Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead security incident investigations and improve SOC operations using Microsoft technologies.
- Company: Join a £100M+ IT Services Consultancy transforming the public sector in the UK.
- Benefits: Enjoy flexible working, wellness support, and 25 days annual leave plus bank holidays.
- Why this job: Make a real impact on society while developing your skills in a supportive environment.
- Qualifications: 2+ years in SOC or security operations with strong Microsoft Sentinel experience.
- Other info: Participate in fun office events and volunteer days to give back to the community.
The predicted salary is between 36000 - 60000 £ per year.
Methods is a £100M+ IT Services Consultancy who has partnered with a range of central government departments and agencies to transform the way the public sector operates in the UK. Established over 30 years ago and UK-based, we apply our skills in transformation, delivery, and collaboration from across the Methods Group, to create end-to-end business and technical solutions that are people-centred, safe, and designed for the future.
As a Level 2 SOC Analyst, you are the senior technical responder within the secure operations team, responsible for owning security incidents end-to-end using the Microsoft security platform. You will act as the escalation point for Level 1 analysts and as the technical lead during active incidents, conducting deep investigations across Microsoft Sentinel, Microsoft Defender XDR, and Entra ID to validate threats, contain attackers, and coordinate remediation.
Key responsibilities:
- Incident investigation & response (primary focus)
- Act as an escalation point for all security alerts raised by Level 1 analysts.
- Validate incidents and determine severity, scope, root cause, and business impact.
- Lead technical investigations using Microsoft Sentinel, Microsoft Defender XDR, and Entra ID.
- Own incidents through identification, containment, eradication coordination, recovery validation, and post-incident review.
- Produce high-quality incident records including evidence, actions taken, root cause analysis, and lessons learned.
- Serve as technical incident lead during major security events.
- Provide accurate, timely updates to IT, security leadership, and affected teams.
- Contribute to operational reporting and participate in a business-hours operating model with an on-call rotation.
- Tune Sentinel analytics rules to reduce false positives and missed threats.
- Develop and maintain incident response runbooks and triage guides for Defender alerts.
- Provide informal technical leadership to Level 1 analysts through mentoring and coaching.
What success looks like:
- Incidents are accurately classified and contained quickly.
- Sentinel alert quality continuously improves.
- Stakeholders trust SOC technical judgement and communication.
- Level 1 analysts steadily increase investigation quality and independence.
- Playbooks and automation remain current and operationally useful.
Required experience & skills:
- 2+ years’ experience in a SOC or security operations role with ownership of complex investigations.
- Strong hands-on experience with Microsoft Sentinel, Microsoft Defender for Endpoint, Defender for Office 365, Defender for Identity, Defender for Cloud Apps, and Entra ID logs.
- Solid understanding of Windows internals, identity-based attacks, email threat techniques, and common attacker TTPs.
- Confident writing technical incident reports and stakeholder updates.
Working pattern:
- Monday to Friday, business hours.
- Participation in a rotating on-call schedule for evenings/weekends to support major security incidents.
By joining us you can expect:
- Autonomy to develop and grow your skills and experience.
- Be part of exciting project work that is making a difference in society.
- A supportive and collaborative environment.
- Access to LinkedIn Learning and training.
- 25 days of annual leave a year, plus bank holidays.
- 2 paid days per year to volunteer in our local communities.
- Private Medical Insurance and Life Assurance.
SOC Analyst - Lv2 employer: Methods Business and Digital Technology
Contact Detail:
Methods Business and Digital Technology Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land SOC Analyst - Lv2
✨Tip Number 1
Network like a pro! Reach out to folks in the industry, attend meetups, and connect with current employees at Methods. A friendly chat can sometimes lead to opportunities that aren’t even advertised!
✨Tip Number 2
Show off your skills! If you’ve got experience with Microsoft Sentinel or Defender, consider doing a mini-project or case study. Share it on LinkedIn or during interviews to demonstrate your expertise and passion.
✨Tip Number 3
Prepare for the interview by brushing up on common SOC scenarios. Think about how you’d handle specific incidents and be ready to discuss your thought process. We love seeing candidates who can think on their feet!
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, it shows you’re genuinely interested in joining the Methods team!
We think you need these skills to ace SOC Analyst - Lv2
Some tips for your application 🫡
Tailor Your CV: Make sure your CV is tailored to the SOC Analyst role. Highlight your experience with Microsoft Sentinel and other relevant tools, and don’t forget to showcase your incident response skills. We want to see how you can bring value to our team!
Craft a Compelling Cover Letter: Your cover letter is your chance to shine! Use it to explain why you're passionate about security operations and how your background aligns with our mission at Methods. Keep it engaging and personal – we love a good story!
Showcase Your Technical Skills: In your application, be sure to highlight your hands-on experience with Microsoft Defender and Entra ID. We’re looking for someone who can hit the ground running, so let us know how you've tackled complex investigations in the past.
Apply Through Our Website: We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you’re considered for the role. Plus, you’ll get to explore more about what we do at Methods!
How to prepare for a job interview at Methods Business and Digital Technology
✨Know Your Tools Inside Out
Make sure you’re well-versed in Microsoft Sentinel, Defender XDR, and Entra ID. Brush up on KQL querying and analytics rules, as these will be crucial during your interview. Being able to discuss specific examples of how you've used these tools in past incidents will really impress the interviewers.
✨Showcase Your Incident Response Skills
Prepare to talk about your experience with incident investigation and response. Have a couple of detailed examples ready where you led an investigation, detailing how you validated incidents, contained threats, and coordinated remediation. This will demonstrate your hands-on experience and problem-solving abilities.
✨Communicate Clearly and Confidently
During the interview, practice clear and concise communication. You’ll need to explain complex technical concepts to non-technical stakeholders, so being able to articulate your thoughts effectively is key. Consider doing mock interviews with friends or colleagues to refine your delivery.
✨Emphasise Continuous Improvement
Discuss how you’ve contributed to improving detection quality and operational effectiveness in previous roles. Be ready to share ideas on how you would enhance playbooks, automation, and analyst capabilities at Methods. This shows that you’re not just reactive but also proactive in your approach to security.
