Senior SOC Analyst (Incident Response, Microsoft Security)
London (Hybrid - 2 days onsite every 2 weeks)
6-month contract, Inside IR35
About the Role
We're looking for a hands-on Senior SOC Analyst to join a mature Cyber Fusion function, focused on detection and response across a Microsoft 365 environment.
This is a true operational security role-you'll be actively investigating incidents, handling alerts, and improving detection capabilities. You'll also play a key part in strengthening processes, tooling, and overall response effectiveness.
What You'll Be Doing
* Investigating and responding to security incidents end-to-end (triage → containment → recovery)
* Performing deep-dive technical analysis to understand root cause and scope
* Handling phishing investigations and user-driven security cases
* Working with SIEM and SOAR platforms to support investigations and response workflows
* Improving detection rules, alert quality, and triage processes
* Supporting reductions in MTTI / MTTR through effective analysis and tooling
* Contributing to post-incident reviews, documentation, and playbooks
* Collaborating with the wider Blue Team and Cyber Fusion Centre
What We're Looking For
* Strong experience in a SOC, SecOps, or Incident Response role (ideally Tier 2/3 level)
* Proven ability to investigate and resolve security incidents in enterprise environments
* Hands‑on experience with SIEM platforms (e.g. Microsoft Sentinel, Splunk, QRadar)
* Experience working with SOAR tools or automated response workflows
* Solid understanding of attack techniques and frameworks (e.g. MITRE ATT&CK)
* Strong technical knowledge across endpoint, identity, email, and cloud security
* Experience with Microsoft Defender and Microsoft 365 security tooling
* Ability to work effectively during active incidents and time‑sensitive situations
* Clear communication skills, both technical and non‑technical
Nice to Have
* Experience in detection engineering or tuning alert logic
* Certifications such as GCIH, CySA+, SC-200, BTL1/BTL2
* Exposure to Google Cloud security operations
Working Setup
* Hybrid model: 2 days onsite every two weeks (London)
* Embedded within a Cyber Security / Cyber Fusion team
* Collaborative, hands‑on environment with a focus on continuous improvement
If you're a Senior SOC Analyst who enjoys real investigation work and improving how security operations run, this is a strong opportunity to make an impact.
#LI-DNI
#J-18808-Ljbffr