Cybersecurity & IT

A Security Operations Centre (SOC) Analyst is responsible for the continuous monitoring, detection, and response to cybersecurity threats across an organisation's infrastructure. Working within a SOC — which may operate 24/7 — analysts triage security alerts, investigate incidents, contain threats, and document findings. They work with SIEM platforms, endpoint detection tools, network monitoring systems, and threat intelligence feeds to identify and respond to attacks in real time. SOC Analysts are typically tiered (L1, L2, L3) by experience and responsibility. L1 analysts handle initial alert triage; L2 analysts conduct deeper investigation and correlation; L3 analysts lead complex incident response and may contribute to threat hunting. The role demands strong technical knowledge of networks, operating systems, and attacker techniques, as well as the ability to work calmly under pressure during active incidents.

A Junior Cybersecurity Analyst monitors an organisation's systems and networks for signs of intrusion, malware, or policy violations. Core tasks include reviewing security alerts from SIEM platforms (e.g. Splunk, Microsoft Sentinel), triaging incidents, conducting initial investigations, escalating confirmed threats, and maintaining security documentation. The role sits within a Security Operations Centre (SOC) or a wider IT security team and typically involves shift-based working at larger organisations. Entry-level analysts are expected to develop their understanding of the threat landscape, attacker techniques (MITRE ATT&CK framework), and defensive tools quickly. The role is deliberately hands-on — it is the primary entry point into a cybersecurity career — and progression into specialisms like penetration testing, incident response, threat intelligence, or cloud security is well-defined.

An IT Support professional provides technical assistance to end users and maintains the hardware, software, and network infrastructure an organisation depends on. Responsibilities range from first-line helpdesk triage — resetting passwords, troubleshooting connectivity issues, resolving software errors — to second and third-line work involving system administration, device deployment, network configuration, and infrastructure maintenance. Support analysts log all issues via ticketing systems (e.g. ServiceNow, Jira Service Management) and work to SLA targets. The role is the foundation of a technology career and provides exposure to a wide range of systems, including Windows and macOS environments, Active Directory, Microsoft 365, VPNs, and increasingly cloud platforms such as Azure and AWS. IT Support professionals are expected to communicate clearly with non-technical users, manage competing priorities, and escalate issues appropriately while maintaining service continuity.

A Penetration Tester — often called an ethical hacker — is hired to attack an organisation's systems, networks, and applications before malicious actors can. Day-to-day work involves scoping engagements with clients, running structured attacks using tools such as Metasploit, Burp Suite, and Nmap, documenting vulnerabilities discovered, and writing clear reports that translate technical findings into business risk. Penetration testers work across web applications, internal networks, cloud infrastructure, and increasingly physical and social engineering scenarios. Most roles sit inside specialist security consultancies, in-house red teams at large enterprises, or government-adjacent bodies. The role demands a hacker mindset combined with methodical reporting discipline. Junior testers typically support senior colleagues on engagements and focus on web application testing before broadening into network and infrastructure work. In the UK, demand is driven by regulatory requirements, cyber insurance obligations, and the growing volume of high-profile breaches. Testers who can communicate risk clearly to board-level stakeholders — not just write technical reports — progress fastest.

A Cloud Security Engineer designs, implements, and maintains the security controls that protect an organisation's cloud infrastructure — typically across AWS, Microsoft Azure, or Google Cloud Platform. Day-to-day work involves configuring identity and access management (IAM), reviewing infrastructure-as-code for security misconfigurations, monitoring cloud environments for threats, responding to security incidents, and working closely with DevOps and platform engineering teams to embed security into the build pipeline. The role sits at the intersection of traditional security operations and modern cloud-native engineering, requiring both an understanding of attacker techniques and the ability to build automated controls at scale. Entry-level positions often carry titles such as Junior Cloud Security Engineer, Cloud Security Analyst, or Associate Security Engineer, and typically involve supporting more senior engineers on implementation projects and monitoring tasks. The UK cloud security market is expanding rapidly as organisations complete multi-year migration programmes and face increasing regulatory scrutiny of cloud configurations. Engineers who can speak both security and infrastructure — understanding Terraform, Kubernetes, and CI/CD pipelines as well as threat modelling and compliance frameworks — are among the most sought-after professionals in the sector.