The role
Tier‑1 SOC Analysts form the frontline of our organization’s cybersecurity defence. They are responsible for continuous monitoring, triage, and the initial investigation of security alerts across platforms such as SIEM and SOAR. In this role, analysts identify potential threats, distinguish real incidents from false positives, and escalate verified issues to higher-tier teams for deeper analysis. This position provides a strong foundation for developing cybersecurity expertise and offers a clear growth path into incident response, threat hunting, and SOC engineering roles.
What will I be doing?
* Monitor and triage alerts from Microsoft Sentinel and our SOAR platform, ensuring timely detection and prioritization of potential threats.
* Categorise alerts by severity (P1–P4) to guide appropriate response levels and ensure critical incidents are escalated quickly.
* Create and update tickets in Dynamics 365 ITSM, maintaining clear documentation of investigations, actions taken, and status changes.
* Assign tickets to the correct tier based on complexity and urgency and mark them as “In Progress” to initiate the response workflow.
* Conduct initial investigations on low to medium severity alerts analysing logs, telemetry, and reputation data to determine legitimacy.
* Close false positives and flag them for rule tuning to improve alert accuracy and reduce noise in the SOC environment.
* Initiate phone calls for P1 incidents, ensuring immediate customer communication and coordination during critical events.
* Liaise with customers during incident response, providing updates, gathering context, and ensuring transparency throughout the process.
* Maintain SLA compliance by promptly responding to alerts, especially high-priority (P1/P2) cases, to meet contractual obligations.
* Respond to SOC alerts by performing triage, containment, and documentation, escalating complex cases to Tier-2 when needed.
* Support Customer Success Managers with client-facing security queries, providing technical insights and support during engagements.
* Execute containment playbooks via Google SecOps SOAR for low-level incidents, such as isolating endpoints or blocking malicious IPs.
What will I bring to the role?
Essential Requirements:
* Eligibility for HMG Security Clearance Candidate must be capable of achieving UK Government Security Clearance due to the nature of the role.
* Ability to work a '4 on 4 off' shift pattern, consisting of day and night shifts at our Manchester office.
* Foundational Security Knowledge Demonstrated understanding of core cybersecurity principles, either through education, training, or practical experience.
* Awareness of SOC Operations Basic familiarity with incident triage, alert handling, and escalation workflows.
Desirable:
* CompTIA Security+
* CompTIA CYSA+ (Cybersecurity Analyst)
* Microsoft Fundamentals- AZ-900/SC-900
* Microsoft SC-200 Security Operations Analyst
* Cisco Certified CyberOps Associate
* Blue Team Level One (BTL1)
* CCD (Certified Cyber Defender)