XSOAR/SOAR Engineer in Basingstoke

Nomios’ mission is to build a secure and connected future. Organisations across the globe depend on us to help secure and connect their digital infrastructures. As part of our continued UK growth, we are expanding our Professional Services capability and seeking a XSOAR/SOAR Engineer to deliver specialist security engineering and operations consultancy across our customer base.

This is a hands‑on technical role within the Security Operations domain, focused on helping customers improve and automate their SOC functions, tooling, and detection capabilities. You will work across a range of technologies and engagements, from SOAR and SIEM implementation through to vulnerability management, exposure management, and process automation.

The XSOAR/SOAR Engineer role sits within the Security Operations Team, working directly with the Nomios SOC Engineering team. You will deliver a range of short to mid‑term customer projects, providing both technical engineering and advisory support across Security Operations tooling, architecture, and processes. Typical engagements include Azure Health Checks, SOAR and automation builds, SIEM and log source integration, parser creation, ruleset development, vulnerability management optimisation, and exposure management assessments.

Around half of your time will be spent delivering customer‑facing Professional Services projects, with the remainder focused on supporting internal engineering initiatives, labs, roadmap activities and innovation within the broader Security Operations Team. This position suits an experienced SOC or Security Engineer who enjoys working across multiple environments and technologies, and who is comfortable engaging directly with customers as a trusted technical consultant. We are particularly interested in speaking to individuals with Azure and Cloud based skillsets.

Responsibilities

• Deliver Professional Services engagements across SOAR, SIEM, XDR, vulnerability and exposure management platforms.
• Conduct Azure and cloud environment security health checks and configuration reviews.
• Design and build SOAR playbooks, integrations, and automation frameworks.
• Develop and maintain custom log source parsers, normalisation, and correlation logic.
• Deploy, configure, and optimise SIEM and XDR solutions for customer environments.
• Build and tune vulnerability management workflows and dashboards using common tools such as Rapid7, Tenable, and Qualys.
• Perform CTEM‑related assessments using tools such as Cymulate or XM Cyber.
• Produce clear technical documentation and customer deliverables following each engagement.
• Work closely with the internal SOC Engineering team to align practices and share technical improvements.
• Support engineering escalations and onboarding for customer environments.
• Contribute to engineering design sessions, roadmap planning, and internal innovation projects.
• Mentor and share knowledge with internal engineers and analysts.
• Identify and implement automation and efficiency improvements across customer and internal toolsets.
• Contribute to the development of reusable playbooks, connectors, and integration frameworks.
• Support the continual enhancement of Nomios’ Professional Services delivery templates, labs, and testing environments.

Job Requirements

We hire result‑orientated, smart, and high‑energy individuals who bring a can‑do attitude and a willingness to go the extra mile and deliver exceptional outcomes. You should be organised and rigorous, with excellent analytical skills. Good communication with internal stakeholders is vital, as is the ability to work as part of a dynamic team.

Required skills

• Minimum 1 year in a Security Operations Centre (SOC), or Minimum 3 years in infrastructure or networking roles with demonstrable security exposure.
• Experience triaging and investigating security alerts.
• Understanding of attacker behaviours, TTPs, and common malware execution chains (e.g., phishing leading to script or binary execution).
• Ability to recognise indicators of compromise such as unusual processes, network connections, irregular logon activity or file changes.
• Hands‑on experience with at least one major security platform (SIEM, EDR or XDR).
• Familiarity with ticketing tools such as ServiceNow, Salesforce, or JIRA.
• Familiarity with Windows event logs, authentication logs, basic process trees, and command‑line tools (Windows & Unix‑like systems).
• Understanding of core network protocols: DNS, HTTP, SMB, LDAP.
• Operational knowledge of Windows, macOS and Linux.
• Ability to read and interpret logs from multiple sources.
• Awareness of MITRE ATT&CK and differentiating legitimate admin activity vs suspicious behaviour.

Desirable skills

• Experience with Microsoft Sentinel, Google SecOps or other SIEM platforms.
• Experience with Defender, CrowdStrike, SentinelOne or other XDR solutions.
• Ability to query in KQL, CQL, S1QL, XQL or similar languages.
• Awareness of threat intelligence concepts and application to investigations.
• Awareness of coding or scripting, with proficiency in at least one language preferred (but not required).

Job Specifics

• Location: This role is home‑based with occasional visits to the office in Basingstoke.
• Security clearance: Eligibility for SC clearance (lived in the UK for five years consecutively) required. DV clearance eligibility is advantageous.

Why would you choose to come and work with us?

We invest in our people. You will get to work in a dynamic, fast‑paced environment where you are free to use your initiative in support of our strategic objectives. You will work alongside high calibre sales, technical, and operational experts as part of a supportive, tight‑knit team, within which every individual has an important part to play and makes a real difference. Nomios offers a highly competitive salary and commission scheme along with industry‑leading benefits.

Ready to make an impact? Apply now!

Nomios is an equal opportunity employer and is committed to creating and sustaining an environment in which everyone is provided with an equal opportunity to grow and develop, and no individual will be unjustly discriminated against. This includes, but is not limited to, discrimination because of age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion and belief, sex and sexual orientation.