Rodeo
ResourcesPartnersSign in

Made Tech

Lead Security Analyst

Manchester
£65k – £80k/yr
Posted about 20 hours ago
Sign up to applySee more jobs like this

How your CV stacks up

1Upload CV
2Analyse CV
3Improve CV

Upload your CV to see how well it fits this job role

?%

Made Tech helps UK public sector organisations build and run better digital services. Our Cyber practice sits at the heart of that mission — working alongside government departments, agencies, and critical national infrastructure owners to improve how they detect, respond to, and learn from cyber threats.

As a Lead Security Analyst, you'll be the most senior analyst on your engagement, setting the technical direction for the SOC and owning the quality of what the team produces — from detection engineering to threat-hunting to incident response.

This isn't a role where you disappear into a ticket queue. You'll shape the threat-landscape narrative for your engagement, drive the detection backlog, and build the capability of the analysts around you. That means pairing on complex investigations, setting tradecraft standards, and making sure the team's detection content is version-controlled, peer-reviewed, and continuously improved — not left to age in a SIEM. You'll also be the trusted technical interface for client security stakeholders, translating what the SOC is seeing into the language that informs decisions.

Key Responsibilities

  • Set the detection engineering standard — author, tune, and peer-review detections in KQL, SPL, EQL, or Sigma; manage the false-positive backlog; map coverage to MITRE ATT&CK; and train L1/L2 analysts to write and tune detections themselves.
  • Own the threat-landscape narrative for your engagement — turn intelligence from NCSC advisories, sector feeds, and threat actor reporting into hunt themes, coverage gap analysis, and detection priorities that the SOC and client stakeholders can act on.
  • Run the intelligence cycle as a managed discipline — maintain a collection plan, produce timely and rigorous intelligence products, and build feedback loops that keep the cycle honest and improving.
  • Establish and lead security incident response practice — build playbooks, define the severity model, run exercises, and lead the team's response to significant incidents; run blameless post-mortems that the team actually learns from.
  • Design the log and telemetry pipeline that detections run on — including bespoke application telemetry in cloud environments, not just commodity endpoint feeds; ensure the right signals are collected, parsed, and retained for both detection and investigation.
  • Be the trusted technical interface for client security stakeholders — communicate what the SOC is detecting, investigating, and covering without losing fidelity; surface risks early and honestly, and align the team's priorities to the client's risk picture.
  • Grow the analysts around you — pair on detection authorship and incident response as a default, set pairing as the team norm, and actively build the capability of L1 and L2 analysts through structured mentoring and coaching so knowledge isn't concentrated in one person.
  • Contribute to the Cyber practice beyond your engagement — feed detection content, runbooks, and lessons learned back into shared practice resources; contribute to analyst assessment and hiring; and engage with public-sector security communities including NCSC CISP and relevant ISACs.

Reasons to use Rodeo

I’m in my final year doing Economics and I don’t know whether to apply for grad schemes now or do a masters first. What do you think?

Honest answer — it depends on where you want to end up. A lot of top grad schemes (Big 4, civil service, banking) don’t need a masters. Let’s look at the ones you’d be competitive for now, and we can decide if a masters actually adds anything.

Also worth knowing: most autumn 2026 applications are open now. Timing matters more than you think.

Start with a chat, not a search bar

Grad scheme, placement, apprenticeship? Not sure what you want yet — that's fine. Your agent talks it through with you and turns "I have no idea" into a shortlist.

P

Graduate Consultant — 2026 Scheme

PwC·London, UK
£35,000/yr

Why you're a good match

Strong

Your economics background and your summer at a regional bank line up with what PwC looks for on the consulting scheme. Applications close in four weeks.

See breakdown
Save jobNot relevant
View details

It searches the market for you

Every day your agent scans the market matching roles against what actually matters to you, not just keywords on a CV.

Why you're a good match

You’ve got the grades and the economics background, and your bank internship is exactly the experience this scheme looks for. Apply soon — deadlines close within the month.

See breakdown
Strong

Experience fit

Your summer at the bank plus your econometrics coursework map directly to the day-one responsibilities on this scheme — client modelling, market briefings, and deal support.

See breakdown
Strong

Only hits

No noise. No "maybe this fits." Just roles with a clear explanation of why they're right — and where to focus when applying.

Requirements

We're looking for someone who holds one of the following, or an equivalent senior cyber operations leadership credential:

  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • CompTIA Advanced Security Practitioner (CASP+)

Capabilities and experience

  • Experience leading detection engineering in a SOC or similar environment — including writing and tuning detections in KQL, SPL, EQL, or Sigma, and managing coverage against MITRE ATT&CK
  • Experience designing or improving a log and telemetry pipeline, including application-level telemetry from cloud-hosted services (AWS is a strong preference at this grade), with an understanding of how to design monitoring for failure modes and degraded states
  • Evidence of running the intelligence cycle as a managed discipline — collection planning, production, and feedback — rather than consuming finished intelligence
  • Working knowledge of UK government security standards and frameworks, including NCSC CAF Objective C, GovAssure, and OFFICIAL handling requirements
  • Experience establishing incident response practice — playbooks, severity models, and exercises — not just responding to individual incidents
  • Evidence of growing the technical capability of less experienced analysts through pairing, structured mentoring, or coaching, including setting clear goals and tracking progress over time
  • Experience anchoring delivery on client outcomes rather than task completion — challenging the brief where it serves the client and making value visible rather than reporting effort
  • Evidence of contributing reusable assets — detection playbooks, runbooks, templates, or accelerators — back into a practice or community, rather than leaving knowledge within a single team

Tools and practices

  • Familiarity with SOAR tooling and automation of triage and enrichment workflows
  • Experience working in Kanban-led operating models, including managing triage queues, WIP limits, and class-of-service for incidents
  • Experience running or contributing to skills-based technical assessments that evaluate demonstrated capability rather than credentials or years of experience
  • Made Tech sponsors attainment of recognised cyber certifications for staff in scope. If you don't yet hold the essential credentials listed above but are working toward them — or can demonstrate equivalent capability through your experience — we'd still like to hear from you.

Get help with your application

Your very own career expert that helps elevate your application to the next level.

Get help applying for this job

Benefits

We are always listening to our growing teams and evolving the benefits available to our people. As we scale, as do our benefits and we are scaling quickly. We've recently introduced a flexible benefit platform which includes a Smart Tech scheme, Cycle to work scheme, and an individual benefits allowance which you can invest in a Health care cash plan or Pension plan. We’re also big on connection and have an optional social and wellbeing calendar of events for all employees to join should they choose to.

Here are some of our most popular benefits listed below:

  • 30 days Holiday - we offer 30 days of paid annual leave
  • Flexible Working Hours - we are flexible with what hours you work
  • Flexible Parental Leave - we offer flexible parental leave options
  • Remote Working - we offer part time remote working for all our staff
  • Paid counselling - we offer paid counselling as well as financial and legal advice

SC Eligibility

An increasing number of our customers are specifying a minimum of SC (security check) clearance in order to work on their projects. As a result, we're looking for all successful candidates for this role to have eligibility.

Eligibility for SC requires 5 years' UK residency and 5 year' employment history (or back to full-time education). Please note that if at any point during the interview process it is apparent that you may not be eligible for SC, we won't be able to progress your application and we will contact you to let you know why.

Support in applying

If you need this job description in another format, or other support in applying, please email talent@madetech.com.

We believe we can use tech to make public services better. We also believe this can happen best when our own team represents the society that actually uses the services we work on. We’re collectively continuing to grow a culture that is happy, healthy, safe and inspiring for people of all backgrounds and experiences, so we encourage people from underrepresented groups to apply for roles with us.

When you apply, we’ll put you in touch with a member of our talent team who can help with any needs or adjustments we may need to make to help with your application. We’ve put together this blog as a resource to share more about reasonable adjustments and some examples of what this could include. We also welcome any feedback on how we can improve the experience for future candidates.

Trusted by 25,000+ job seekers

“It took my CV and asked me questions relevant to understanding what kind of jobs to suggest for me. Suggestions were almost perfect. Jobs were exactly what I’ve been looking for.”

Jessica, London

Get help applying for this job

Skills

Detection Engineering
Incident Response
Threat Hunting
KQL
SPL
EQL
Sigma
MITRE ATT&CK
Log Pipeline Design
Cloud Environments
Intelligence Cycle
Security Standards
Mentoring
Client Communication
SOAR Tooling
Kanban

Location

Manchester, England, United Kingdom

Sign up to applySee more jobs like this