The opportunity
As a Security Operations Specialist you will manage the relationship with the organisation’s outsourced SOC provider, ensuring effective monitoring, escalation handling, and incident response.
Operating within a Microsoft Azure environment, the Specialist will oversee the integration and assurance of security tooling such as Microsoft Sentinel, Microsoft Defender suite, Abnormal, Recorded Future, and Tenable.
This role requires strong technical knowledge of Azure-native security, threat intelligence, and vulnerability management, combined with the ability to challenge providers, validate escalations, and coordinate internal remediation This is a permanent, hybrid role, based in our Swindon office, with the requirement to be in the office 3 days a week.
The benefits:
1. Salary - £54,000
2. Bonus scheme - on target bonus 7.5%
3. Pension scheme - contribute up to 5% of your salary and Openwork will match you and put in an extra 5%
4. Critical illness cover
5. Income protection - 1x salary
6. Death in service - 4x salary
7. 27 days holiday + bank holidays, with the opportunity to buy up to an additional 10 days
8. A range of other flexible benefits to include private medical insurance, dental insurance and much more.
Key Accountabilities:
9. Act as the primary liaison between the business and the outsourced SOC provider, managing the relationship, SLAs, KPIs, and service reviews.
10. Validate and triage SOC escalations, ensuring incidents are accurately assessed, contained, and remediated.
11. Provide assurance that the SOC is effectively leveraging Microsoft Sentinel, Defender suite, and other integrated tools for monitoring and detection.
12. Oversee integration and use of Abnormal (email threat protection), Recorded Future (threat intelligence enrichment), and Tenable (vulnerability management) into security operations workflows.
13. Collaborate with IT and engineering teams to ensure log sources, telemetry, and alerting are comprehensive across Azure and on-premise systems.
14. Ensure detections are mapped to frameworks such as MITRE ATT&CK, continually tuning use cases to improve coverage and reduce false positives.
15. Coordinate vulnerability management processes, ensuring Tenable scans are accurate, issues are prioritized, and patching is validated.
16. Track remediation activities from incidents, vulnerabilities, and penetration tests, ensuring accountability and closure.
17. Drive threat intelligence integration from Recorded Future into SOC playbooks and response processes.
18. Produce reporting and metrics on SOC performance, incidents, vulnerabilities, and operational risk for senior management.
19. Partner with GRC teams to provide evidence for audits, certifications, and regulatory obligations.
20. Mentor colleagues on incident response and SecOps best practices, acting as escalation point for critical issues.
What will you need to succeed?
21. Degree in Cybersecurity, Computer Science, or related field.
22. Certifications such as AZ-500, SC-200, GCIA, GCIH, or CISSP.
23. Experience in financial services, legal, or other regulated industries.
24. Proven experience managing outsourced SOC or MSSP providers.
25. Deep technical expertise with Microsoft Azure security stack (Sentinel, Defender for Endpoint, Defender for Identity, Defender for Office 365, Entra ID security, Microsoft Purview).
26. Hands-on knowledge of: Abnormal (email/phishing protection), Recorded Future (threat intelligence platform), Tenable (vulnerability scanning and management).
27. Ability to validate SOC detections and challenge providers on coverage, accuracy, and effectiveness.
28. Experience with vulnerability management and patch assurance in Microsoft-centric environments.
29. Familiarity with MITRE ATT&CK and integrating threat intelligence into detection engineering.
30. Knowledge of regulatory/compliance frameworks (ISO 27001, NIST CSF, Cyber Essentials, GDPR, FCA/DPA) applied to operational security.
31. Strong stakeholder management skills, with the ability to bridge technical security findings to business impact.
32. Proactive and confident in holding SOC providers and tooling vendors accountable.
Why us?
We're a dynamic, fast paced, and growing business with huge ambition. This is all made possible by the brilliant people who are part of The Openwork Partnership family. We're investing heavily in our colleagues, continuously striving to give them the platform to develop personally and professionally and reach their full potential.
We’re also very proud of our culture, as one of the Best 100 Large Companies to work for in 2022. The Openwork Partnership values, and respects individuality and we are committed to building an inclusive culture and environment which truly recognises and celebrates our colleague’s individual differences and identities – just like our financial advice, for us, it’s personal. We believe everyone can make a difference and your race, religion, disability, and gender will never be a barrier. At Openwork, we have a strong ethic of care for each other where you can balance a successful career with your commitments and interests outside of work. We believe that you will bring your best self to work if you are trusted to choose when, where and how you do it.