Senior SOC Engineer in Leeds

Position Summary

As a Senior SOC Engineer, you apply deep technical expertise and leadership to the design, optimisation, and delivery of our security engineering services. You lead complex project work across onboarding, deployment, and service improvement, with a focus on scalable, secure, and efficient SOC infrastructure. You act as the senior escalation point for engineering challenges, contribute to continual improvement, and support the strategic growth of the Security Operations Centre (SOC). You also represent the engineering team in pre-sales engagements and customer communications, while mentoring other engineers and contributing to internal capability development.

Essential Roles & Responsibilities

• Platform Engineering Leadership – You lead the design and delivery of SOC-aligned security solutions, supporting both customer onboarding and continuous improvement of existing environments.
• Lead Customer Deployment & Onboarding – You support the full project lifecycle, including solution design, technical implementation, handover, and service documentation.
• Pre-Sales & Stakeholder Engagement – You contribute to pre-sales activities, including technical scoping, bid responses, service demonstrations, and stakeholder presentations.

Essential Duties

Security Platform Deployment & Optimisation

• Deploy, configure, and tune SOC technologies across SIEM, EDR, SOAR, and log pipeline tooling.
• Develop and maintain documentation to support repeatable, high-quality delivery.

Customer Engagement & Delivery

• Lead the implementation of engineering workstreams, balancing customer requirements with internal standards and constraints.
• Manage project handovers to other SOC teams and customer teams, ensuring operational readiness.
• Oversee lifecycle maintenance (patching, upgrades, transitions) across customer environments to assure sustained platform health.

Service Research & Development

• Assess and evaluate new technologies and service enhancements aligned with evolving customer needs and industry direction.
• Track vendor product roadmaps and assess the impact of version changes, feature updates, and technology alignment on SOC service delivery.

Behavioural Competencies – Organisational & Behavioural Fit

• Communication – Able to clearly articulate and present complex engineering concepts to internal stakeholders and customers, balancing technical precision with audience relevance.
• Technical Leadership – Comfortable guiding other engineers through complex technical challenges and providing structure to engineering delivery.
• Adaptability – Capable of delivering across multiple customer environments, technologies, and project types in a fast-paced MSSP setting.
• Customer Empathy & Commercial Awareness – Understands the operational importance of technical design choices and balances customer needs with service feasibility.

Critical Competencies – Technical Fit

• Security Tooling & Architecture – Deep understanding of SOC-aligned technologies across SIEM, EDR, SOAR, log pipelines, and detection tooling.
• Telemetry and Log Management – Ability to design and deliver scalable architectures for data ingestion, correlation, and automation.
• Networking & Infrastructure – Strong working knowledge of networking protocols, cloud environments, and security integration patterns.
• Detection & Threat Context – Familiarity with frameworks such as MITRE ATT&CK and understanding of detection engineering and threat hunting principles.

Key Knowledge & Skills – Senior Microsoft SOC Engineering

• Strong background/experience working with Microsoft Azure, MS Sentinel, MS Defender XDR.
• Microsoft Security Operations (SC-200 Certification) Senior-level engineering knowledge aligned to SC-200, focused on platform deployment, configuration, systems integration, detection enablement, automation, and operational stability.
• MS Sentinel / Microsoft XDR & Unified Defender Portal (Platform Ownership) Deep hands-on experience engineering and operating MS Sentinel and preferably the new Unified Microsoft ‘Unified Defender XDR’ portal, supporting a production MSSP SOC environment.
• MS Defender Suite experience Operational experience supporting / managing components of the wider MS Defender suite, including: Defender for Endpoint, Identity, Office 365, Cloud Apps, Entra ID, and Defender for Cloud.
• Sentinel to Defender XDR Transition & Hybrid SOC Architecture Experience migrating SOC services from a Microsoft Sentinel centric model to a Defender XDR first operating model.
• Microsoft Sentinel – SOC Engineering Strong engineering capability in Microsoft Sentinel, including data connector onboarding, ingestion optimisation, analytic rule lifecycle management, workspace architecture, and cost-aware service design for multi-tenant MSSP use cases.
• Advanced KQL (Engineering & Detection Enablement) Expert-level KQL skills to support detection engineering, correlation logic, operational tuning, and platform performance across Sentinel and Defender data sources.
• SOAR & Automation (Logic Apps) Proven experience designing and maintaining Logic App based automation for Sentinel and Defender integrations, focusing on reliability, security, and repeatable MSSP service delivery.
• MSSP SOC Platform Engineering & Service Development Experience owning and evolving Microsoft security platforms as managed services, including onboarding new Microsoft Defender SKUs, standardising configurations, maintaining service health, and enabling SOC analysts through stable, well-engineered tooling.