Job Description
Join our team at the Guardian and be a part of a diverse and inclusive global organisation that delivers fearless, investigative journalism, and holds power to account. Our team of award-winning journalists, cutting-edge commercial professionals, and industry-leading digital experts are committed to making a difference and represent a wide range of backgrounds and perspectives. We offer a challenging and exciting environment for career development, with a focus on training, growth and fostering an inclusive culture. We are now looking for a Security Operations Centre Analyst to join our Information Security team. The Security Operations Centre (SOC) Analyst will support the detection, investigation and response to cyber security threats across The Guardian's global digital estate. Working alongside the Security Operations Team, MSSP and wider Information Security team, the role will help strengthen operational security capabilities, improve threat visibility and contribute to the continuous evolution of Guardian security operations. This role is suited to a security professional who is passionate about threat detection, incident response and security operations, and who is eager to contribute to building a modern, intelligence-led security capability. The role is based in London but will support the US East Coast timezone specifically, so working hours will be 2pm - 10pm UK time, Monday - Friday. About the role Triage, investigate and respond to security alerts, events and incidents, ensuring timely containment, remediation and closure. Act as the primary operational liaison with the MSSP, validating findings, improving service quality and ensuring effective security monitoring and incident response. Conduct proactive threat hunting across endpoint, network, identity and cloud environments to identify suspicious or malicious activity. Develop, tune and optimise detection rules, SIEM use cases and correlation logic to improve threat visibility and monitoring effectiveness. Investigate security events across on-premise and cloud environments, including AWS, GCP and Entra ID. Analyse threat intelligence, emerging threats and incident trends to assess relevance to The Guardian's threat landscape and identify improvements to detection and response capabilities. Identify gaps in monitoring and detection coverage, recommending and implementing improvements based on threat intelligence, incident learnings and changes to the technology estate. Support vulnerability prioritisation and remediation by correlating threat activity, exploitability and business risk. Investigate and respond to Data Loss Prevention (DLP) alerts as part of identifying, containing and mitigating potential data security incidents. Drive continuous improvement of SOC capabilities through automation, process optimisation, metrics, post-incident reviews and the enhancement of runbooks, playbooks and operational procedures. About you Experience working within a Security Operations Centre (SOC), incident response, threat detection or cyber security operations environment. Experience investigating security alerts and incidents using SIEM, EDR and other security monitoring technologies. Ability to assess, prioritise and respond to security incidents based on business risk and operational impact. Strong understanding of modern cyber threats, attack techniques and adversary behaviours, including familiarity with the MITRE ATT&CK framework. Experience analysing security events across endpoint, network, identity and cloud environments. Experience working with Managed Security Service Providers (MSSPs) or outsourced security operations functions. Knowledge of threat hunting, threat intelligence and detection engineering principles. Strong analytical and problem-solving skills, with the ability to interpret complex technical information and identify root causes. Able to analyse data, identify trends and make informed, evidence-based decisions Commitment to continuous learning and staying current with emerging threats, technologies and security best practices. We actively encourage applications from groups traditionally underrepresented in the UK media We operate in a hybrid environment working 3 days a week from our offices in Kings Cross and 2 days a week remotely. We value and respect all differences (seen and unseen) in all people. We aspire to have inclusive working experiences and an environment that reflects the audience we serve, where our people have equal access to career development opportunities, their voices are heard and can contribute to our future. We actively encourage applications from people of all backgrounds. Many of our staff work flexibly and we will consider all requests for flexible working arrangements. How to apply To apply, please upload your latest CV. We don’t require a cover letter but we will ask you a question about information security as part of your application, which should take less than 5 minutes to complete. We apprec
Helpful guides: Getting Into IT and Technology: An Entry-Level Guide · 5 Things Tech Employers Actually Care About at Entry Level