Crawley (3 days per week onsite) | Open to candidates across the UK
Willing to consider candidates across the UK who are happy to travel to Crawley three days per week.
Are you a Senior SOC Specialist comfortable leading high-severity cyber security incidents end to end, with a strong background in advanced threat hunting? If so, this could be a great opportunity to step into a highly impactful role within a critical infrastructure environment.
We are recruiting for a Senior SOC Level 3 Specialist on a permanent basis to respond to escalated alerts and major security incidents across IT and OT environments. Using threat intelligence, industry tooling, and proven incident response techniques, you'll drive containment, eradication, and recovery activities to minimise business impact and strengthen cyber resilience.
What You'll Be Doing
* Lead the response to high-severity (Level 3) cyber incidents, acting as the technical escalation point.
* Perform advanced threat hunting, identifying hidden or emerging threats using multiple intelligence sources.
* Improve and maintain incident response playbooks, SOC procedures, and technical standards.
* Work closely with an MSSP and internal technology teams to optimise SIEM coverage and alerting.
* Develop and enhance SIEM use cases and SOAR automation workflows.
* Conduct digital forensics and produce clear, actionable incident reports.
* Support cyber attack simulations, tabletop exercises, and crisis testing.
* Mentor and support Level 1 and Level 2 SOC analysts.
* Contribute to audits and compliance activities (e.g. ISO 27001, NCSC CAF).
What We're Looking For
* Strong experience in a SOC Level 3 role, with clear evidence of incident leadership and threat hunting.
* Experience working across IT environments, with exposure to or understanding of OT security.
* Hands-on experience with SIEM, SOAR, EDR, IDS/IPS, IAM, DLP, and network security tooling.
* Solid understanding of attacker TTPs and frameworks such as MITRE ATT&CK.
* Experience investigating complex or targeted cyber attacks (e.g. ransomware, advanced persistent threats).
* Confident communicator, able to explain technical incidents to both technical and non-technical stakeholders.
* Cyber security certifications such as CISSP, GIAC, CASP+, CEH, AZ-500 or SIEM-specific training.
* Experience with tools such as Microsoft Sentinel, QRadar, FortiSIEM, Darktrace, Microsoft Defender.
* Knowledge of ISO 27001, NCSC CAF, NIST, CIS frameworks.
#J-18808-Ljbffr