Security Operations Lead

Job Title: Security Operations Lead
Location: Cardiff, Wales
Salary: £35,000.00 per annum.
Department: Information Security & Compliance
Reports To: Head of Information Security


Reporting to the Head of Information Security, the Security Operations Lead’s role is to monitor, investigate, and where appropriate remediate, potential security incidents. These incidents may arise from various cloud or on site based platforms, from our Cardiff Bay office.

Main responsibilities:

• Develop and implement Security Operations Procedures
• Develop, implement and measure Key Performance Indicators
• Managing Creditsafe SOC staff
• Developing, implementing and maintaining security orchestration and automation playbooks
• Gathering evidence for forensic analysis by CyberSecurity engineers
• Analyse infrastructure and application incidents prioritising those which could be classified as a security breach
• Investigate incident cause and potentially gather evidence for further action
• Escalate relevant incidents to the appropriate team for either further investigation or immediate action
• Advise management and stakeholders on patterns of activity and remediation actions to prevent future incidents
• Represent the Information Security team on the CSIRT
• Involvement with product and infrastructure development to advise of security implications
• Involvement in project work to replace or improve current security tooling stack
• Contribute to and help improve the documentation and processes contained within the Information Security Management System
• Documenting and improving the training provided to current and future SOC team members


• Analysis, pattern spotting, and problem solving skills
• Ability to apply critical thinking and prioritisation to incidents
• Keen and quick learner of new and emerging technologies
• Clear communicator to security literate and non-security literate stakeholders
• Understanding of the CSIRT process (e.g. FIRST CSIRT framework)
• Understanding of cybersecurity attack frameworks (e.g. MITRE ATT&CK)
• Knowledge of current threat landscape
• Knowledge of cybersecurity related analysis tools (e.g. Wireshark, Nmap, Burpsuite, Kali)
• Knowledge of current Windows/Linux server and desktop operating systems
• Knowledge of Cisco networking equipment (e.g. Firewalls, routers and switches)

Qualifications desired:

• CompTIA Security +
• CompTIA CyberSecurity Analyst +
• Cisco CCNA
• CREST Cyber Security Incident Response
• Microsoft Certified: Azure Security Engineer Associate
• Microsoft 365 Certified: Security Administrator Associate
• AWS Cloud Practitioner
• ITIL v4 Foundation