SOC Security Analyst (Microsoft Sentinel & Defender Specialist) (BBBH64047) Manchester, England
Salary: Market
SOC Security Analyst (Microsoft Sentinel & Defender Specialist)
Whitehall resources are looking for an experiencedSOC Security Analyst (Microsoft Sentinel & Defender Specialist). This role is hybrid working with 2-3 days per week on site in Manchester, and the remainder remote working, for an initial 6-month contract.
***Inside IR35***
Job Summary:
We are seeking a highly skilled and experienced SOC L3 Analyst with strong engineering knowledge and deep expertise in Microsoft Sentinel and the Microsoft Defender suite. The ideal candidate will take a lead role in advanced threat detection, incident response, detection engineering, and security monitoring, while also optimisinglicense consumption and SIEM integration efforts.
Key Responsibilities:
Advanced Threat Detection & Incident Response
- Investigate and analyze complex security incidents escalated from L1/L2 SOC analysts.
- Leverage Microsoft Sentinel (SIEM) and Microsoft Defender XDR to conduct in-depth incident response.
- Correlate multi-source telemetry (network, endpoint, identity, cloud) to identify and contain threats.
Threat Hunting & Detection Engineering
- Perform proactive threat hunting using KQL within Microsoft Sentinel.
- Develop and fine-tune custom analytics rules, workbooks, and hunting queries.
- Apply the MITRE ATT&CK framework to build coverage and improve threat visibility.
Security Engineering & Platform Management
- Onboard and integrate new data sources into Microsoft Sentinel, ensuring accurate log ingestion and parsing.
- Build and manage data connectors, custom log parsers, and normalisationschemas.
- Collaborate with cloud and infrastructure teams to onboard telemetry from endpoints, identity systems, and SaaS platforms.
License Usage Monitoring & Optimisation
- Monitor Microsoft Sentinel and Defender license consumption on an ongoing basis.
- Analyseand average daily ingestion volumes, ensuring alignment with the procured license limits.
- Recommend optimisationstrategies to control costs without compromising visibility or detection capabilities.
Automation & Response
- Design and implement automated response workflows using Sentinel playbooks (Logic Apps).
- Enhance response efficiency by developing SOAR integrations across security tooling.
Documentation & Reporting
- Produce comprehensive incident reports and root cause analyses.
- Maintain technical documentation for use cases, configurations, response procedures, and data source onboarding.
- Generate regular dashboards and reports for SOC leadership and compliance stakeholders.
Required Skills & Qualifications:
- Bachelor’s degree in computer science, Cybersecurity, Engineering, or a related field.
- 5+ years of hands-on experience in cybersecurity operations.
- Minimum 2 years of experience with Microsoft Sentinel and Microsoft Defender suite.
Skills:
- KQL (Kusto Query Language)
- Security architecture and data integration
- Azure and Microsoft 365 security services
- Experience in onboarding and managing log sources in a SIEM.
- Understanding of log ingestion cost management and licensing considerations in Sentinel.
- Familiarity with cloud-native security tools and threat intelligence integration.
- Scripting experience (e.g., PowerShell, Python) is an advantage.
Preferred certifications:
- SC-200: Microsoft Security Operations Analyst
- AZ-500: Microsoft Azure Security Technologies
- GCIA, GCIH, or equivalent
Preferred Personal Attributes:
- Strong analytical and problem-solving mindset.
- Ability to lead under pressure during real-time incidents.
- Clear and effective communicator—both verbal and written.
- Proactive, self-driven, and committed to continuous improvement.
Name:
Please include your first and last name.
Email: @
Phone:
Please include your country code.
CV / Resume:
Yes, I am currently eligible to work (work permit/visa/citizenship) in the country to which I am applying. No, I am not currently eligible to work (work permit/visa/citizenship) in the country to which I am applying.
#J-18808-Ljbffr