Principal Security Analyst in Uxbridge

Location: UK – Uxbridge, Manchester, or Sheffield

On‑call: Yes – 7‑day on‑call rota every other week.

Overview: We are looking for a Principal Security Analyst to play a key leadership role in our multi‑client SOC. This senior, day‑shift position will own complex security incidents, lead our security engineering function, and work closely with clients across onboarding, BAU and occasional pre‑sales activities. The role supports 3–4 key clients and focuses on Microsoft Defender and Sentinel, Tenable for vulnerability management, and ServiceNow for ticketing and workflows.

Key responsibilities:

• Lead and support the SOC team:
• Provide day‑to‑day leadership and technical guidance to Security & Senior Security Analysts.
• Act as an escalation point for complex incidents and investigations.
• Coach, mentor, and develop teammates to continually raise the bar.
• Own incident investigation & response:
• Respond to complex security incidents, performing deep‑dive investigations and root‑cause analysis.
• Ensure accurate, high‑quality incident documentation and post‑incident review.
• Collaborate with other security and operations teams to drive timely resolution and clear stakeholder updates.
• Optimise security platforms & processes:
• Tune and maintain security platforms (SIEM, IDS/IPS, firewalls) to improve detection, triage, and response.
• Develop and maintain security tools and technologies to enhance SOC capabilities.
• Create and refine security procedures, playbooks, and guidelines for consistent, effective response.
• Drive continuous improvement & new services:
• Continuously monitor and review security posture and recommend improvements.
• Function as a key contributor to new SOC service offers, such as Threat & Vulnerability Management.
• Work closely with the Senior Security Operations Manager and Senior Analysts to shape the SOC technology roadmap and align with Insight’s growth strategy.
• Partner with clients & Service Delivery Managers:
• Collaborate directly with clients to understand their unique security needs and tailor services accordingly.
• Support client‑specific rule sets and mitigation advice.
• Serve as a key technical advisor to Service Delivery Managers, contributing to strong, long‑term client relationships.
• Senior escalation point for SOC analysts on complex or high‑severity incidents.
• Monitor, investigate, and respond to security alerts across Microsoft Sentinel and Microsoft Defender suite.
• Tune and optimise detection rules, playbooks and use cases to reduce noise and improve detection quality.
• Support and mentor junior SOC analysts – reviewing cases, coaching on investigation techniques, and helping them grow.
• Work tickets and workflows in ServiceNow as part of incident and request handling.
• Engage directly with clients to explain findings, remediation steps, and risk in clear, non‑jargon language.
• Lead / contribute to weekly incident review and threat review meetings.
• Collaborate with clients and internal teams on onboarding activities (new log sources, use cases, environments).
• Collaborate with security engineering and platform teams on improvements to the SOC toolset and processes.
• Participate in the on‑call rota every other week, providing out‑of‑hours escalation support.
• Own and drive continuous improvement initiatives for the SOC (use‑case roadmap, automation, reporting).
• Support vulnerability management cycles using Tenable – reviewing scan results, prioritising vulnerabilities, and advising on remediation.
• Contribute to client‑facing reports, service reviews, and improvements to KPIs and SLAs.
• Provide input into pre‑sales / solution design for prospective SOC clients.
• Help shape wider SOC strategy, standards, and best practice.

Key skills and experience required:

• Strong client‑facing and communication skills – able to translate technical detail into business‑relevant language.
• Comfortable operating as a senior / principal figure in the SOC, influencing direction and standards.
• Collaborative, initiative‑taking, and able to work effectively in a small, growing team.
• Experience in cyber security, with a strong background in a SOC environment.
• Experience working in a multi‑client SOC / MSSP or large consultancy is highly desirable.
• Proven experience handling and leading high‑severity incidents end‑to‑end.
• Solid understanding of common attack techniques, incident response, and threat detection.
• Ability to quickly become productive with minimal hand‑holding in a Microsoft‑centric SOC stack.
• Strong hands‑on experience with Microsoft Sentinel, Microsoft Defender (Defender for Endpoint, Defender for Cloud), ServiceNow (or similar ITSM platform), and vulnerability management tools such as Tenable.

Nice to have:

• Microsoft SC‑200 (Security Operations Analyst)
• Microsoft SC‑300 (Identity and Access Administrator)
• CompTIA Security+.

Must be eligible for UK Security Clearance (SC).

Benefits:

• Hybrid position – expected to work in the office three times a week.
• Working hours: day‑shift with 7‑day on‑call rota every other week.

Equal Opportunity Employer:

Insight is an equal opportunity employer and is committed to achieving diversity and equality within our organisation. We encourage people from diverse backgrounds to apply. Any information provided regarding adjustments for applicants with disabilities will be kept confidential and used solely for the recruitment process.