Job Description
Our client is looking for a Security Operations Engineer to investigate real security incidents and improve how their managed detection and response capability operates.
You will handle complex investigations, strengthen detections, and contribute to automation and service improvement, working across endpoint, network, cloud, and identity environments.
This role is focused on high-quality operational judgement, continuous improvement, and hands-on development beyond alert triage.
Responsibilities
* Investigate security alerts and incidents across endpoint, network, cloud, and identity environments.
* Conduct structured threat investigations by building timelines, identifying root cause, and producing clear, client-ready findings.
* Improve detection coverage by identifying gaps, recommending tuning changes, and helping to write or refine SIEM rules.
* Support incident response activity, including containment actions, evidence gathering, and post-incident documentation.
* Perform proactive threat hunting across client environments based on threat intelligence and anomaly-led hypotheses.
* Enrich investigations with threat intelligence to identify emerging attacker behaviour and strengthen decision-making.
* Produce accurate, high-quality documentation for internal records and client-facing reporting.
* Collaborate with the Head of Security Operations and wider team to improve processes, runbooks, and automation workflows.
* Support new client onboarding by validating log sources and helping tune initial detections.