Incident Response (CSIRT)/SOC Level 3 Analyst

Incident Response (CSIRT)/SOC Level 3 Analyst - Outside IR35

Location: Crawley (2-3 days onsite)
Contract: 6 months
Outside IR35

We are looking for an experienced Incident Response (CSIRT)/SOC Level 3 Analyst to join a high-performing cyber security operations team on an initial 6-month contract.

This is an excellent opportunity for a senior cyber security professional with strong incident response, threat hunting, and SOC expertise to play a critical role in protecting enterprise IT and operational environments from advanced cyber threats.

You will work closely with cyber security operations teams, technical service providers, and senior stakeholders to detect, investigate, contain, and remediate cyber security incidents while continuously improving security operations capabilities.

Key Responsibilities:
Lead the investigation and response to high-severity cyber security incidents and escalated alerts
Drive containment, eradication, and recovery activities to minimise business impact
Perform advanced threat hunting using threat intelligence, IOCs, and behavioural analysis
Analyse complex security events across endpoints, networks, cloud, applications, and infrastructure
Improve and develop incident response playbooks, SOC procedures, and technical standards
Support SIEM use case development, log onboarding, and detection engineering initiatives
Work with internal teams and external MSSP providers to improve monitoring and detection coverage
Support and enhance SOAR workflows to automate response and enrichment processes
Conduct forensic investigations using multiple security data sources and provide actionable findings
Contribute to cyber resilience exercises, simulation testing, and crisis scenario planning
Produce operational metrics, dashboards, and reporting to improve SOC performance
Participate in audit and compliance activities including security frameworks and standards
Identify opportunities for continuous improvement across detection, response, and automation

Required Skills & Experience:
Strong experience working in a SOC Level 3, CSIRT, or senior incident response role
Proven experience managing and responding to high-priority cyber security incidents

Strong knowledge of:
Incident Response
Threat Hunting
Digital Forensics
SIEM platforms
SOAR tools
Detection Engineering
Experience investigating alerts across:
Endpoint security tools
Network security tools
Cloud environments
Enterprise applications
Strong understanding of threat intelligence, attack techniques, and adversary behaviour
Experience mentoring junior SOC analysts and supporting operational maturity
Strong communication skills with the ability to explain technical risks to non-technical stakeholders

Desirable:
Knowledge of Operational Technology (OT) environments, industrial systems, or critical infrastructure security

Exposure to security frameworks and standards such as:
ISO 27001
NCSC CAF
SOC audits

Ideal Candidate:
You are a technically strong cyber security professional who thrives in fast-paced environments and can confidently lead incident response activities during critical situations. You will bring deep SOC and cyber defence expertise, a proactive mindset, and a strong focus on continuous improvement.