Do you have experience working with or alongside a managed Security Operations Centre (SOC) with hands on involvement in technical incident investigation or alert response? If so, join Elysium Healthcare as the Security Operations Engineer. You will lead the day-to-day operational security response by working closely with internal IT, Infrastructure, and Cloud teams — and in partnership with the managed Security Operations Centre (SOC). As the Security Operations Engineer, you will take ownership of triaging, investigating, and coordinating the resolution of security alerts and incidents, whether they are raised internally or escalated by the SOC. A key part of your role will be maintaining and tuning operational security tools such as Microsoft Defender for Endpoint, antivirus platforms, and vulnerability scanning solutions. You’ll ensure these platforms are effectively configured, integrated, and aligned with current threats, detection priorities, and organisational standards. You will act as the central point for coordinating operational security, providing feedback to improve SOC alert quality, working across technical teams to support timely remediation, and helping shape the development of response processes and security run-books. In addition, you will support internal security projects by contributing to the implementation of security controls, configuration tasks, and operational testing — particularly within the Microsoft security ecosystem. Your input will help ensure that new capabilities are embedded into daily operations and supported with practical, well-informed processes. Ultimately, you will play a key role in strengthening the organisation’s cyber defence posture by ensuring security tooling is effective, alerts are actioned, and operational response continues to mature through continuous improvement. As a Security Operations Engineer, you will be: Maintain and tune operational security platforms (e.g. Microsoft Defender for Endpoint, antivirus, and vulnerability scanning tools), ensuring correct configuration, regular updates, and alignment with current threats, organisational policies, and compliance standards Investigate and respond to internally raised security tickets (e.g. phishing reports, endpoint issues) using Microsoft security tools and related platforms, ensuring appropriate containment, remediation, and documentation of findings. Triage and coordinate responses to SOC alerts and escalations, validating threat indicators and coordinating remediation across technical teams. Act as the primary point of contact for the managed SOC provider, managing day-to-day escalations and ensuring appropriate service delivery. Prioritise security alerts based on business impact, SLA requirements, threat intelligence, and asset criticality. Liaise with Infrastructure and Service Desk teams to coordinate technical response actions and ensure timely remediation of identified risks. Provide feedback to the SOC provider to optimise alert thresholds, reduce false positives, improve correlation rules, and enhance threat detection accuracy. Collaborate with the SOC to refine escalation logic and alert handling processes, ensuring alignment with internal capability and response thresholds. Support internal security projects by contributing to the integration of security tooling, policy configurations, and operational testing — particularly for Microsoft Defender, Sentinel, Intune, and related platforms. Maintain accurate records of security incidents, response actions, and lessons learned using designated ITSM and SOC platforms; ensure key findings are captured and fed into process and detection improvements. Contribute to the development and upkeep of security operating procedures and response runbooks, ensuring they reflect current toolsets, lessons learned, and operational realities To be successful in this role, you will have: Experience working with or alongside a managed Security Operations Centre (SOC). Hands-on involvement in technical incident investigation or alert response. Experience supporting the deployment, configuration, or tuning of security tools, ideally within the Microsoft security ecosystem. Involvement in security-aligned projects (e.g. Privileged Access Management, Multi-Factor Authentication, vulnerability remediation), preferably within a Microsoft Azure and Entra ID environment. Solid understanding of security operations principles, including the full incident response lifecycle. Familiarity with detection and response technologies such as EDR, antivirus, SIEM, and vulnerability scanners. Knowledge of key cybersecurity frameworks and standards (e.g. NIST CSF, CIS Controls, ISO 27001, NHS DSPT). Ability to analyse and interpret technical security alerts and logs, including Microsoft Defender and Sentinel telemetry. Understanding of endpoint, server, and network security fundamentals, both on-premises and in cloud environments. Competence in documenting incidents, technical actions, and process updates to support operational tracking and assurance. Strong interpersonal skills with the ability to collaborate effectively across IT, service desk, and third-party teams. Ability to manage and prioritise workload under pressure, especially during active security incidents. What you will get: A Competitive Annual Salary The equivalent of 33 days annual leave Pro Rata (inc Bank Holidays) – plus your birthday off! Free meals and parking Wellbeing support and activities to help you maintain a great work-life balance. 24 hour GP Service to ensure you are the best you can be Career development and training to help you achieve your career goals. Pension contribution to secure your future. Life Assurance for added peace of mind. Enhanced Maternity Package so you can truly enjoy this special time. There is also a range of other benefits including retail discounts, special offers and much more. About your next employer: You will be working for an established, stable and agile company with over 8,000 employees and a unique approach to the delivery of care. With a network of over 90 services across England and Wales covering Mental Health, Neurological, Learning Disabilities & Autism, Children & Education, there is opportunity for you to grow and move. Elysium Healthcare is part of Ramsay Health Care with a global network that extends across 10 countries and employs over 86,000 people globally. Elysium Healthcare follows safer recruitment of staff for all appointments and is a Disability Confident employer, committed to inclusive and accessible recruitment. It is a requirement that all staff understand it is each person’s individual responsibility to promote and safeguard the welfare of service users. All candidates will be subject to a DBS disclosure.