Cyber Workflow Analyst

About The Position

Requirements

• Experience in a Security Operations Centre (SOC) as a senior member of incident response, or cyber defence analyst roles.
• Hands-on familiarity with any SOAR or workflow automation platforms such as Chronicle SOAR, Tines, Torq, or FortiSOAR etc.
• Understanding of incident response workflows and how automation supports triage, enrichment, and response.
• Strong attention to detail and ability to spot inconsistencies or issues in process execution.
• Scripting or logic comprehension (e.g., Python or JSON) to understand playbook logic and outputs.
• Excellent verbal and written communication skills, particularly for knowledge transfer and documentation.
• Comfortable with stakeholder engagement and feedback loops across analysts, engineers, and management.

Nice To Haves

• Experience with vendor attached workflow automation (Such as Crowdstrike Fusion etc).
• Experience managing SIEM, EDR, and threat intelligence platforms.
• Exposure to metrics, dashboarding, or data analysis tools (e.g., Kibana, Power BI, product specific dashboards).
• Experience delivering user training or onboarding and documentation.
• Familiarity with audit and compliance processes related to security automation.
• Relevant certifications such as CompTIA Security+, GCIH, or equivalent.

Responsibilities

• Monitoring daily execution of workflow automation and SOAR playbooks to ensure accuracy, completeness, and consistency with operational objectives.
• Performing quality assurance reviews of case data to confirm correct use of automated workflows.
• Providing structured feedback to development teams on playbook performance and identifying opportunities for refinement.
• Delivering onboarding and refresher training sessions to clients on the correct use of playbooks and workflows.
• Updating and maintaining playbook usage guides, workflow documentation, and training materials.
• Reviewing and updating operational metadata within workflow platforms to ensure clarity, usability, and audit-readiness.
• Tracking key metrics such as playbook adoption rates, success/failure trends, and enrichment consistency.
• Creating regular reporting and dashboards that illustrate playbook return on investment (ROI), user activity, and operational coverage.
• Supporting audit requests by maintaining accurate and up-to-date documentation of playbook usage and decisions.
• Working closely with client-side security and operations teams to encourage a culture of automation awareness and continuous improvement.

Benefits

• ☀️ Time Off: 25 days annual leave + public holidays
• 🎂 Birthday Leave: One extra day off to celebrate
• 💰 Company Pension Scheme
• 📞 Employee Assistance Programme (EAP) for wellbeing support
• 🏃‍♀️ EkcOlympics: Global team activity challenges
• 📚 Unlimited access to Pluralsight for continuous development
• 🌱 Real opportunities to grow, including international progression