Responsibilities
* Deploy, configure, and maintain SIEM platforms such as Splunk, QRadar, Sentinel, and Chronicle to enable robust threat detection.
* Normalize and onboard diverse log sources from cloud and on‑premises environments for seamless monitoring.
* Develop and continually refine SIEM rules and queries for use cases involving advanced threat behaviors and anomaly detection.
Playbook Automation & Incident Response
* Design and implement incident response playbooks for threats such as phishing, lateral movement, malware infections, and more.
* Integrate response automation into SOAR platforms (e.g., XSOAR, Azure Logic Apps), reducing response times and manual overhead.
* Use feedback from simulated incidents and threat intelligence to refine existing playbooks and workflows.
Threat Detection & Response
* Monitor security alerts for potential threats, investigate incidents, and coordinate cross‑team response activities.
* Collaborate with threat intelligence teams to enhance detection logic and fine‑tune resolution processes.
* Perform root‑cause analysis (RCA) of recurring incidents and help define corrective actions to reduce future risks.
Threat Modelling & Use Case Development
* Perform threat modeling using industry frameworks such as MITRE ATT&CK, STRIDE, or the Cyber Kill Chain.
* Design actionable SIEM use cases, detection rules, and workflows aligned with risk prioritization.
* Evaluate use‑case effectiveness through continual testing and KPIs, prioritizing iteration based on business relevance.
Reporting & Documentation
* Develop dashboards and metrics‑driven reports to showcase security posture and incident trends for leadership.
* Maintain detailed documentation of incident procedures, runbooks, playbooks, and analysis reports for audit or team use.
* Support monthly managerial reporting packs to present SOC effectiveness metrics (e.g., incident response times, detection improvements).
Training, Mentorship, & Pre‑Sales Support
* Provide mentorship to junior SOC analysts, transferring technical expertise on threat detection and response best practices.
* Assist pre‑sales teams by demonstrating SOC tools to prospective clients and refining operational delivery proposals.
* Scope, deploy, and operationalise new SOC solutions, benchmarking against industry and client expectations.
Technical Skills
* Proven hands‑on experience with SIEM platforms such as Splunk, QRadar, Sentinel, Microsoft Defender, or Chronicle.
* Expertise with SIEM query languages (e.g., KQL, SPL, AQL) and strong knowledge of log normalization and parsing.
* Proficiency in scripting (e.g., Python, PowerShell) to automate tasks and build SOC efficiencies.
* Deep familiarity with cyber threat detection techniques related to frameworks like MITRE ATT&CK and vulnerability management.
* Experience managing ITIL processes, including Incident, Problem, and Change Management.
Certifications Required
* CISSP, GIAC, SC-200, Splunk Power User/Admin, QRadar Specialist, or Chronicle Security Engineer certifications preferred.
* Candidates must be eligible to obtain UK SC clearance.
Professional Skills
* Strong analytical and communication skills to present complex information to technical and non‑technical stakeholders.
* Experience in collaborative team dynamics and independent problem‑solving.
* Proven ability to transfer knowledge and mentor junior SOC team members effectively.
Benefits
We offer a range of tailored benefits that support your physical, emotional, and financial wellbeing. Our Learning and Development team ensures continuous growth and development opportunities for our people. Flexible work options are also available.
#J-18808-Ljbffr