SOC Analyst Level 2 in Birmingham

This role requires deep expertise in SIEM platforms including Splunk, IBM QRadar, Microsoft Defender, Microsoft Sentinel, and Google Chronicle, with a strong focus on playbook development, analytical rule creation, and threat modelling. Must be able to obtain SC Clearance or already hold SC clearance.

SIEM Expertise:

• Hands-on experience with at least two of the following: Splunk, IBM QRadar, Microsoft Defender for Endpoint, Microsoft Sentinel, Google Chronicle.
• Strong knowledge of log formats, parsing, and normalization.
• Experience with KQL, SPL, AQL, or other SIEM query languages.
• Familiarity with scripting (Python, PowerShell) for automation and enrichment.
• Deep understanding of threat detection, incident response, and cyber kill chain.
• Familiarity with MITRE ATT&CK, NIST, and CIS frameworks.
• Strong verbal and written English communication.
• Strong interpersonal and presentation skills.
• Strong analytical skills.
• Good understanding of network traffic flows and ability to understand normal and suspicious activities.
• Good understanding of Vulnerability Scanning and management as well as Ethical Hacking (Penetration Testing).
• Knowledge of ITIL disciplines such as Incident, Problem and Change Management.
• Ability to work with minimal levels of supervision.
• Willingness to work in a job that involves 24/7 on call.
• Minimum of 3 to 5 years of experience in the IT security industry, preferably working in a SOC/NOC environment.
• Preferably holds Cyber Security Certification e.g. ISC2 CISSP, GIAC, SC-200, Splunk Certified Admin/Power User, IBM QRadar Certified Specialist, Google Chronicle Security Engineer etc.
• Experience with Service Now Security suite.
• Experience with Cloud platforms (AWS and/or Microsoft Azure).
• Excellent knowledge of Microsoft Office products, especially Excel and Word.

What the job involves:

• The primary function of the Senior SOC Engineer is to enhance our security operations capabilities.
• You will be instrumental in building and optimizing our detection and response strategies.
• Deploy, configure, and maintain SIEM platforms (Splunk, QRadar, Sentinel, Defender, Chronicle).
• Onboard and normalize log sources across cloud and on-prem environments.
• Develop and optimize analytical rules for threat detection, anomaly detection, and behavioural analysis.
• Design and implement incident response playbooks for various threat scenarios (e.g., phishing, lateral movement, data exfiltration).
• Integrate playbooks with SOAR platforms (e.g., Microsoft Logic Apps, XSOAR) to automate triage and response.
• Continuously refine playbooks based on threat intelligence and incident feedback.
• Monitor and analyse security alerts and events to identify potential threats.
• Perform in-depth investigations and coordinate incident response activities.
• Collaborate with threat intelligence teams to enrich detection logic.
• Conduct threat modelling exercises using frameworks like MITRE ATT&CK, STRIDE, or Kill Chain.
• Translate threat models into actionable detection use cases and SIEM rules.
• Prioritise detection engineering efforts based on risk and business impact.
• Generate reports and dashboards for stakeholders on security posture and incident trends.
• Work closely with IT, DevOps, and compliance teams to ensure secure system configurations.
• Provide mentorship and guidance to junior analysts and engineers.
• Maintain accurate and up-to-date documentation of security procedures, incident response plans, and analysis reports.
• Support the creation of monthly reporting packs as per contractual requirements.
• Create and document robust event and incident management processes, Runbooks & Playbooks.
• Involvement in scoping and standing up new solutions for new opportunities.
• Assisting Pre-Sales team with requirements on new opportunities.
• Demonstrations of SOC tools to clients.
• Continual Service Improvement - Recommendations for change to address incidents or persistent events.