Senior Security Operations Analyst is a subject matter expert in cyber incident response, threat hunting, and advanced security analysis. This role provides senior technical leadership within the Security Operations Centre (SOC), acting as a trusted escalation point for complex incidents and advanced investigations.
The Senior Analyst leads the development, refinement, and implementation of SOC processes, playbooks, and detection capabilities. While not a people manager, the role exercises strong operational leadership through mentorship, technical guidance, and contribution to continuous improvement across SOC operations.
Advanced Security Monitoring & Detection
- Perform advanced monitoring and analysis across enterprise networks, cloud platforms, endpoints, and security tooling.
- Act as a senior escalation point for complex or high-impact security events.
- Conduct in-depth investigation of anomalous activity to identify advanced threats and emerging attack techniques.
Incident Response & Threat Hunting
- Lead Level 3 incident response activities, including containment, eradication, and recovery support.
- Execute proactive and reactive threat hunting leveraging advanced telemetry and intelligence sources.
- Perform advanced forensic analysis to support root cause analysis and post-incident reporting.
- Support Incident Commanders and SOC leadership during major incidents.
Threat Intelligence & Security Analysis
- Analyse threat intelligence to identify trends, adversary behaviour, and potential impacts to the organisation.
- Apply intelligence-led techniques to improve detection logic and SOC effectiveness.
- Contribute to the assessment of emerging cybersecurity threats and vulnerabilities.
SOC Process & Playbook Development
- Lead the development, maintenance, and continuous improvement of SOC playbooks, procedures, and workflows.
- Drive enhancements to incident response processes aligned to industry best practice.
- Contribute to the optimisation of SIEM, SOAR, and SOC tooling capabilities.
Leadership, Mentorship & Collaboration
- Provide technical leadership and mentoring to Level 1 and 2 SOC analysts.
- Support training, coaching, and skills uplift across the SOC team.
- Engage with internal technology teams, security specialists, and stakeholders to support effective security outcomes.
- Engage clients to increase their understanding of security and SOC services.
- Collaborate with clients where KPMG is assisting them in improve their security practices, or where KPMG is providing outsourced security services.
Requirements:
- Minimum 5 years experience in a Security Operations Centre, including senior analyst or Level 3 responsibilities.
- Demonstrated expertise in incident response and advanced threat hunting.
- Experience performing advanced threat intelligence and forensic analysis.
- Strong working knowledge of SIEM, SOAR, and SOC tooling.
- Experience developing and maintaining SOC processes and playbooks.
- Strong analytical, investigative, and written reporting skills.
- Proven ability to mentor and support junior analysts.
Desirable
- Professional services or consulting background in cyber or information security.
- Undergraduate qualification in a relevant technical discipline (e.g., Computer Science, Cyber Security, Software Engineering).
Certifications & Training (Preferred)
- Advanced or specialised certifications such as:
- CREST Registered Intrusion Analyst (CRIA)
- OSCP or equivalent offensive security certifications
- Microsoft Advanced Threat Hunting and Incident Response training
- Advanced forensics and threat intelligence training
- Industry-recognised certifications (e.g., Microsoft Azure Security, CompTIA Security+, ISC2).
- Demonstrated commitment to continuous professional development.
