Microsoft Security Operations Centre (SOC) Analyst - T2 & T3
Security Clearance Required
Preferred Location - Newcastle
The SOC Analyst Team operates as a next‑generation, intelligence‑led Security Operations function, designed to deliver high‑quality, scalable 24x7 security monitoring and response.
All SOC analysts participate in a 24x7 shift model, ensuring uninterrupted service coverage, while also contributing to detection improvement, automation feedback, and service optimisation when operational demand allows.
Tier 2 - SOC Analyst
Technology Primary - Microsoft Sentinel & Service Now.
Role Purpose
Tier 2 SOC Analysts represent the primary human analysis function, responsible for investigating escalated alerts and incidents that require human judgement, contextual understanding, and analytical depth.
Key Responsibilities
* Perform deep investigation of escalated alerts and incidents from automated Tier 1 workflows
* Validate threats, scope impact, and determine severity using contextual analysis
* Investigate across multiple data sources, including:
o SIEM
o EDR / XDR
o Identity and authentication telemetry
o Cloud and SaaS platforms
* Coordinate and execute response actions in line with:
o Defined playbooks
o Client‑specific requirements
o Incident response procedures
* Maintain clear, high‑quality investigation documentation and handover notes
Operational Expectations
* Operate as part of a 24x7 shift rota
* Maintain accountability for investigation accuracy and quality
* Escalate complex or ambiguous cases to Tier 3 appropriately
* Provide structured feedback into:
o Detection tuning
o Alert quality improvements
o Automation optimisation
Continuous Improvement Contributions
When operational demand allows, Tier 2 analysts are expected to contribute insight time to platform improvement activities, supporting the Platform Automation Lead through:
* Identification of repeatable investigation patterns
* Feedback on automation opportunities
* Playbook refinement and improvement
* Detection logic tuning recommendations
Tier 3 - Senior SOC Analyst / Incident Specialist
Role Purpose
Tier 3 analysts provide advanced security expertise and escalation handling, focusing on complex, high‑risk, or ambiguous security incidents and ensuring consistent investigation quality across the SOC.
Key Responsibilities
* Handle escalations involving:
o High‑impact or business‑critical incidents
o Advanced or evasive attacker techniques
o Ambiguous or novel threat behaviour
* Conduct advanced threat analysis, including:
o Attacker behaviour and intent assessment
o Cross‑incident correlation
o Campaign and intrusion analysis
* Provide oversight and quality assurance of Tier 2 investigations
* Lead complex incident response coordination where required
Leadership & Mentorship
* Participate in 24x7 escalation coverage, via on‑call or senior shift roles
* Act as a technical mentor to Tier 2 analysts
* Support analyst development through coaching and investigative guidance
* Set investigation and response quality standards across the SOC
Platform & Automation Feedback
Like Tier 2, Tier 3 analysts are expected to provide structured feedback into platform and automation initiatives, working indirectly with the Platform Automation Lead to:
* Improve detection fidelity
* Reduce repeat incident patterns
* Increase automation coverage over time
* Ensure complex incidents inform long‑term service improvement
J-18808-Ljbffr