Senior SOC Engineer
£60,000 GBP
Hybrid WORKING
Location: Glasgow, Scotland - United Kingdom Type: Permanent
Senior SOC Engineer
A leading organisation is seeking a Senior SOC Engineer to strengthen its security operations capability and drive continuous improvement across detection, response, and automation. This pivotal role requires deep expertise in IBM QRadar, with a strong focus on playbook development, analytical rule creation, and threat modelling. The Senior SOC Engineer will play a key role in building and optimising detection and response strategies, ensuring robust protection against evolving threats.
Key Responsibilities
SIEM Engineering & Management
* Deploy, configure, and maintain the QRadar SIEM platform.
* Onboard and normalise log sources across on-premises and cloud environments.
* Develop and optimise analytical rules for threat detection, anomaly detection, and behavioural analysis.
Playbook Development & Automation
* Design and implement incident response playbooks for scenarios such as phishing, lateral movement, and data exfiltration.
* Integrate playbooks with SOAR platforms (e.g., Microsoft Logic Apps, XSOAR) to streamline triage and automate response.
* Refine playbooks based on threat intelligence and incident insights.
Threat Detection & Response
* Monitor and analyse security alerts and events to identify potential threats.
* Conduct investigations and coordinate incident response activities.
* Collaborate with threat intelligence teams to enhance detection logic.
Threat Modelling & Use Case Development
* Lead threat modelling exercises using frameworks such as MITRE ATT&CK, STRIDE, and Cyber Kill Chain.
* Translate threat models into actionable detection use cases and SIEM rules.
* Prioritise detection engineering based on business risk and impact.
Reporting & Collaboration
* Produce reports and dashboards to communicate security posture and incident trends.
* Partner with IT, DevOps, and compliance teams to enforce secure configurations.
* Provide mentorship to junior analysts and engineers.
* Maintain documentation of security procedures, incident response plans, runbooks, and playbooks.
* Contribute to monthly reporting packs in line with contractual obligations.
Additional Contributions
* Support pre-sales teams with technical requirements for new opportunities.
* Demonstrate SOC tools and capabilities to clients.
* Participate in continual service improvement initiatives, recommending changes to address recurring incidents.
Skills & Qualifications
* Eligible for, or already holding, SC Clearance.
* Proven expertise in IBM QRadar and SIEM engineering.
* Strong knowledge of log formats, parsing, and normalisation.
* Proficiency in SIEM query languages such as KQL, SPL, AQL.
* Scripting experience with Python or PowerShell for automation.
* Deep understanding of threat detection, incident response, and the cyber kill chain.
* Familiarity with frameworks including MITRE ATT&CK, NIST, and CIS.
* Strong communication, analytical, and presentation skills.
* Solid understanding of network traffic flows, vulnerability management, and penetration testing principles.
* Knowledge of ITIL processes (Incident, Problem, Change Management).
* Ability to work independently and thrive in a 24/7 on-call environment.
Education & Experience
* 3-5 years' experience in the IT security industry, ideally in a SOC/NOC environment.
* Cybersecurity certifications preferred (e.g., ISC2 CISSP, GIAC, SC-200, IBM QRadar Certified Specialist, Splunk Certified Admin/Power User, Google Chronicle Security Engineer).
* Hands-on experience with ServiceNow Security Suite.
* Familiarity with cloud platforms (AWS and/or Microsoft Azure).
* Proficiency in Microsoft Office products, particularly Excel and Word.
Reference: AMC/RHU/SOC
#ryhu
JBRP1_UKTJ