SOC Analyst

Position Summary
The Senior Security Analyst is a dedicated security operations role providing continuous security coverage for a client operating in a regulated industry. You are embedded within a small, senior team delivering operational security services across detection, investigation, response, and proactive security operations, with direct responsibility for outcomes.

You own security incidents end-to-end, from initial detection through investigation, containment, and coordination of remediation with internal and third-party teams. When the incident queue is clear, you carry out proactive security operations work including vulnerability scanning, web application scanning, breach and attack simulation, and validation of security tooling, actively maintaining and improving the client's security posture.

Beyond incident response, you liaise directly with the client's IT and cloud teams to ensure remediation actions are completed, and you coordinate across teams to drive issues through to resolution. You bridge the gap between security operations and engineering, escalating platform issues to the security engineering team and supporting engineers during major incidents.

The tooling scope has a strong Microsoft orientation. You work alongside the client's SOC provider where applicable, receiving escalated SIEM alerts while also monitoring and operating endpoint, vulnerability, and simulation tooling directly. You have direct access for investigation and threat hunting purposes.

You bring experience beyond security tooling, with the ability to navigate the infrastructure and application technologies within the client's hybrid (on-premise and cloud) environment.

Role Mission
To deliver reliable, high-quality operational security for the client by owning detection, investigation, and response, while proactively strengthening the security environment through hands-on security operations work and cross-team coordination.

Objectives & Key Results
The key objectives will be to:

• Maintain SLA compliance for incident detection, investigation, and response across all priority levels
• Own security incidents through to resolution, ensuring remediation actions are completed
• Operate and validate proactive security tooling (e.g. Qualys, XM Cyber, AttackIQ) to an agreed schedule, identifying and acting on findings
• Reduce detection gaps by contributing to detection rule tuning, false-positive reduction, and threat hunting activities
• Share insights that improve SOC response times, detection accuracy, and coverage
• Maintain high standards of documentation, communication, and compliance to audit standards
• Support the security engineering team during major incidents and platform changes
• Complete a minimum of 40 hours of professional training per year, aligned to client requirements

Duties and ResponsibilitiesEssential Roles & Responsibilities
Incident Detection, Investigation & Response

• Monitor and investigate alerts from Microsoft Defender and related email, endpoint and cloud security tooling
• Receive and act on escalated alerts from the client's SOC provider or SIEM platform
• Take ownership of all security incidents, validating indicators of compromise and determining impact
• Perform detailed investigations using KQL queries in Microsoft Sentinel and telemetry from across the security stack, going beyond initial triage to full root-cause analysis
• Reconstruct event chains and identify root causes, including correlation across endpoint, identity, cloud, and network data sources
• Determine credibility and severity of threats in the context of the client's risk profile and regulatory obligations
• Investigate potential IOCs using multi-source telemetry and threat intelligence
• Make evidence-based decisions on containment actions and remediation plans, coordinating response actions with the client's IT, cloud, and workplace teams
• Recommend immediate defensive or containment actions where appropriate, and support teams across the business in the resolution of incidents and post-event analysis and reporting
• Handle incidents end-to-end where tooling and access allow, escalating to the security engineering team or client security leadership when required
• Operate within tight SLAs appropriate to a regulated client environment