SecOps Analyst

Job Title: MDA Security Operations (SecOps) Engineer

Clearance: DV required or ability to obtain

Location: Portsmouth

About the Role

We are seeking a hand-on Security Operations (SecOps) Engineer to secure and operate a MoD-hosted private cloud environment and its associated services.

You will play a key role in active defence of live services, combining security, vulnerability management, platform hardening, and operational security assurance.

You will work across infrastructure, platform and data layers to ensure systems are secure, compliant and resilient within a highly governed environment.

Key Responsibilities

Monitor and respond to security events, alerts and incidents across cloud, platform, and application layers.
Execute vulnerability scanning, patch assurance and configuration compliance checks.
Maintain security tooling such as SIEM, EDR, vulnerability scanners, and cloud-native controls.
Support ISO 27001 control operation and evidence collection.
Ensure compliance with MoD security standards including JSP 440 and SbD requirements.
Support internal/external audit, accreditation and remediation activities.
Maintain secure configurations, firewall rules, access control policies, and logging standards.
Provide security assurance during change, deployment and release activities.
Support improvement of SecOps processes, SOPs and monitoring automation.

Essential Skills

Experience operating within a Security Operations or SecOps function
Hands-on experience with SIEM (e.g. ELK), EDR and vulnerability tooling
Experience securing Linux and Windows environments
Understanding of ISO 27001 and secure configuration principles
Experience supporting cloud or virtualised platforms (e.g. VMware)
Ability to investigate and respond to security incidents
Strong understanding of operational security within governed environments
Eligible for DV clearance

Desirable

Experience in MOD or classified environments
Automation experience (Ansible, Terraform, scripting)
Experience with Nessus/Tenable or similar tools
Familiarity with JSP 440/441/453 and NCSC guidance

Role Purpose

To deliver security operations for a private cloud platform, ensuring systems are actively monitored, vulnerabilities are managed, and services remain secure, compliant and resilient.

Key Responsibilities

Security Monitoring & Response

Monitor SIEM, EDR and platform telemetry.
Investigate alerts and perform incident triage and escalation.
Conduct structured incident response activities.

Vulnerability & Patch Management

Execute vulnerability scans and interpret results.
Prioritise remediation based on risk and impact.
Track and verify remediation activities.

Platform Security Engineering

Maintain secure configurations across:
VMware / virtualisation platforms.
Linux and Windows systems.
Network security controls (firewalls, proxies).
Support least privilege and zero-trust principles.

Security Tooling & Automation

Operate and maintain SIEM, EDR and scanning tools.
Improve detection rules and alert quality.
Contribute to automation of security processes.

Compliance & Assurance

Support ISO 27001 control operation and evidence collection.
Maintain audit trails and configuration baselines.
Support JSP 440/441/453 compliance and accreditation.

Change & Release Security

Assess changes for security impact.
Ensure deployments meet security requirements.
Support secure-by-design implementation.

Documentation & Continuous Improvement

Maintain SOPs, runbooks and incident documentation.
Contribute to improvement of SecOps processes and tooling.

Essential Experience & Skills

Experience in Security Operations or SecOps.
SIEM, EDR and vulnerability management tooling experience.
Strong Linux/Windows security and administration knowledge.
Experience securing virtualised or cloud platforms.
Understanding of ISO 27001 controls and audit processes.
Ability to investigate and resolve security incidents.
Awareness of networking and infrastructure security.

Desirable

MOD or defence environment experience.
Knowledge of JSP 440/441/453.
Automation/scripting (Python, Bash, PowerShell).
Experience with VMware NSX-T, vSphere.
Security certifications (CISSP, Security+, GIAC etc.).

Guidant, Carbon60, Lorien & SRG - The Impellam Group Portfolio are acting as an Employment Business in relation to this vacancy
Only candidates based in UK and eligible to work in UK are allowed