Microsoft Security Operations Centre (SOC) Analyst – T2 & T3 (Security Clearance Required) Preferred Location - Newcastle Job Description The SOC Analyst Team operates as a next‑generation, intelligence‑led Security Operations function, designed to deliver high‑quality, scalable 24×7 security monitoring and response. All SOC analysts participate in a 24×7 shift model, ensuring uninterrupted service coverage, while also contributing to detection improvement, automation feedback, and service optimisation when operational demand allows. Tier 2 – SOC Analyst Technology Primary – Microsoft Sentinel & Service Now. Role Purpose Tier 2 SOC Analysts represent the primary human analysis function, responsible for investigating escalated alerts and incidents that require human judgement, contextual understanding, and analytical depth. Key Responsibilities Perform deep investigation of escalated alerts and incidents from automated Tier 1 workflows Validate threats, scope impact, and determine severity using contextual analysis Investigate across multiple data sources, including: SIEM EDR / XDR Identity and authentication telemetry Cloud and SaaS platforms Coordinate and execute response actions in line with: Defined playbooks Client‑specific requirements Incident response procedures Maintain clear, high‑quality investigation documentation and handover notes Operational Expectations Operate as part of a 24×7 shift rota Maintain accountability for investigation accuracy and quality Escalate complex or ambiguous cases to Tier 3 appropriately Provide structured feedback into: Detection tuning Alert quality improvements Automation optimisation Continuous Improvement Contributions When operational demand allows, Tier 2 analysts are expected to contribute insight time to platform improvement activities, supporting the Platform Automation Lead through: Identification of repeatable investigation patterns Feedback on automation opportunities Playbook refinement and improvement Detection logic tuning recommendations. Tier 3 – Senior SOC Analyst / Incident Specialist Role Purpose Tier 3 analysts provide advanced security expertise and escalation handling, focusing on complex, high‑risk, or ambiguous security incidents and ensuring consistent investigation quality across the SOC. Key Responsibilities Handle escalations involving: High‑impact or business‑critical incidents Advanced or evasive attacker techniques Ambiguous or novel threat behaviour Conduct advanced threat analysis, including: Attacker behaviour and intent assessment Cross‑incident correlation Campaign and intrusion analysis Provide oversight and quality assurance of Tier 2 investigations Lead complex incident response coordination where required Leadership & Mentorship Participate in 24×7 escalation coverage, via on‑call or senior shift roles Act as a technical mentor to Tier 2 analysts Support analyst development through coaching and investigative guidance Set investigation and response quality standards across the SOC Platform & Automation Feedback Like Tier 2, Tier 3 analysts are expected to provide structured feedback into platform and automation initiatives, working indirectly with the Platform Automation Lead to: Improve detection fidelity Reduce repeat incident patterns Increase automation coverage over time Ensure complex incidents inform long‑term service improvement .