SOC Engineer - 6 month FTC in London

We are a leading international law and professional services firm providing legal, corporate and fiduciary services to global corporations, financial institutions, capital market participants and investment fund managers. With a global presence spanning the Americas, Europe, the Middle East and Asia, we advise on the laws of Bermuda, the British Virgin Islands, the Cayman Islands, Guernsey, Ireland and Jersey.

Overview Of Role

We are seeking a highly skilled SOC Engineer to strengthen and mature our Security Information and Event Management (SIEM) platform. The successful candidate will focus on onboarding new log sources, optimising data pipelines, developing advanced detection use cases, and improving overall SOC detection and response capability. This role is ideal for a security professional with strong SIEM engineering experience and a passion for building robust, effective, and scalable security monitoring environments. The SOC Engineer will report to Information Security Operations Manager and work with the Walkers CISO group for implementing and maintaining security controls and tools. Work collaboratively with other departments to improve our security posture.

Duties, Responsibilities & Person Specification

• Enhance and optimise the existing SIEM platform to improve performance, coverage, and fidelity.
• Conduct regular assessments of SIEM architecture and propose improvements to ingestion pipelines, parsing rules, correlation logic, and storage management.
• Implement automation and orchestration components (SOAR) to streamline incident response activities.
• Identify, prioritise, and onboard new log sources from cloud, on‑prem, network, endpoint, identity, and application platforms.
• Develop and maintain custom parsers, connectors, and ingestion playbooks.
• Work with internal teams and vendors to ensure high-quality, reliable telemetry and error‑free ingestion.
• Design, implement, test, and tune detection use cases based on attacker techniques (MITRE ATT&CK), threat intelligence, and risk appetite.
• Build correlation rules, anomaly‑based detections, dashboards, and alerting workflows.
• Regularly review detection efficacy and reduce false positives through tuning and logic refinement.
• Work closely with SOC analysts to validate and refine detection logic.
• Support incident investigations through SIEM searches, enrichment, and data modelling.
• Provide technical SME support for complex incidents that require deep SIEM or log knowledge.

Documentation & Governance

• Maintain high‑quality documentation covering data models, feed onboarding, use cases, correlation logic, and architecture.
• Ensure alignment with internal controls, compliance requirements, and industry standards.

Education, Skills & Experience

• Hands‑on experience with leading SIEM platforms (e.g., Exabeam, LogRhythm, ArcSight, Microsoft Sentinel, Splunk, QRadar, Elastic).
• Strong understanding of log formats (JSON, syslog, XML, CEF, etc.) and ingestion technologies (Syslog, API, Event Hubs, Kafka, Agents).
• Practical knowledge of detection engineering, threat modelling, and attacker behaviour analysis.
• Experience building and tuning correlation rules, searches, and dashboards.
• Familiarity with SOAR platforms and automation workflows.

• Strong understanding of networking, Windows/Linux systems, Cloud platforms (Azure/AWS/GCP), identity systems, and endpoint protection technologies (e.g. SentinelOne and Microsoft Defender).
• Knowledge of MITRE ATT&CK, cyber kill chain, and threat hunting methodologies.

• Level 4 or higher qualification in a computing subject, or equivalent experience.
• IT experience including both IT Infrastructure and Information Security roles.
• Relevant professional certifications that validate the fundamental skills required to perform the role, e.g. GIAC (GCIA, GCDA, GMON), Microsoft SC-200/SC-100, CompTIA Secure Infrastructure Specialist (CSIS), SSCP/CISSP etc.
• Strong skill level in scripting technologies, including Python, MS PowerShell and PowerApps.
• Ability to conduct research into Infrastructure issues and products as required.
• Self‑starting with strong interpersonal, written, and oral communication skills.
• Ability to engage colleagues at all levels and project a solid, professional attitude consistently.

• Secure Remote Access solutions.
• Network Security solutions.
• Open Source and Cyber Threat Intelligence.
• Suitable experience working with the market leading technology vendor product suites.
• Experience in software‑defined and cloud services such as SaaS, IaaS, PaaS and DaaS.
• Experience in Disaster Recovery Management and Business Continuity.
• Knowledge of applicable data privacy practices and laws.

Please be advised this role requires you to be in the office 2 days a week. Please note, this is not a day-rate contract. Walkers global is an equal opportunity employer. Equality and diversity are key to our global identity and an integral part of our goal to continue being an employer of choice. We are committed to a work environment that supports all individuals irrespective of gender, ethnicity, nationality, race, religion, marital status, age, disability, pregnancy, sexual orientation, gender identity or any other applicable legally protected characteristics. We make every effort to ensure that employment opportunities are open and accessible to all purely on the basis of personal ability.