Job Description

The Role:

Working within the Information Security team, you will be a technical linchpin for Incident Response across the global estate. While you will respond to and investigate high-priority events, your primary focus will be the evolution of our defensive capabilities. You will bridge the gap between pure analysis and engineering.

You will drive growth and improvement in incident response automation, identifying opportunities to replace manual processes with high-fidelity SOAR playbooks and automated workflows. Furthermore, you will lead our detection creation efforts, identifying monitoring gaps and developing custom rules within our SIEM and EDR platforms to ensure we stay ahead of sophisticated adversaries.

As a Senior Security Analyst, you will act as a technical escalation point for the team, mentoring junior analysts in complex investigations and forensic collection. You will collaborate with Vulnerability Management and Engineering to ensure that "lessons learned" are not just documented, but are actively coded into our security controls through improved detection logic and automated response.

What You’ll Take On:

• Detection Engineering: Proactively develop, test, and deploy custom detection rules and logic (SIEM, EDR, IDS) to identify emerging threats and TTPs specific to the retail and warehouse environment.
• SOAR Orchestration: Design and implement automated playbooks to streamline repetitive response tasks, reducing Mean Time to Respond (MTTR) and analyst fatigue.
• Advanced Incident Response: Lead the investigation of high-complexity security incidents, ensuring prompt containment, eradication, and recovery.
• Control Tuning: Systematically identify and eliminate false positives through rigorous rule tuning and correlation logic improvements.
• Forensic & Root Cause Analysis: Conduct deep-dive forensic investigations and use the findings to develop new preventative controls and detection signatures.
• Strategic Reporting: Maintain and evolve security metrics that demonstrate the effectiveness of our automation and the maturity of our detection coverage.
• Collaboration: Liaise with Security Engineering and 3rd-party partners to integrate diverse data sources into our monitoring pipeline.
• Operational Excellence: Maintain an awareness of the global threat landscape, translating threat intelligence into actionable detection content.
• Mentorship: Support the Team Leader in upskilling the analyst cohort, specifically in areas of scripting, regex, and logic-based investigation.

What You’ll Bring:

Essential

• Experience: Proven Information Security experience in a SOC or IR environment, with a demonstrable shift toward security development or engineering.
• Technical Proficiency: Strong analytical skills within Windows and Linux environments, with the ability to parse complex logs and identify anomalous behaviour.
• Tooling: Experience configuring and maintaining SIEM, SOAR, and EDR platforms (e.g., creating custom dashboards, alerts, and automated workflows).
• Communication: Ability to remain calm under pressure and translate technical automation concepts into clear updates for management.
• Mindset: A "dev-first" approach to security—constantly seeking to automate manual tasks and improve detection fidelity.

Desirable

• Qualifications: Relevant industry-recognised security certifications (e.g., SANS GIAC, GCIA, GCIH, or CySA+).
• Scripting & Logic: Proficiency in at least one scripting language (e.g., Python, PowerShell, or Bash) and experience with Regex for log parsing and rule creation.
• Automation: Experience building API integrations between security tools to facilitate automated data enrichment.
• Cloud: Experience with detection and response within Cloud-based infrastructure (AWS or Azure).
• Frameworks: Familiarity with the MITRE ATT&CK framework and its practical application in rule development.

#LI-LE1 #LI-Hybrid

You know Next, but did you know we’re a FTSE-100 retail company employing over 44,000 people across the Next group. We’re the UK’s 2nd largest fashion retailer and for Kidswear we’re the market leader. At the last count we have over 450 stores, plus the Next Online and it’s now possible to buy on-line from over 80 countries around the world! So we’ve gone global!