Salary: £37,000 - 77,000 per year Requirements: Proven experience working within a SOC environment, with Tier 2 / Tier 3 experience preferred. Strong background in incident investigation and response. Experience handling escalated alerts and security tickets. Experience with SIEM platforms, such as Microsoft Sentinel. Experience with EDR/XDR tools, such as CrowdStrike. Experience with ServiceNow or similar ITSM/SecOps platforms. Ability to write and optimise KQL queries, which is essential. Knowledge of scripting or query languages, such as Falcon Query Language, is advantageous. Strong investigative and problem-solving skills. Ability to correlate data across multiple sources. Understanding of common attack techniques and threat vectors. Strong communication and collaboration skills. Ability to work effectively in a fast-paced operational environment. Proactive mindset with a focus on continuous improvement and quality outcomes. Responsibilities: Investigate and respond to security incidents and alerts escalated from Tier 1 / Tier 2 SOC. Perform in-depth analysis and triage of security events, identifying threats and determining impact. Support high-severity incident response as required, working closely with Incident Responders. Manage and resolve security tickets within agreed SLAs. Review alerts from multiple security tools and platforms. Ensure accurate documentation and tracking of incidents within ServiceNow. Contribute to detection engineering activities on a rotational basis. Develop and tune detection rules to improve alert quality and reduce false positives. Write and optimise queries across SIEM platforms. Work closely with internal teams and third-party providers to investigate and resolve incidents. Support MSSP interactions and escalations where required. Participate in incident bridge calls during major incidents. Identify lessons learned from incidents and contribute to improving processes and controls. Provide feedback on detection gaps and opportunities for enhancement. Focus on delivering value from incidents, not just ticket closure. Technologies: Support ITSM Security ServiceNow More: We are seeking a SOC Analyst to join our Cyber Defence Centre in Sheffield. This is a crucial hands-on operational role within Security Operations, focused on incident detection, investigation, and response. The position is hybrid, with 2-3 days on-site, and is offered on a daily rate inside IR35. We work closely with internal teams and third-party providers, and we place a strong emphasis on continuous improvement, detection engineering, and delivering value from incidents. last updated 24 week of 2026