TelecommunicationsSOC Analyst Level 2
Back

SOC Analyst Level 2

  • Deepstreamtech
  • Birmingham, Staffordshire
  • 19/05/2026
Full time Information Technology Telecommunications

Job Description

Requirements
  • This role requires deep expertise in SIEM platforms including Splunk, IBM QRadar, Microsoft Defender, Microsoft Sentinel, and Google Chronicle, with a strong focus on playbook development, analytical rule creation, and threat modelling
  • Must be able to obtain SC Clearance or already hold SC clearance
  • SIEM Expertise: Hands-on experience with at least two of the following: Splunk, IBM QRadar, Microsoft Defender for Endpoint, Microsoft Sentinel, Google Chronicle
  • Strong knowledge of log formats, parsing, and normalization
  • Experience with KQL, SPL, AQL, or other SIEM query languages
  • Familiarity with scripting (Python, PowerShell) for automation and enrichment
  • Deep understanding of threat detection, incident response, and cyber kill chain
  • Familiarity with MITRE ATT&CK, NIST, and CIS frameworks
  • Strong verbal and written English communication
  • Strong interpersonal and presentation skills
  • Strong analytical skills
  • Must have good understanding on network traffic flows and able to understand normal and suspicious activities
  • Must have good understanding of Vulnerability Scanning and management as well as Ethical Hacking (Penetration Testing)
  • Knowledge of ITIL disciplines such as Incident, Problem and Change Management
  • Ability to work with minimal levels of supervision
  • Willingness to work in a job that involves 24/7 on call
  • Minimum of 3 to 5 years of experience in the IT security industry, preferably working in a SOC/NOC environment
  • Preferably holds Cyber Security Certification e.g. ISC2 CISSP, GIAC, SC-200, Splunk Certified Admin/Power User, IBM QRadar Certified Specialist, Google Chronicle Security Engineer etc
  • Experience with Service Now Security suite
  • Experience with Cloud platforms (AWS and/or Microsoft Azure)
  • Excellent knowledge of Microsoft Office products, especially Excel and Word
What the job involves
  • The primary function of the Senior SOC Engineer is to enhance our security operations capabilities
  • You will be instrumental in building and optimizing our detection and response strategies
  • Deploy, configure, and maintain SIEM platforms (Splunk, QRadar, Sentinel, Defender, Chronicle)
  • Onboard and normalize log sources across cloud and on-prem environments
  • Develop and optimize analytical rules for threat detection, anomaly detection, and behavioural analysis
  • Design and implement incident response playbooks for various threat scenarios (e.g., phishing, lateral movement, data exfiltration)
  • Integrate playbooks with SOAR platforms (e.g., Microsoft Logic Apps, XSOAR) to automate triage and response
  • Continuously refine playbooks based on threat intelligence and incident feedback
  • Monitor and analyse security alerts and events to identify potential threats
  • Perform in-depth investigations and coordinate incident response activities
  • Collaborate with threat intelligence teams to enrich detection logic
  • Conduct threat modelling exercises using frameworks like MITRE ATT&CK, STRIDE, or Kill Chain
  • Translate threat models into actionable detection use cases and SIEM rules
  • Prioritize detection engineering efforts based on risk and business impact
  • Generate reports and dashboards for stakeholders on security posture and incident trends
  • Work closely with IT, DevOps, and compliance teams to ensure secure system configurations
  • Provide mentorship and guidance to junior analysts and engineers
  • Maintain accurate and up-to-date documentation of security procedures, incident response plans, and analysis reports
  • Support the creation of monthly reporting packs as per contractual requirements
  • Create and document robust event and incident management processes, Runbooks & Playbooks
  • Involvement in scoping and standing up new solutions for new opportunities
  • Assisting Pre-Sales team with requirements on new opportunities
  • Demonstrations of SOC tools to clients
  • Continual Service Improvement - Recommendations for change to address incidents or persistent events
About Deepstreamtech
Apply Now