Senior Cyber Security Analyst

As a Senior Cyber Security Analyst, you will be responsible for maintaining and continually improving Security Operations (SecOps) solutions, controls, and processes across Thames Water. Working closely with the SOC, third-party MSSPs, and a wide range of Digital and business stakeholders, you will help ensure security incidents are identified, prioritised, and remediated effectively.

This role plays a key part in strengthening Thames Water's cyber resilience by combining strong technical expertise with clear communication, structured incident management, and a risk-based approach to security. You will mentor SOC analysts, support incident readiness and response, and drive continuous improvement across SecOps capabilities to protect services critical to our customers and operations.

What you'll be doing as a Senior Cyber Security Analyst

• Investigate and respond to security alerts from SIEM platforms and third-party MSSPs, ensuring appropriate and timely incident response actions.
• Liaise with technology and business stakeholders during cyber security incidents, providing clear explanations of risks, impacts, and required actions.
• Support the Cyber Security Operations Lead during security and privacy incidents, including triage, coordination, and root cause analysis.
• Act as a key escalation point for the SOC and Thames Water Digital teams.
• Participate in a 24x7x365 on-call rota, supporting out-of-hours incident investigations alongside a third-party MSSP.
• Monitor, analyse, and optimise the performance of SecOps tooling (e.g. SIEM, PAM), recommending and implementing improvements.
• Develop, maintain, and improve SecOps documentation, processes, policies, and procedures.
• Collaborate with stakeholders to understand business requirements and implement proportionate, risk-based security controls.
• Maintain and integrate cyber security solutions across existing systems, applications, and infrastructure.
• Evaluate and recommend new security technologies, tools, and vendors aligned to business needs.
• Perform proactive threat hunting to identify emerging threats and vulnerabilities across the technology estate.
• Collect and analyse data to support cyber security metrics, dashboards, and reporting.
• Support compliance with industry standards and regulations such as GDPR, NIS, and ISO 27001.
• Stay current with industry trends, emerging threats, and best practices to continually enhance security operations.

Base location - Hybrid - Clearwater Court, Reading. Working pattern - 36 hours Monday to Friday (with on-call rota participation).

Experience in a technical cyber security role within an enterprise environment.

• Experience working in, or closely with, a Security Operations Centre (SOC).
• Strong analytical and problem-solving skills with the ability to triage and manage incidents in a structured manner.
• Experience working with third-party delivery partners and MSSPs.
• A risk-based mindset, with experience identifying, assessing, and remediating cyber risks in dynamic environments.
• Strong communication skills, including the ability to explain complex security issues to non-technical audiences.
• Good planning, organisation, and decision-making capabilities, with a focus on continuous improvement.

Technical experience and skills

• Strong understanding of IT infrastructure, networking, and end-user computing.
• Hands-on experience configuring and troubleshooting MFA, Privileged Access Management (PAM), and SIEM platforms.
• Proficiency with Microsoft security operations tools, particularly Microsoft Sentinel.
• Experience writing and tuning Kusto Query Language (KQL) queries and alerts.
• Familiarity with SecOps technologies such as SOAR, EDR/XDR, and identity and access management solutions.
• Ability to monitor, tune, and optimise security controls to reduce alert noise and improve response times., Familiarity with network security technologies such as NAC, firewalls, proxies/VPNs, IDS/IPS, and related controls.
• Experience mentoring or supporting analysts within a SOC or operational security team.
• Degree in Cyber Security, Computer Science, Information Technology, Engineering, or a related discipline.
• Microsoft security certifications such as SC-200 or AZ-900.
• Hands-on experience with Microsoft Defender and related Microsoft SecOps tooling.
• Industry-recognised cyber security certifications such as CISSP, CISM, or CCSP., Disability Confident About Disability Confident A Disability Confident employer will generally offer an interview to any applicant that declares they have a disability and meets the minimum criteria for the job as defined by the employer. It is important to note that in certain recruitment situations such as high-volume, seasonal and high-peak times, the employer may wish to limit the overall numbers of interviews offered to both disabled people and non-disabled people. For more details please go to .

At Thames Water, our purpose is crystal clear - to deliver life's essential service so our customers, communities and planet can thrive. Water is life's great leveller. Every living thing needs it, every single day. From people to plants, birds to bees, farms to factories, we all need it to thrive, and we're committed to taking care of it for us all. But keeping water flowing is becoming harder. From scorching summers to wetter winters, extreme weather affects everything from our pipes to our local rivers. We need to keep millions more kettles boiling, public services operating, washing machines spinning, showers running and more, so every drop is more precious than ever. Are you ready to play your part? Working at Thames Water At Thames Water we recognise that people are at the heart of our business. To help us succeed in providing life's essential service, we need a range of skills and capabilities, representative of society throughout our business. We seek to attract and retain a cultural mix of people who can offer different but complementary attitudes, values, talents, and knowledge. We understand the importance of appreciating and harnessing the unique skills, experiences, background, and differences that each individual brings. Our over-arching diversity and inclusion aim is to ensure Thames Water is a diverse and inclusive great place to work. We encourage applications from everyone and offer extra support for those who need it throughout the recruitment process. Find out more about working at Thames Water. When a crisis happens, we all rally around to support our customers. As part of Team Thames, you'll have the opportunity to sign up to support our customers on the frontline as an ambassador. Full training will be given for what is undoubtedly an incredibly rewarding experience. It's also a great opportunity to learn more about our business, meet colleagues and earn some extra money along the way. Disclaimer: due to the high volume of applications we receive, we may close the advert earlier than the advertised date, so we encourage you to apply as soon as possible to avoid disappointment.