Cyber MXDR Analyst

Join our global team of extraordinary technologists!

Ready to elevate your career to new heights with an industry-leading technology consultancy? Look no further than BUI – a distinguished Microsoft Azure Expert MSP, Microsoft Solutions Partner for the Microsoft Cloud, and Microsoft Security Experts MXDR Partner. We focus on delivering cutting-edge solutions across Cloud, Security, Networking, and Managed Services, and we cater to mid-market and enterprise-level organisations on a global scale.

At BUI, we’re guided by three foundational principles: innovation, delivery, and results. As a member of our team, you would work with exceptional architects, consultants, developers, engineers, and security experts to create sophisticated IT solutions that empower our customers to modernise, transform, and propel their businesses forward.

Cyber MXDR Analyst

A Cyber MXDR Analyst is highly detail-oriented, with a strong focus on accuracy and consistency. This trait is essential for monitoring logs, triaging alerts, and following standard operating procedures without missing critical indicators.

You are also calm under pressure, able to maintain composure during high-severity incidents and respond with urgency in a methodical and structured manner, even in a 24/7 shift-based environment. Reliability and a process-driven mindset are crucial.

Cyber MXDR Analysts serve as the first line of defence in a Security Operations Centre (SOC), monitoring security alerts, performing triage, and escalating incidents to minimize organizational risk. This function operates around the clock, using SIEM and EDR platforms to analyse environments, investigate threats, respond to incidents, report findings, and contribute to continual improvement efforts.

Threat Monitoring & Triage:

• Monitor, triage, and respond to alerts from SIEM, EDR, tickets, email, and phone
• Perform initial analysis to assess severity and impact
• Categorise events using threat intelligence and playbooks
• Escalate incidents to Cyber MXDR Consultants or customers as required
• Meet Service Level Agreement (SLA) targets such as Mean Time to Triage (MTTT) and Mean Time to Respond (MTTR)

Incident Response & Investigation:

• Conduct incident investigations and support active response efforts
• Collaborate with Cyber MXDR Consultants and Senior Consultants during escalations
• Participate in incident and vulnerability management processes
• Correlate vulnerabilities with known threats and assess potential exposures
• Document investigation steps, outcomes, and lessons learned

Security Operations & Optimisation:

• Recommend improvements to SOC/MXDR processes, procedures, and policies
• Provide input on tuning detection rules, alert logic, and reducing false positives
• Identify ineffective alerts and suggest enhancements
• Support evaluation and troubleshooting of security solutions and infrastructure
• Follow SOPs for incidents, problems, and change management

Collaboration, Communication & Reporting:

• Communicate effectively with customers, teammates, and management
• Maintain customer build documents, security procedures, and process documentation
• Contribute to monthly reporting and participate in client meetings
• Engage in team briefings, handovers, and Microsoft Teams channels for situational awareness

Continuous Learning:

• Stay current with emerging threats, attack techniques, and regulatory requirements
• Participate in training, simulations, and knowledge-sharing workshops

• A bachelor’s degree/diploma in a relevant area with a preference for Information Security, Computer Science, or Computer Engineering.
• Amazon Web Services:
• CLF-C02 AWS Certified Cloud Practitioner
• EC-Council:
• CEH – Certified Ethical Hacker
• CompTIA:
• Network+
• Security+
• CYSA+ - Cybersecurity Analyst
• Microsoft:
• AZ-900 – Azure Fundamentals
• MS-900 – Microsoft 365 Fundamentals
• SC-900 – Security, Compliance, and Identity Fundamentals
• SC-200 – Security Operations Analyst
• Linux Professional Institute (LPI):
• 010-160 – Linux Essentials
• Python Institute:
• PCEP – Certified Entry-Level Python Programmer
• Qualys:
• Vulnerability Detection and Response (VMDR)
• Cyber Security Asset Management (CSAM)
• Scanning Strategies and Best Practices

Security Monitoring & Detection:

• Monitor and analyse alerts using Microsoft Sentinel
• Respond to Malware and Targeted attacks using Microsoft Defender XDR and Microsoft Sentinel
• Use IDS/IPS tools to detect suspicious activity
• Perform log analysis and Windows event log reviews
• Support basic network and host forensics

Infrastructure & Network Fundamentals:

• Administer and troubleshoot Windows and Linux systems
• Understand networking infrastructure and protocols (TCP/IP, FTP, HTTPS, SSH)
• Work with firewalls and security stack devices
• Support the Change Management processes

Vulnerability & Threat Management:

• Use vulnerability scanning tools (Nessus, Qualys)
• Conduct network scans with tools like NMAP
• Apply knowledge of CVSS/CMSS scoring systems
• Track vulnerabilities and mitigation efforts to support programme effectiveness

Tooling, Scripting & Troubleshooting:

• Use packet analysis tools (Wireshark, Carbon Black)
• Write basic scripts in Python or Bash for automation and analysis
• Troubleshoot issues and perform root cause analysis
• Leverage SharePoint and Power BI for documentation and reporting.