Job Description To provide advanced cyber security monitoring, analysis, and incident response within the organisation’s security operations framework. The Tier 3 analysts are responsible for investigating escalated alerts, performing in-depth threat analysis, and supporting proactive measures, such as threat hunting to detect and mitigate cyber risks. This role ensures robust detection and response capabilities, continuous improvement of security processes to maintain organisational resilience and compliance. Principal Accountabilities • Monitoring SIEM tools to assure high a level of security operations delivery function. • Serve as an escalation point for more junior analysts, providing expert guidance and technical leadership. • Lead investigations into high-severity or complex security incidents, coordinating containment and eradication efforts. • Working with the engineering team, develop and optimise advanced detection rules, correlation logic, and automation workflows within SIEM and SOAR platforms. • Inform proactive threat hunting and identify emerging attack patterns using frameworks such as MITRE ATT&CK. • Review and enhance incident response runbooks; ensure they remain fit for purpose and aligned with best practices. • Produce detailed post-incident reports and lessons learned, drive improvements across processes and tooling. • Collaborate with technical teams to ensure new and changed services are integrated into monitoring and compliance frameworks. • Mentor and coach more junior analysts, supporting their technical development and career progression. • Deliver knowledge-sharing sessions and contribute to team training plans. • Recommend and implement continual service improvements to strengthen cyber resilience. • Ensure compliance with organisational security policies and regulatory requirements. • Act as a subject matter expert for cyber security monitoring and incident response during audits and stakeholder reviews. Authorities & Dimensions • Authority to escalate incidents and recommend containment actions. • Elevated access to monitoring tools, SIEM, and forensic platforms for analysis. • Some on call working may be required. • Provides technical guidance and mentoring to junior analysts, influencing Security Operations Centre (SOC) operational strategy. • Manage and develop a shift team of Tier 1 Analysts to ensure the delivery of a mature and highly skilled Cyber Security Operations Centre (CSOC) analysts. Job Context and Challenges The Tier 3 Analysts operate in a high-pressure environment where sophisticated threats target critical infrastructure. Challenges include leading complex investigations, ensuring rapid containment, and continuously improving detection capabilities. The role requires balancing operational delivery with strategic initiatives, while developing team capability and maintaining compliance with stringent regulatory standards. Essential Skills • Demonstrated knowledge in information security principles (security principles applied to architecture, network & systems, cyber forensic, security risk assessment, software development). • Experience in a Security Operations Centre (SOC) or similar cyber security environment. • Strong understanding of SIEM technologies, log analysis, and threat detection. • Ability to interpret vulnerability scan results and assess risk impact. • Knowledge of common attack vectors, malware behaviour and network security principles. • Actionable knowledge of MITRE ATT&CK framework. • Understanding of networking, client-server applications, firewalls, VPNs, and endpoint security products. Desirable Skills • Advanced certifications such as, CySA+, GIAC (GCIH, GCFA), or Microsoft SC-200. • Proficiency in scripting/programming (Python, PowerShell) for automation and custom tooling. • Experience with cloud security monitoring (Azure) and compliance frameworks. (MITRE ATT&CK, MITRE D3FEND). • Familiarity with threat intelligence platforms and integration strategies. Additional Information • Open VN • Number of Vacancies: 2 • Contact: Andrew Shutak The interviews for this vacancy are to be confirmed. ASW’s may have the right to apply for internal Sellafield Ltd vacancies. Please note if you are an Agency Supplied Worker you are required to attach evidence of all qualifications obtained to support your application. We require a minimum of A*-C (9-4) GCSE in English Language, Maths & Science/IT or equivalent / higher qualification. Competencies will be provided if you are invited to interview. Sellafield Ltd are recognised as a Disability Confident Employer (Level 3). Disability Confident employers offer an interview to disabled applicants that meet the minimum criteria for a vacancy. Sellafield Ltd define the minimum criteria as the ‘essential skills’ which are listed on the vacancy notice. Whilst completing your application form, you will be able to indicate if you wish to be considered under the disability confident scheme. If you would prefer to discuss this directly with us, please contact the GBS Recruitment team on recruitment@sellafieldcloud.co.uk Please ensure that you save a copy of this advert for future reference if you make an application for this role. The closing date for this vacancy is 20th July 2026. Back Tier 3 Analyst Job number SP06725 Profession IT Information Services Location Sellafield or Risley Contract type Internal Recruitment Posting date 5 July 2026 Closing date 20 July 2026 Band 3B Lower Work Schedule Days Apply here Apply here