Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead security incident investigations and improve detection processes using Microsoft tools.
- Company: Join a £100M+ IT Services Consultancy transforming the public sector in the UK.
- Benefits: Enjoy flexible working, wellness support, and 25 days annual leave plus bank holidays.
- Why this job: Make a real impact on society while developing your skills in a supportive environment.
- Qualifications: Experience in SOC roles and strong knowledge of Microsoft security platforms required.
- Other info: Collaborative culture with opportunities for professional growth and fun team events.
The predicted salary is between 36000 - 60000 £ per year.
Methods is a £100M+ IT Services Consultancy who has partnered with a range of central government departments and agencies to transform the way the public sector operates in the UK. Established over 30 years ago and UK-based, we apply our skills in transformation, delivery, and collaboration from across the Methods Group, to create end-to-end business and technical solutions that are people-centred, safe, and designed for the future.
As a Level 2 SOC Analyst, you are the senior technical responder within the secure operations team, responsible for owning security incidents end-to-end using the Microsoft security platform. You will act as the escalation point for Level 1 analysts and as the technical lead during active incidents, conducting deep investigations across Microsoft Sentinel, Microsoft Defender XDR, and Entra ID to validate threats, contain attackers, and coordinate remediation.
Key responsibilities:
- Incident investigation & response (primary focus)
- Act as an escalation point for all security alerts raised by Level 1 analysts.
- Validate incidents and determine severity, scope, root cause, and business impact.
- Lead technical investigations using Microsoft Sentinel, Microsoft Defender XDR, and Entra ID sign-in and audit logs.
- Correlate identity, endpoint, email, and cloud activity to reconstruct attack chains and timelines.
- Own incidents through identification, containment, eradication coordination, recovery validation, and post-incident review and documentation.
- Execute or coordinate containment actions including device isolation, account disablement, revocation of tokens, and blocking malicious indicators.
- Produce high-quality incident records including evidence, actions taken, root cause analysis, and lessons learned.
- Serve as technical incident lead during major security events.
- Provide accurate, timely updates to IT, security leadership, and affected teams.
- Maintain clear case management, documentation, and shift handovers.
- Contribute to operational reporting.
- Participate in a business-hours operating model with an on-call rotation for out-of-hours incidents.
- Act as a trusted technical point of contact for SOC service discussions.
- Tune Sentinel analytics rules to reduce false positives and missed threats.
- Improve correlation logic, entity mapping, and severity scoring.
- Develop and maintain Sentinel investigation playbooks and incident response runbooks.
- Build and refine SOAR workflows using Logic Apps.
- Perform quality assurance on Level 1 investigations and provide structured coaching feedback.
- Identify gaps in detection coverage and propose practical improvements.
- Provide informal technical leadership to Level 1 analysts through mentoring and coaching.
- Set and reinforce expectations for investigative rigour and documentation quality.
- Work closely with various teams to support onboarding of new Microsoft data connectors and Defender features.
Requirements:
- Years of experience in a SOC or security operations role with ownership of complex investigations.
- Strong hands-on experience with Microsoft Sentinel, Microsoft Defender for Endpoint, and other Microsoft security tools.
- Solid understanding of Windows internals, identity-based attacks, and common attacker techniques.
- Confident writing technical incident reports and stakeholder updates.
Certifications (desirable):
- Microsoft SC-200 (Security Operations Analyst)
- CompTIA CySA+ / Security+
- GIAC certifications (GCIH, GCIA, GMON)
Working pattern:
- Monday to Friday, business hours
- Participation in a rotating on-call schedule for evenings/weekends to support major security incidents.
Benefits:
- Autonomy to develop and grow your skills and experience.
- Be part of exciting project work that is making a difference in society.
- A supportive and collaborative environment.
- Access to LinkedIn Learning and training.
- 24/7 confidential employee assistance programme.
- Flexible working options.
- 25 days of annual leave plus bank holidays.
- 2 paid days per year to volunteer.
- Pension scheme with employer contribution.
- Private Medical Insurance.
- Enhanced Maternity and Paternity Pay.
SOC Analyst in London employer: Methods Business and Digital Technology
Contact Detail:
Methods Business and Digital Technology Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land SOC Analyst in London
✨Tip Number 1
Network like a pro! Reach out to folks in the industry, attend meetups, and connect with people on LinkedIn. You never know who might have the inside scoop on job openings or can put in a good word for you.
✨Tip Number 2
Prepare for interviews by practising common SOC Analyst questions and scenarios. Get comfortable explaining your thought process during incident investigations, as this will show your analytical skills and technical knowledge.
✨Tip Number 3
Showcase your skills through personal projects or contributions to open-source security tools. This not only demonstrates your passion but also gives you real-world examples to discuss during interviews.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, we love seeing candidates who are proactive about their job search.
We think you need these skills to ace SOC Analyst in London
Some tips for your application 🫡
Tailor Your CV: Make sure your CV is tailored to the SOC Analyst role. Highlight your experience with Microsoft Sentinel and Defender tools, and don’t forget to mention any relevant certifications. We want to see how your skills align with what we’re looking for!
Craft a Compelling Cover Letter: Your cover letter is your chance to shine! Use it to explain why you’re passionate about security operations and how your background makes you a great fit for our team. Keep it engaging and personal – we love a bit of personality!
Showcase Your Incident Response Skills: In your application, be sure to include specific examples of incidents you've managed or responded to. We want to know how you’ve handled challenges in the past and what you learned from them. This will help us see your problem-solving skills in action!
Apply Through Our Website: We encourage you to apply directly through our website. It’s the best way to ensure your application gets into the right hands. Plus, you’ll find all the details about the role and our company culture there!
How to prepare for a job interview at Methods Business and Digital Technology
✨Know Your Tools Inside Out
Make sure you’re well-versed in Microsoft Sentinel, Defender for Endpoint, and Entra ID. Brush up on KQL querying and be ready to discuss how you've used these tools in past incidents. Being able to demonstrate your hands-on experience will show that you're not just familiar with the tech, but that you can leverage it effectively.
✨Prepare for Scenario-Based Questions
Expect to face scenario-based questions that test your incident response skills. Think of specific incidents you've handled before and be ready to walk through your thought process, from identification to containment and recovery. This will highlight your problem-solving abilities and technical leadership.
✨Showcase Your Continuous Improvement Mindset
Methods values continuous improvement, so come prepared with examples of how you've enhanced detection quality or improved processes in previous roles. Discuss any playbooks or automation workflows you've developed, as this will demonstrate your proactive approach to SOC operations.
✨Communicate Clearly and Confidently
As a SOC Analyst, you'll need to communicate effectively with various stakeholders. Practice articulating complex technical concepts in a clear and concise manner. Be ready to explain how you would provide updates during major security events, as strong communication is key to building trust within the team.
