Senior SOC Analyst
United Kingdom
Full Time
3 weeks ago
$50,000 - $55,000 GBP
No Sponsorship
Key skills
CloudCyber SecurityPythonSplunkPowerShellLeadershipCommunicationCloud Security
About this role
Role Overview
- Lead day‑to‑day SOC operations, ensuring effective triage, escalation, and communication workflows
- Act as the primary escalation point for complex security investigations and incidents
- Conduct advanced threat investigations across endpoints, networks, and cloud environments
- Perform proactive threat hunting and detection tuning to improve coverage and reduce noise
- Manage and mentor Tier 1–2 analysts, supporting development and technical growth
- Ensure ticket quality, SLA adherence, and high service standards across SOC operations
- Support onboarding of new customers into monitoring and detection platforms
- Collaborate with Cyber Security leadership to improve detection strategy and SOC maturity
- Analyse logs and security data to identify malicious or suspicious activity
- Develop and maintain playbooks, runbooks, and knowledge base content
- Produce clear, actionable incident reports for internal and customer stakeholders
- Engage directly with customers during escalations, incident reviews, and briefings
- Identify opportunities for automation, process improvement, and enhanced detection capabilities
- Stay up to date with emerging threats, attack techniques, and MITRE ATT&CK developments
Requirements
- 4–6 years’ experience in a SOC or MSSP environment at Tier 2–3 or Lead level
- Strong hands‑on experience with SIEM platforms (e.g. Microsoft Sentinel, Splunk, Elastic, LogPoint)
- Experience with EDR tools such as Microsoft Defender, SentinelOne, or Bitdefender
- Deep understanding of MITRE ATT&CK and modern threat detection methodologies
- Strong incident response, investigation, and log analysis capability across multiple data sources
- Ability to lead during high‑pressure incidents with calm, confident decision‑making
- Strong communication skills, including producing clear incident reports and updates
- Proven ability to mentor, coach, and support junior analysts
- Organised approach with the ability to manage multiple concurrent incidents
- Proactive mindset focused on continuous improvement and service optimisation
Nice to have
- Certifications such as SC‑200, GCIH, GCIA, Security+, or BTL1
- Experience in an MSSP or multi‑customer environment
- Microsoft security stack experience (Defender XDR, Sentinel, M365 security)
- Knowledge of cloud security, email security, and vulnerability management
- Experience with KQL or other query languages
- Scripting skills (PowerShell, Python)
- Familiarity with SOAR and threat intelligence platforms
- Understanding of compliance frameworks (ISO 27001, NIST, Cyber Essentials)
Tech Stack
- Cloud
- Cyber Security
- Python
- Splunk