Security Business Analyst is a specialist role responsible for accelerating the onboarding of enterprise applications and platforms into the organisation's Splunk Enterprise Security (SIEM) and enabling automated alerting for the SOC. The role addresses a key constraint by taking on the discovery, definition, and documentation of log sources and security monitoring requirements‐work that security engineers cannot complete at scale.
By working directly with application, platform, and service owners, the Security Business Analyst identifies security‐relevant logging, defines monitoring and detection requirements, and produces clear artefacts for Security Operations and SIEM engineering. Through strong business analysis and security expertise, the role ensures consistent, scalable, and risk‐aligned security monitoring across SaaS, cloud, and enterprise environments.
Responsibilities
* Engage system owners to understand architectures, data flows, and logging.
* Identify, analyse, and document security‐relevant log sources.
* Maintain a central log source register with owners, access methods, and retention.
* Prioritise log sources with Security Engineering and SOC teams.
* Develop security stories and use cases for monitoring and detection.
* Define incident‐response context and key escalation contacts.
* Build strong relationships across IT, Security, and business teams.
* Communicate progress, risks, and dependencies clearly.
* Keep security processes and documentation up to date.
Skills Summary
* Experience with cybersecurity, Security Operations, SIEM, and logging platforms
* Strong understanding of authentication, authorisation, audit logging, and incident response
* Experience working in regulated, risk‐aware, or compliance‐driven environments
* High proficiency with Microsoft Office (Excel, PowerPoint, Word, Visio, etc.)
* Cybersecurity certifications (e.g., CISSP, CREST, GIAC, OSCP) will be highly regarded
* Experience working in ITIL‐aligned environments
* Familiarity with a broad range of enterprise and SaaS platforms
* Ability to work closely with Cyber Security leadership, Security Operations, and Engineering teams
* Strong stakeholder engagement and communication skills
For more information, please contact Ralph on
#J-18808-Ljbffr