At a Glance
- Tasks: Monitor security alerts, analyse incidents, and automate response playbooks using Python.
- Company: Join a rapidly growing in-house SecOps team at an innovative tech company.
- Benefits: Flexible working options, competitive salary, and opportunities for professional growth.
- Other info: Collaborative environment with a focus on continuous learning and career advancement.
- Why this job: Make a real impact in cybersecurity while leveraging cutting-edge technology and AI.
- Qualifications: 3+ years in SOC or SecOps, strong Python skills, and cloud security experience.
The predicted salary is between 60000 - 80000 £ per year.
Requirements
- 3+ years of experience in a SOC or SecOps Engineering role, with a strong background in both alert triage and security engineering
- Proficiency in Python: Ability to write clean code to automate workflows or interact with security APIs
- Cloud Fluency: Experience with security monitoring and incident response in cloud environments (AWS/GCP/Azure)
- Infrastructure as Code: Familiarity with managing security configurations through Git-based workflows
- Framework Knowledge: Strong understanding of attack vectors and the MITRE ATT&CK framework
- Education: A degree in a cyber-related field or relevant certifications (e.g., CompTIA Security+, CySA+, GCIH) is beneficial
We are looking for engineers who are masters of automation but remain grounded in analyst fundamentals. You should have a keen interest in leveraging AI and Large Language Models (LLMs) to reduce SOC toil - using AI to summarise complex alerts, auto-generate YARA-L detections, or build intelligent playbooks to stay ahead of modern threats.
You may be put off applying for a role because you don't tick every box. Forget that! While we can’t accommodate every flexible working request, we're always open to discussion. So, if you're excited about working with us, but aren’t sure if you're 100% there yet, get in touch anyway.
What the job involves
- To support our rapid growth, we are looking for talented engineers to join our foundational in‑house SecOps team. This is a “Full‑Stack” security role: you will move beyond traditional monitoring to develop and operate our security capabilities.
- Active Monitoring: Monitor security alerts and events generated by the SecOps platform and integrated cloud security tools.
- Triage & Analysis: Perform deep‑dive analysis of security incidents and anomalies, accurately distinguishing between true positives and false positives.
- Prioritisation: Manage the incident queue, prioritising alerts based on severity, potential impact, and business criticality.
- Detection as Code: Design and maintain sophisticated detection logic using YARA‑L. Manage the lifecycle of these rules and configurations using IaC principles for version control.
- SOAR Extension: Lead the automation of response playbooks. You will write and extend SOAR capabilities using Python, creating custom integrations and “Managers” to connect SecOps with internal APIs.
- Tool Optimisation: Identify opportunities for automation to streamline operations and contribute to the continuous tuning and maintenance of SOC tools.
- End‑to‑End Investigation: Investigate incidents thoroughly, leveraging logs from platforms, endpoints, and applications mapped to the Unified Data Model (UDM).
- Incident Lifecycle: Lead containment, eradication, and recovery efforts in collaboration with Security and Technology teams.
- Documentation: Maintain comprehensive records of incident details, findings, and remediation steps to ensure a high standard of auditability.
- Group Collaboration: Work closely with the Group SOC team to align on global security standards and coordinate response efforts during cross‑entity incidents.
- Threat Hunting: Stay informed about the latest cyber threats and cloud‑specific vulnerabilities, conducting proactive threat‑hunting activities using available telemetry.
Security Operations Engineer (Engine by Starling) employer: Engine by Starling
At Starling, we pride ourselves on being an exceptional employer that fosters a culture of innovation and collaboration. Our Security Operations Engineers are empowered to grow their skills in a dynamic environment, leveraging cutting-edge technology and AI to tackle modern security challenges. With flexible working arrangements and a commitment to employee development, we offer a rewarding career path in the heart of the tech industry.
StudySmarter Expert Advice🤫
We think this is how you could land Security Operations Engineer (Engine by Starling)
✨Tip Number 1
Network like a pro! Attend industry meetups, webinars, or even local tech events. You never know who might be looking for someone with your skills, and it’s a great way to get your name out there.
✨Tip Number 2
Show off your skills! Create a GitHub repository showcasing your Python projects or any automation scripts you've developed. This gives potential employers a tangible look at what you can do.
✨Tip Number 3
Don’t just apply; engage! When you find a role that excites you, reach out to the hiring manager or team on LinkedIn. A friendly message expressing your interest can set you apart from the crowd.
✨Tip Number 4
Keep learning and adapting! Stay updated on the latest trends in security and automation. Join forums or online courses to enhance your knowledge, and don’t hesitate to mention this during interviews.
We think you need these skills to ace Security Operations Engineer (Engine by Starling)
Some tips for your application 🫡
Show Off Your Skills:Make sure to highlight your experience in SOC or SecOps roles. We want to see your proficiency in Python and any cloud security experience you've got. Don’t hold back on showcasing your automation skills!
Tailor Your Application:Take a moment to customise your application for this role. Use the job description as a guide and align your experiences with what we’re looking for. It shows us you’re genuinely interested and have done your homework!
Be Yourself:Don’t stress if you don’t tick every single box. We value enthusiasm and a willingness to learn just as much as experience. If you’re excited about the role, let that shine through in your application!
Apply Through Our Website:We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you’re considered for the role. Plus, it’s super easy!
How to prepare for a job interview at Engine by Starling
✨Know Your Stuff
Make sure you brush up on your SOC and SecOps knowledge. Be ready to discuss your experience with alert triage, security engineering, and how you've used Python to automate workflows. They’ll want to see that you can not only talk the talk but also walk the walk.
✨Show Off Your Cloud Skills
Since this role involves cloud environments like AWS, GCP, or Azure, be prepared to share specific examples of your experience in security monitoring and incident response in these platforms. Highlight any projects where you’ve managed security configurations through Git-based workflows.
✨Demonstrate Your Automation Mindset
This position is all about automation, so think of ways you've streamlined processes in your previous roles. Be ready to discuss how you’ve leveraged AI or LLMs to reduce SOC toil, and come armed with ideas for how you could apply these concepts in their environment.
✨Engage in a Two-Way Conversation
Interviews are a chance for both sides to learn about each other. Don’t hesitate to ask questions about their team dynamics, the tools they use, and how they approach threat hunting. This shows your genuine interest and helps you assess if it’s the right fit for you.
