About this role

We are seeking a hands-on, detail-oriented Security Operations Analyst (Cloud) to support the security posture of our hybrid corporate and enterprise environments. The successful candidate will play a key role in threat detection, incident response, cloud security monitoring, and the implementation of foundational controls across Azure, Microsoft 365, AWS, GCP, and GitLab.

This role sits within our Security team and collaborates closely with IT, Engineering, and Architecture to ensure consistent protection across infrastructure and workloads.

Your mission

As a Security Operations Analyst (Cloud), your mission is to act as the frontline defender of our cloud and hybrid environments. You will be instrumental in detecting and responding to threats, ensuring our platforms are configured securely, and driving continuous improvement in how we monitor and protect our infrastructure and data. By combining hands-on security expertise with sharp analytical thinking, you will help the business reduce risk, stay resilient, and build trust with customers and stakeholders — all while supporting a culture of secure innovation.

What’ll you do

Threat Detection & Incident Response

• Monitor and triage alerts from Microsoft Defender (for Endpoint, Cloud, Identity), AWS Security Hub, GCP Security Command Center, and GitLab pipelines

• Support investigations of security incidents, ensuring root cause analysis and remediation

• Maintain and improve incident response runbooks and automation tooling

Cloud Security Monitoring & Control

• Ensure high-severity security recommendations in Azure Security Center, AWS Trusted Advisor, and GCP are triaged and remediated within defined SLAs

• Work with IT to track Defender for Cloud coverage across all cloud subscriptions and assess configuration drift

• Validate implementation of security baselines in Azure, AWS, and GCP environments

Vulnerability & Risk Management

• Collaborate with Engineering to track application security vulnerabilities (e.g. SAST/DAST findings in GitLab)

• Coordinate scanning and reporting of infrastructure vulnerabilities using MS Defender for Cloud

• Track remediation activities and feed into the enterprise risk register

Identity & Access Monitoring

• Monitor Conditional Access, MFA coverage, and risky sign-in activity in Entra ID and AWS/GCP IAM

• Work with IT and Architecture to reduce excessive permissions, implement PIM/JIT access, and audit service accounts

Metrics & Reporting

• Support the delivery of regular security metrics (e.g. alert trends, DLP violations, Defender coverage, vulnerability backlog)

• Contribute to audit and compliance activities with evidence gathering and controls verification

What’ll bring

• Strong analytical and problem-solving skills

• Comfortable working in a fast-paced, multi-cloud environment

• Clear communicator, capable of translating technical risks to non-technical audiences

• Proactive, with a continuous improvement mindset

• 3+ years in a security operations, cloud security, or SOC analyst role

• Practical experience monitoring and triaging alerts in Azure/Microsoft Defender and AWS/GCP

• Strong understanding of incident response, cloud-native threats, and remediation workflows

• Familiarity with Azure Security Center, AWS Security Hub, or GCP Security Command Center

• Understanding of identity and access control models in cloud environments (e.g. Entra ID, IAM roles, federated login)

• Experience with MS Sentinel or equivalent SIEM platform

• Scripting or automation sills strongly preferred but not essential (PowerShell, Python)