Job Description
SOC Analyst (L3) - Senior Incident Responder
Location: Birmingham (Hybrid)
Salary: Up to £70,000 (depending on experience) + bonus
NOTE: Candidates for this role must be eligible for UK Security Clearance (SC).
We’re looking for a hands‑on L3 Senior Incident Responder who can lead on complex security investigations, manage high‑severity incidents, and bring real expertise in Splunk and wider SIEM technologies. This is a critical role within the SOC, where you’ll be the escalation point for L1 and L2 analysts and take ownership of incident containment, remediation, and post‑incident review.
What you’ll do:
* Act as the L3 escalation point, leading investigations into complex incidents escalated by L1/L2 analysts.
* Use Splunk and other SIEM tools to detect, investigate, and respond to security events.
* Perform detailed forensic analysis, root cause analysis, and malware investigation.
* Lead incident response activities end‑to‑end, ensuring containment, eradication, and recovery.
* Develop, refine, and own SOC use cases, runbooks, and playbooks to drive continual service improvement.
* Liaise directly with clients, providing clear guidance and recommendations.
* Mentor and support junior SOC analysts, ensuring best practice is followed.
* Keep up to date with the latest threats, vulnerabilities, and attack vectors, integrating threat intel into monitoring.
What we’re looking for:
* Proven L3 SOC experience.
* 5+ years’ experience in IT security, ideally within a SOC/NOC environment.
* Strong knowledge and hands‑on expertise with Splunk (other SIEM exposure beneficial).
* Solid understanding of DFIR principles, vulnerability management, and ethical hacking.
* Strong grasp of network traffic flows, malware analysis, and reverse engineering.
* Excellent written and verbal communication skills for client interaction and reporting.
* Ability to work independently, lead investigations, and mentor team members.
* Eligible for or holding SC Clearance.
* Relevant certifications (e.g. CISSP, GIAC, SC-200) are highly desirable.
If you’re ready to take ownership at L3 level and bring your Splunk expertise to the table, we want to hear from you.
#J-18808-Ljbffr