The Role
As a Level 3 SOC Analyst, you will act as a senior escalation point within the Security Operations team, leading complex investigations, improving detection capabilities, and helping shape the wider cyber security monitoring strategy.
You will be responsible for investigating high‑severity cyber incidents, threat hunting, improving security tooling, and mentoring Junior Analysts while working closely with engineering and infrastructure teams.
Key Responsibilities
* Lead investigations into high‑severity and complex cyber security incidents
* Act as a senior escalation point for Level 1 and Level 2 analysts
* Conduct proactive threat hunting activities and identify emerging attack patterns
* Develop and optimise SIEM detection rules, correlation logic, and automation workflows
* Improve incident response processes, runbooks, and security operations procedures
* Analyse security alerts and telemetry to identify threats and vulnerabilities
* Collaborate with technical teams to strengthen cyber resilience and monitoring capabilities
* Produce post‑incident reporting and lessons learned documentation
* Support and mentor junior SOC team members
What We're Looking For
We are keen to speak with candidates who have:
* Strong experience within a Security Operations Centre (SOC) environment
* Proven experience handling high‑severity cyber incidents and incident response
* Hands‑on experience with SIEM technologies, log analysis, and threat detection
* Strong understanding of Microsoft security tooling including Microsoft Sentinel, Defender XDR and Entra ID
* Experience with KQL (Kusto Query Language) for investigations and threat detection
* Good understanding of MITRE ATT&CK framework
* Knowledge of network security, Firewalls, VPNs, endpoint security and malware analysis
* Experience with threat hunting and detection engineering
Desirable
* Experience with SOAR platforms and security automation
* Scripting experience using PowerShell or Python
* Cloud security monitoring experience ( Azure preferred )
* Relevant certifications such as CySA+, GIAC, GCIH, GCFA or Microsoft SC-200
What's on Offer?
* Permanent opportunity
* Hybrid working model ( a couple of days per week/as required in Manchester )
* Opportunity to work on complex cyber security challenges
* Exposure to modern Microsoft security tooling and large‑scale environments
* Clear technical progression and development opportunities
#J-18808-Ljbffr