SOC Analyst - #2068804

SOC Analyst

• Daily Rate: Inside IR35
• Location: Sheffield
• Job Type: Hybrid (2-3 days on-site)

Join our Cyber Defence Centre (CDC) as a SOC Analyst. This is a crucial hands-on operational role within Security Operations, focused on incident detection, investigation, and response. You will play a pivotal role in ensuring effective monitoring, triage, and response to security events, while also driving continuous improvement and detection engineering initiatives.

Day-to-day of the role:

• Incident Detection & Response:
  • Investigate and respond to security incidents and alerts escalated from Tier 1 / Tier 2 SOC.
  • Perform in-depth analysis and triage of security events, identifying threats and determining impact.
  • Support high-severity incident response as required, working closely with Incident Responders.
• Operational Monitoring:
  • Manage and resolve security tickets within agreed SLAs.
  • Review alerts from multiple security tools and platforms.
  • Ensure accurate documentation and tracking of incidents within ServiceNow.
• Detection Engineering:
  • Contribute to detection engineering activities on a rotational basis.
  • Develop and tune detection rules to improve alert quality and reduce false positives.
  • Write and optimise queries (e.g., KQL) across SIEM platforms.
• Collaboration & Support:
  • Work closely with internal teams and third-party providers to investigate and resolve incidents.
  • Support MSSP interactions and escalations where required.
  • Participate in incident bridge calls during major incidents.
• Continuous Improvement:
  • Identify lessons learned from incidents and contribute to improving processes and controls.
  • Provide feedback on detection gaps and opportunities for enhancement.
  • Focus on delivering value from incidents, not just ticket closure.

Required Skills & Qualifications:

• Core Experience:
  • Proven experience working within a SOC environment (Tier 2 / Tier 3 preferred).
  • Strong background in incident investigation and response.
  • Experience handling escalated alerts and security tickets.
• Technical Skills:
  • Experience with SIEM platforms (e.g., Microsoft Sentinel).
  • Experience with EDR/XDR tools (e.g., CrowdStrike).
  • ServiceNow or similar ITSM/SecOps platforms.
  • Ability to write and optimise KQL queries (essential).
  • Knowledge of scripting/query languages (e.g., Falcon Query Language) is advantageous.
• Analytical Capability:
  • Strong investigative and problem-solving skills.
  • Ability to correlate data across multiple sources.
  • Understanding of common attack techniques and threat vectors.
• Soft Skills:
  • Strong communication and collaboration skills.
  • Ability to work effectively in a fast-paced operational environment.
  • Proactive mindset with focus on continuous improvement and quality outcomes.

To apply for this SOC Analyst position, please submit your CV and a member of the Talent Team will be in touch.