techniques into defensive capabilities is highly valued.

You are a natural communicator able to explain complex threat scenarios and security incidents to both technical and non-technical stakeholders. You excel at mentoring junior team members and sharing knowledge about detection techniques and threat landscape developments.

You are comfortable leading incident response activities, conducting thorough investigations, and continuously improving our detection capabilities through research and innovation. Your passion for staying current with emerging threats and attack techniques drives continuous improvement in our security posture.

Working Pattern

This role operates during standard business hours (9-5) and is not shift-based work. On-call responsibilities may be required to support critical security incidents and response activities when necessary.

Critical Skills (not limited to)

• Data Literacy
• Digital Effectiveness
• Improvement Mindset
• Systems thinking
• Team Working

Closing Date August 4, 2025

At Baillie Gifford we are committed to fostering an inclusive and respectful culture in which each of our colleagues can thrive and develop. We believe that our clients are best served by a diverse workforce with the experiences, ideas and perspectives that this brings.

If you are currently working at Baillie Gifford as an employee or contractor please apply to this job from the firm's Workday internal career site.