Microsoft Security Operations Centre (SOC) Analyst - T2 & T3

Microsoft Security Operations Centre (SOC) Analyst - T2 & T3 Security Clearance Required Preferred Location - Newcastle The SOC Analyst Team operates as a next‑generation, intelligence‑led Security Operations function, designed to deliver high‑quality, scalable 24x7 security monitoring and response. All SOC analysts participate in a 24x7 shift model, ensuring uninterrupted service coverage, while also contributing to detection improvement, automation feedback, and service optimisation when operational demand allows. Tier 2 - SOC Analyst Technology Primary - Microsoft Sentinel & Service Now. Role Purpose Tier 2 SOC Analysts represent the primary human analysis function, responsible for investigating escalated alerts and incidents that require human judgement, contextual understanding, and analytical depth. Key Responsibilities * Perform deep investigation of escalated alerts and incidents from automated Tier 1 workflows * Validate threats, scope impact, and determine severity using contextual analysis * Investigate across multiple data sources, including: o SIEM o EDR / XDR o Identity and authentication telemetry o Cloud and SaaS platforms * Coordinate and execute response actions in line with: o Defined playbooks o Client‑specific requirements o Incident response procedures * Maintain clear, high‑quality investigation documentation and handover notes Operational Expectations * Operate as part of a 24x7 shift rota * Maintain accountability for investigation accuracy and quality * Escalate complex or ambiguous cases to Tier 3 appropriately * Provide structured feedback into: o Detection tuning o Alert quality improvements o Automation optimisation Continuous Improvement Contributions When operational demand allows, Tier 2 analysts are expected to contribute insight time to platform improvement activities, supporting the Platform Automation Lead through: * Identification of repeatable investigation patterns * Feedback on automation opportunities * Playbook refinement and improvement * Detection logic tuning recommendations Tier 3 - Senior SOC Analyst / Incident Specialist Role Purpose Tier 3 analysts provide advanced security expertise and escalation handling, focusing on complex, high‑risk, or ambiguous security incidents and ensuring consistent investigation quality across the SOC. Key Responsibilities * Handle escalations involving: o High‑impact or business‑critical incidents o Advanced or evasive attacker techniques o Ambiguous or novel threat behaviour * Conduct advanced threat analysis, including: o Attacker behaviour and intent assessment o Cross‑incident correlation o Campaign and intrusion analysis * Provide oversight and quality assurance of Tier 2 investigations * Lead complex incident response coordination where required Leadership & Mentorship * Participate in 24x7 escalation coverage, via on‑call or senior shift roles * Act as a technical mentor to Tier 2 analysts * Support analyst development through coaching and investigative guidance * Set investigation and response quality standards across the SOC Platform & Automation Feedback Like Tier 2, Tier 3 analysts are expected to provide structured feedback into platform and automation initiatives, working indirectly with the Platform Automation Lead to: * Improve detection fidelity * Reduce repeat incident patterns * Increase automation coverage over time * Ensure complex incidents inform long‑term service improvement #J-18808-Ljbffr