Amentum is seeking a talented and motivated CySOC Analyst to join our growing cyber security team. In this role, you will play a critical part in protecting operational technology (OT) environments that underpin essential services and infrastructure.

Working within a fast-paced and collaborative Security Operations environment, you will be responsible for proactively monitoring systems, identifying potential threats, and supporting the response to cyber security incidents. Your work will directly contribute to safeguarding critical systems, maintaining operational resilience, and reducing organisational risk.

This is an exciting opportunity to develop your expertise in cyber security operations while working with modern tools, threat intelligence, and a team dedicated to continuous improvement and innovation.

• Proactively monitor security tools and SIEM platforms to detect and investigate suspicious activity.

• Triage and analyse security alerts across network and system environments.

• Identify anomalies and potential threats through log and behavioural analysis.

• Support incident response activities, including containment, remediation, and recovery.

• Escalate high-risk events in line with established procedures.

• Conduct vulnerability and risk analysis to identify weaknesses and emerging threats.

• Contribute to the tuning and optimisation of SIEM rules and detection capabilities.

• Support compliance, audit, and security assurance activities.

• Produce clear, concise reports on incidents, trends, and risks.

• Collaborate with IT, engineering, and cyber teams to improve security processes and playbooks.

• A degree in Cyber Security, Computer Science, Information Technology, or a related field, or equivalent practical experience.

• Experience in cyber security, IT, or a related technical role, or a combination of education and hands-on experience.

• An understanding of security operations, including monitoring, threat detection, and incident response.

• Knowledge of network architectures, common vulnerabilities, and security best practices.

• Awareness of risk, compliance, and security standards within Defence or other regulated environments (e.g. JSP 440, JSP 453).

• Experience working with security technologies such as SIEM, IDS/IPS, or endpoint protection tools.

• Ability to monitor and analyse security events, investigate alerts, and assess their potential impact.

• Confidence identifying and escalating potential threats, with experience supporting incident response activities such as containment and recovery.

• Understanding of vulnerability management, including identifying system weaknesses and configuration issues.

• Familiarity with threat intelligence and how it can be used to support security analysis and risk assessment.

• Experience contributing to risk assessments and supporting the implementation or validation of security controls.

• Ability to produce clear, accurate reports and communicate effectively with both technical and non-technical stakeholders.

• Familiarity with recognised security frameworks such as MITRE ATT&CK, NIST, or ISO 27001 would be beneficial.

• Experience or interest in areas such as threat hunting, SIEM optimisation, or attacker tactics and techniques (TTPs) is advantageous.

• Awareness of operational technology (OT) or industrial control systems (ICS) environments is beneficial.

• Strong analytical thinking and problem-solving skills, with the ability to manage and prioritise multiple tasks.

• Clear communication skills and a structured, detail-focused approach to work.