Salary: £37,000 - 68,500 per year Requirements:
* Eligible for, or already holding, SC Clearance.
* Proven expertise in IBM QRadar and SIEM engineering.
* Strong knowledge of log formats, parsing, and normalisation.
* Proficiency in SIEM query languages such as KQL, SPL, and AQL.
* Scripting experience with Python or PowerShell for automation.
* Deep understanding of threat detection, incident response, and the cyber kill chain.
* Familiarity with frameworks including MITRE ATT&CK, NIST, and CIS.
* Strong communication, analytical, and presentation skills.
* Solid understanding of network traffic flows, vulnerability management, and penetration testing principles.
* Knowledge of ITIL processes (Incident, Problem, Change Management).
* Ability to work independently and thrive in a 24/7 on-call environment.
* 3-5 years' experience in the IT security industry, ideally in a SOC/NOC environment.
* Cybersecurity certifications preferred (e.g., ISC2 CISSP, GIAC, SC-200, IBM QRadar Certified Specialist, Splunk Certified Admin/Power User, Google Chronicle Security Engineer).
* Hands-on experience with ServiceNow Security Suite.
* Familiarity with cloud platforms (AWS and/or Microsoft Azure).
* Proficiency in Microsoft Office products, particularly Excel and Word.
Responsibilities:
* 1. SIEM Engineering & Management
* - Deploy, configure, and maintain the QRadar SIEM platform.
* - Onboard and normalise log sources across on-premises and cloud environments.
* - Develop and optimise analytical rules for threat detection, anomaly detection, and behavioural analysis.
* 2. Playbook Development & Automation
* - Design and implement incident response playbooks for scenarios such as phishing, lateral movement, and data exfiltration.
* - Integrate playbooks with SOAR platforms (e.g., Microsoft Logic Apps, XSOAR) to streamline triage and automate response.
* - Refine playbooks based on threat intelligence and incident insights.
* 3. Threat Detection & Response
* - Monitor and analyse security alerts and events to identify potential threats.
* - Conduct investigations and coordinate incident response activities.
* - Collaborate with threat intelligence teams to enhance detection logic.
* 4. Threat Modelling & Use Case Development
* - Lead threat modelling exercises using frameworks such as MITRE ATT&CK, STRIDE, and Cyber Kill Chain.
* - Translate threat models into actionable detection use cases and SIEM rules.
* - Prioritise detection engineering based on business risk and impact.
* 5. Reporting & Collaboration
* - Produce reports and dashboards to communicate security posture and incident trends.
* - Partner with IT, DevOps, and compliance teams to enforce secure configurations.
* - Provide mentorship to junior analysts and engineers.
* - Maintain documentation of security procedures, incident response plans, runbooks, and playbooks.
* - Contribute to monthly reporting packs in line with contractual obligations.
* 6. Additional Contributions
* - Support pre-sales teams with technical requirements for new opportunities.
* - Demonstrate SOC tools and capabilities to clients.
* - Participate in continual service improvement initiatives, recommending changes to address recurring incidents.
Technologies:
* AWS
* Azure
* Cloud
* DevOps
* IBM
* Support
* ITIL
* Network
* PowerShell
* Python
* Security
* ServiceNow
* Splunk
More:
We are a leading organisation seeking a Senior SOC Engineer to strengthen our security operations capability and drive continuous improvement across detection, response, and automation. This pivotal role requires deep expertise in IBM QRadar, with a strong focus on playbook development, analytical rule creation, and threat modelling. You will play a key role in building and optimising detection and response strategies, ensuring robust protection against evolving threats. This is a permanent position based in Glasgow, Scotland, with a hybrid working arrangement, offering a competitive salary of £60,000 GBP.
last updated 41 week of 2025