We are seeking an experienced Cybersecurity Architect to support security monitoring, incident response, threat detection, vulnerability management, and security governance activities. The ideal candidate will have strong hands-on experience in security operations, SIEM monitoring, incident investigation, vulnerability assessment, and compliance support within enterprise or regulated environments. This role requires a strong understanding of security tools, threat landscapes, incident response processes, and security frameworks. The candidate will work closely with IT, infrastructure, application, compliance, and business stakeholders to strengthen the organisation's security posture and ensure timely detection, response, and remediation of security risks.
Key Responsibilities:
Security Monitoring & Incident Response:
- Monitor security alerts and events from SIEM, EDR, and other security monitoring tools.
- Investigate and triage security incidents, including malware infections, phishing attempts, suspicious activities, and unauthorised access attempts.
- Perform root cause analysis for security incidents and recommend appropriate remediation actions.
- Escalate incidents based on severity, business impact, and defined incident response procedures.
- Prepare incident reports and support post-incident reviews.
Threat Detection & Analysis:
- Analyse logs from servers, endpoints, network devices, applications, and security platforms.
- Identify anomalies, suspicious behaviours, and potential threats using correlation rules, alerts, and security use cases.
- Support threat hunting activities to proactively identify hidden threats and attack patterns.
- Assist in improving threat detection capabilities through rule tuning and use case enhancement.
Security Tools & Technologies:
- Manage, operate, and optimise security tools such as SIEM, EDR, IAM platforms, and vulnerability scanners.
- Work with SIEM platforms such as Splunk to monitor events, investigate alerts, and generate reports.
- Assist in fine-tuning detection rules to reduce false positives and improve alert quality.
- Support integration and onboarding of new security technologies, log sources, and monitoring use cases.
Vulnerability & Risk Management:
- Conduct vulnerability assessments and track remediation progress with relevant system owners.
- Review vulnerability scan results, prioritise risks, and support remediation planning.
- Work with infrastructure, application, and operations teams to address identified security risks.
- Support risk assessments for legacy systems, exceptions, and technology changes.
Compliance & Governance:
- Ensure adherence to internal security policies, standards, procedures, and baseline configurations.
- Support internal and external audits by gathering evidence, preparing documentation, and responding to audit queries.
- Assist in maintaining compliance with security and regulatory frameworks such as ISO 27001, MAS TRM, NIST, and other applicable standards.
- Support security governance activities, including risk tracking, control validation, and policy compliance reviews.
Configuration & Change Monitoring:
- Monitor critical system configuration changes across infrastructure, applications, and security platforms.
- Validate compliance with system hardening baselines and security configuration standards.
- Identify, document, and report deviations from approved baselines.
- Work with relevant teams to ensure deviations are properly assessed, remediated, or risk-accepted.
Reporting & Documentation:
- Prepare security dashboards, incident reports, vulnerability reports, and security metrics.
- Document incident response playbooks, standard operating procedures, detection use cases, and investigation steps.
- Provide regular updates to stakeholders on security posture, incident trends, vulnerabilities, and remediation status.
- Maintain accurate records of incidents, risks, exceptions, and remediation activities.
Required Qualifications:
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related discipline.
- 4 to 10 years of experience in Security Operations, Cybersecurity, Incident Response, Threat Detection, or a similar role.
Technical Skills:
- Hands-on experience with SIEM tools such as Splunk.
- Knowledge of Windows, Linux, and Active Directory environments.
- Good understanding of network security concepts, including firewalls, IDS/IPS, VPNs, proxies, and network segmentation.
- Familiarity with endpoint security, EDR tools, identity access management, and vulnerability management platforms.
- Experience in analysing logs from servers, endpoints, applications, and network devices.
- Basic scripting knowledge using Python, PowerShell, or similar scripting languages is an advantage.
Security Knowledge:
- Good understanding of current threat landscape, attack vectors, malware, phishing, and common cyberattack techniques.
- Knowledge of incident response methodologies and investigation processes.
- Understanding of vulnerability management processes, risk assessment, and remediation tracking.
- Familiarity with security frameworks, standards, and control requirements such as ISO 27001, MAS TRM, NIST, or CIS Controls.
Nice to Have:
- Certifications such as CompTIA Security+, CEH, GIAC, CISSP, or equivalent cybersecurity certifications.
- Experience working in regulated environments, preferably financial services or banking.
- Exposure to audit, compliance, risk management, and security governance processes.
- Experience supporting threat hunting, security automation, or detection engineering activities.
To apply,simply click the Apply button or send your updated profile to [Confidential Information]
EA Licence No.:18S9405 / EA Reg. No.:R1330864
Percept Solutions is expanding and actively seeking talented individuals. We encourage applicants to follow Percept Solutions on LinkedIn at https://www.linkedin.com/company/percept-solutions/to stay informed about new opportunities and events.
