About Ekco

🚀 Founded in 2016, Ekco has quickly become one of Europe’s fastest-growing cloud solution providers and your trusted security-first Managed Service Provider.
IT leaders choose Ekco to drive operational efficiency, scale smarter and stay ahead of risk – powered by local expertise, delivered at European scale.

We specialise in helping organisations advance their cloud maturity guiding transformation, strengthening security, and maximising the value of their technology investments.

☁️ In simple terms: we help organisations modernise with confidence securing their systems, optimising their cloud, and keeping them resilient in a rapidly changing world.

🌍 Today, we’re a thriving team of 1,000+ talented and supportive colleagues across the UK, Ireland, Benelux, South Africa, and Malaysia—and we’re continuing to grow.

At Ekco, how we work matters as much as what we deliver. Our people live by four core values that shape everything we do:

• On It: We take ownership, follow through, and get things done.

• All In : We collaborate, support each other, and commit fully to shared goals.

• Connected: We build trusted relationships with colleagues, clients, and partners.

• Hungry to Grow: We stay curious, keep learning, and push ourselves to the next level.

🏠If these values resonate with you, you’ll feel right at home here.

The Role

Day-to-day at Ekco:

As a Cyber Workflow Analyst within Ekco’s SecOps Professional Services team, you will play a key role in the operational success of client workflow automation and SOAR (Security Orchestration, Automation, and Response) capabilities. You will help drive the adoption, quality assurance, and continuous improvement of automated playbooks, supporting analysts and operational teams in integrating automation into their daily processes.

You will be responsible for reviewing playbook executions, identifying gaps in usage or performance, onboarding new users, and working closely with Cyber Workflow developers. Your work will directly support improved response times, reduced manual effort, and better-quality case / incident handling across our client environments.

What you’ll be responsible for:

· Monitoring daily execution of workflow automation and SOAR playbooks to ensure accuracy, completeness, and consistency with operational objectives.

· Performing quality assurance reviews of case data to confirm correct use of automated workflows.

· Providing structured feedback to development teams on playbook performance and identifying opportunities for refinement.

· Delivering onboarding and refresher training sessions to clients on the correct use of playbooks and workflows.

· Updating and maintaining playbook usage guides, workflow documentation, and training materials.

· Reviewing and updating operational metadata within workflow platforms to ensure clarity, usability, and audit-readiness.

· Tracking key metrics such as playbook adoption rates, success/failure trends, and enrichment consistency.

· Creating regular reporting and dashboards that illustrate playbook return on investment (ROI), user activity, and operational coverage.

· Supporting audit requests by maintaining accurate and up-to-date documentation of playbook usage and decisions.

· Working closely with client-side security and operations teams to encourage a culture of automation awareness and continuous improvement.

About You

· Experience in a Security Operations Centre (SOC) as a senior member of incident response, or cyber defence analyst roles.

· Hands-on familiarity with any SOAR or workflow automation platforms such as Chronicle SOAR, Tines, Torq, or FortiSOAR etc.

· Understanding of incident response workflows and how automation supports triage, enrichment, and response.

· Strong attention to detail and ability to spot inconsistencies or issues in process execution.

· Scripting or logic comprehension (e.g., Python or JSON) to understand playbook logic and outputs.

· Excellent verbal and written communication skills, particularly for knowledge transfer and documentation.

· Comfortable with stakeholder engagement and feedback loops across analysts, engineers, and management.

The Desirables

· Experience with vendor attached workflow automation (Such as Crowdstrike Fusion etc).

· Experience managing SIEM, EDR, and threat intelligence platforms.

· Exposure to metrics, dashboarding, or data analysis tools (e.g., Kibana, Power BI, product specific dashboards).

· Experience delivering user training or onboarding and documentation.

· Familiarity with audit and compliance processes related to security automation.

· Relevant certifications such as CompTIA Security+, GCIH, or equivalent.

Benefits / Perks

• ☀️ Time Off: 25 days annual leave + public holidays
• 🎂 Birthday Leave: One extra day off to celebrate
• 💰 Company Pension Scheme
• 📞 Employee Assistance Programme (EAP) for wellbeing support
• 🏃‍♀️ EkcOlympics: Global team activity challenges
• 📚 Unlimited access to Pluralsight for continuous development
• 🌱 Real opportunities to grow, including international progression

Why Ekco

• ⭐️ Microsoft’s 2023 Rising Star Security Partner of the Year
• 🚀 First Irish Microsoft MSP to achieve all four Microsoft Security Specializations
• 🏅 Ranked 4th fastest-growing technology company in the Deloitte Fast50 Awards
• 🌈 A culture rooted in diversity, equality, inclusion & belonging
• 🎉 A commitment to internal mobility and career progression
• ✨ Flexible, family-friendly working at the heart of our culture
• 🔐 Proud to be your trusted security-first Managed Service Provider chosen by IT leaders to drive operational efficiency, scale smarter and stay ahead of risk.