At a Glance
- Tasks: Lead complex investigations and drive automation initiatives in a modern Security Operations Centre.
- Company: Join a forward-thinking tech company focused on proactive security solutions.
- Benefits: Competitive salary, career growth, and the chance to work with cutting-edge technologies.
- Other info: Dynamic environment with opportunities for continuous learning and improvement.
- Why this job: Make a real impact by neutralising sophisticated threats and mentoring future analysts.
- Qualifications: Experience in cloud security, incident response, and strong scripting skills required.
The predicted salary is between 36000 - 60000 € per year.
Location: United Kingdom
Type: Full-time, permanent
Due to the nature of the UK Government projects this role supports, this position is classified as a Reserved Post. In accordance with the Civil Service Nationality Rules, we can only accept applications from persons with UK residency (at least five years). Successful candidates must undergo National Security Vetting (NSV). This role requires Security Check SC level clearance as a minimum. Any offer of employment is strictly conditional upon the candidate successfully obtaining and maintaining this clearance. To meet the vetting criteria, you will be required to have been resident in the UK for a minimum of 5 years immediately prior to your application. Failure to obtain clearance or a lapse in residency history may result in the withdrawal of the employment offer.
In line with the Immigration, Asylum and Nationality Act 2006, all shortlisted candidates will be required to provide original documentation verifying their Right to Work in the UK and their British Citizenship during the initial interview stage. We conduct thorough Baseline Personnel Security Standard (BPSS) checks as a precursor to all higher-level clearances.
Role Overview
We are establishing a modern Security Operations Centre designed to deliver proactive, intelligence-driven security outcomes. Moving beyond traditional reactive monitoring, our SOC emphasises AI, automation, detection engineering, and deep cloud security visibility to identify and neutralise sophisticated threats at scale. The L3 SOC Analyst will act as the senior technical escalation point within the SOC, leading complex investigations, driving automation initiatives, and mentoring junior analysts. This role requires strong hands-on expertise across cloud security, threat hunting, incident response, and orchestration technologies.
What you will do
- Incident Response & Technical Escalation: Act as the final escalation point for complex incidents originating from L1/L2 analysis. Lead investigations into high-severity security events, including those impacting AWS, Azure, Kubernetes clusters and hybrid environments. Perform advanced forensic analysis across endpoints, cloud workloads, and network telemetry to determine root cause, impact, and remediation actions. Correlate telemetry from SIEM, EDR, CSPM, and cloud-native sources to identify sophisticated attack chains.
- Security Automation & SOAR Engineering: Design, develop, and maintain automated response playbooks within the SOAR platform to improve response efficiency. Build and maintain automation scripts (Python, Go, etc.) for alert enrichment, evidence collection, and containment. Integrate security platforms via APIs to enable streamlined, automated detection and response workflows. Identify opportunities to reduce Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) through automation and process optimisation.
- Threat Hunting & Detection Engineering: Conduct proactive threat hunting across enterprise and cloud environments using intelligence-driven and hypothesis-based methodologies. Serve as an SME for cloud security monitoring leveraging tools such as AWS GuardDuty, CloudTrail, CrowdStrike, and Proofpoint. Develop and tune SIEM detections, correlation rules, and EDR queries aligned to MITRE ATT&CK tactics and emerging threat intelligence.
- Mentorship & Continuous Improvement: Provide technical mentoring and guidance to L1/L2 analysts to strengthen SOC capability. Maintain and enhance SOC documentation including SOPs, runbooks, and response playbooks. Analyse incident trends and operational metrics to recommend improvements in detection coverage, automation effectiveness, and security posture.
What you bring
- Bachelor's degree in Computer Science, Cybersecurity, or related discipline (or equivalent industry experience).
- Extensive experience in Security Operations with demonstrable time in a senior analyst, threat hunter, or L3 role.
- Strong hands-on experience in cloud security monitoring and incident response across AWS, Azure, or GCP.
- Proven scripting and automation capability using Python, Go, PowerShell, Bash, etc.
- Practical experience with SOAR platforms (e.g., CrowdStrike Fusion SOAR) and SIEM technologies (e.g., CrowdStrike Falcon, Splunk, QRadar, Microsoft Sentinel).
- Deep understanding of EDR tooling, host/network forensics, and detection engineering practices.
- Strong working knowledge of the MITRE ATT&CK framework and its application in threat detection and hunting.
L3 SOC Analyst employer: Saviynt
At Saviynt, we pride ourselves on being an exceptional employer, particularly for the L3 SOC Analyst role based in the UK. Our commitment to fostering a collaborative and innovative work culture is complemented by robust employee growth opportunities, including mentorship programmes and continuous learning initiatives. With a focus on cutting-edge technology and proactive security measures, we offer a unique environment where your expertise in cloud security and incident response can thrive, making a meaningful impact on national security projects.
StudySmarter Expert Advice🤫
We think this is how you could land L3 SOC Analyst
✨Tip Number 1
Network like a pro! Get out there and connect with folks in the cybersecurity field. Attend meetups, webinars, or even online forums. The more people you know, the better your chances of landing that L3 SOC Analyst role.
✨Tip Number 2
Show off your skills! Create a portfolio showcasing your projects, especially those involving cloud security and automation. This will give potential employers a taste of what you can do and set you apart from the crowd.
✨Tip Number 3
Prepare for the interview like it’s a mission! Brush up on your technical knowledge, especially around incident response and threat hunting. Be ready to discuss real-world scenarios and how you’d tackle them.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen. Plus, we love seeing candidates who are proactive about their job search!
We think you need these skills to ace L3 SOC Analyst
Some tips for your application 🫡
Tailor Your CV:Make sure your CV is tailored to the L3 SOC Analyst role. Highlight your experience in cloud security, incident response, and any relevant automation skills. We want to see how your background aligns with what we're looking for!
Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Use it to explain why you're passionate about cybersecurity and how your skills can contribute to our modern Security Operations Centre. Keep it engaging and relevant to the job description.
Showcase Your Technical Skills:Don’t hold back on showcasing your technical expertise! Mention specific tools and technologies you’ve worked with, like AWS, Azure, or SIEM platforms. We love seeing hands-on experience that matches our needs.
Apply Through Our Website:We encourage you to apply directly through our website. It’s the best way to ensure your application gets into the right hands. Plus, it shows us you’re serious about joining our team!
How to prepare for a job interview at Saviynt
✨Know Your Stuff
Make sure you brush up on your technical knowledge, especially around cloud security and incident response. Be ready to discuss your hands-on experience with AWS, Azure, and any relevant scripting languages like Python or Go. The interviewers will want to see that you can not only talk the talk but also walk the walk.
✨Understand the Role
Familiarise yourself with the specific responsibilities of an L3 SOC Analyst. This includes leading investigations, mentoring junior analysts, and driving automation initiatives. Show that you understand how these tasks fit into the bigger picture of a modern Security Operations Centre.
✨Prepare for Scenario Questions
Expect to face scenario-based questions where you'll need to demonstrate your problem-solving skills. Think about past incidents you've handled and be ready to explain your thought process, the actions you took, and the outcomes. This is your chance to showcase your expertise in threat hunting and detection engineering.
✨Show Your Passion for Security
Let your enthusiasm for cybersecurity shine through. Discuss any personal projects, continuous learning, or contributions to the community that highlight your commitment to staying updated in this fast-paced field. Employers love candidates who are genuinely passionate about what they do!
