Senior SOC Analyst

Reporting to the Security Operations Manager as a Senior SOC Analyst, you will form part of a team of Information Security specialists supporting clients globally. Where you will help define, evolve and operate the security technologies, controls, policies and practices ensuring that they are applied pragmatically to strike a balance between protecting our business and customers, whilst allowing the organisation to get on with doing what it does best.

We are looking for someone with a keen interest in the information security field, specifically defensive security activities, who is progressing their career in Security Operations through working in collaboration with a team of IT operations and business specialists in identifying, responding, and efficiently remediating any security related alerts, incidents, or other concerns that may impact the business. As an experienced Senior analyst within Security Operations the Senior SOC Analyst’s key responsibilities include;

Consistently deliver, to a high standard, reactive and proactive Security Operations services to the organisation and its clients. Ensuring technical controls, operational practices, processes, personnel, detections, and response capabilities remain relevant and effective in reducing meaningful business risks.

Act as the Security Representative in both internal and multi-disciplinary project teams, actively identifying technical and organisational requirements. Contribute to shaping solutions and play a key role in delivering end-to-end project engagement for both local and distributed projects focused on technological transformation, improvement and growth

As an experienced analyst, you must enjoy working hands-on, delivering best in class security services to address technical and organisational challenges. The ability to deliver security as a business enabler and support change across the information security team, with partners and wider IT is paramount to success in this role.

As a continued evolving organisation, you will be comfortable working in a fast-paced agile environment with a forward planning minded whilst being able to deliver consistently to a high standard. This means you must be able to work in a fast-paced, agile environment with short timelines for deliverables. Whilst it is recognised not all security measures are impenetrable, you will be measured on your ability to quickly identify, respond to and contain security threats.

Responsibilities

Lead Complex Incident Response: Act as a primary on-shift escalation point, leading the analysis and response to high-severity security incidents, complex alerts, and user-reported security concerns. Drive forensic analysis, containment, eradication, and recovery efforts.

Mentorship and Team Development: Provide structured guidance, mentorship, and technical leadership to junior and mid-level analysts. Actively contribute to their professional growth through formal and informal training, knowledge sharing, and constructive 360° feedback.

Advanced Threat Detection & Analysis: Proactively hunt for advanced persistent threats (APTs) and sophisticated attack techniques within the environment. Conduct in-depth analysis of monitoring, network, application, and system event data from IDS, SIEM, Endpoint Detection and Response (EDR/XDR) platforms, and other cyber-security tools to identify anomalous and malicious activities.

Detection Collaboration & Optimization: Collaborate closely with our detection engineering team to evaluate and operationalize intelligence on emerging threats, vulnerabilities, and TTPs. Provide critical operational feedback to help design, implement, and fine-tune custom detection rules (e.g., SIEM correlation rules, XDR detections, IDS signatures) across the detection lifecycle to enhance our security posture.

Tooling & Process Enhancement: Identify opportunities to optimize and automate security operations workflows and processes. Drive the implementation of improvements to increase efficiency and effectiveness of our security tools and procedures.

Security Posture Improvement: Research and maintain expert-level proficiency in current and emerging threats, attacker TTPs, and cutting-edge security technology developments. Translate this knowledge into actionable insights to continuously strengthen the organization's overall security posture.

Reporting & Communication: Develop and present comprehensive reports on cyber-security threats, attacks, incidents, and key operational metrics to technical and non-technical stakeholders, including management within the Information Security Function.

Documentation & Compliance: Maintain meticulous records of security incidents, investigations, remediation efforts, and operational procedures to ensure compliance and accountability. Contribute to the development and refinement of SOC playbooks and runbooks.

On-Call & Operational Support: Provide expert-level Security Operations response to complex incidents and problem investigations, including active participation in the security on-call rotation as required.

Strategic Contribution: Act as a thought leader within the Security Operations domain, identifying and championing opportunities for continuous improvement, innovation, and strategic growth of the function.

Willingness to work on a shift basis

Extensive Security Operations Experience: A minimum of 5+ years of dedicated experience in a Security Operations Centre (SOC) environment, with significant experience in a senior or lead analyst capacity, ideally in a shift-based setting.

Expert-level proficiency in operating, tuning, and administering SIEM technologies (e.g., Splunk, QRadar, Sentinel) and Endpoint Detection and Response (EDR/XDR) platforms such as Palo Alto Networks Cortex XDR, CrowdStrike, Microsoft Defender ATP, or SentinelOne.

Strong understanding and practical experience with SOAR technologies for automation and orchestration.

Demonstrable expertise in network traffic analysis, packet capture analysis, and intrusion detection systems (IDS/IPS) to identify sophisticated malicious activity.

Familiarity with Web Application Firewalls (WAFs) and their role in a security architecture.

Incident Response Leadership: Proven track record of leading complex security incidents from detection through to post-incident review, including forensic analysis techniques.

Threat Intelligence & Hunting: Demonstrated ability to operationalize threat intelligence, conduct proactive threat hunting, and provide input for custom detections based on emerging TTPs.

Scripting & Automation: Strong programming or scripting skills (e.g., Python, PowerShell, Bash) for automation, data analysis, and tool integration.

Problem-Solving & Adaptability: Exceptional ability to manage multiple high-priority tasks, make sound judgments under pressure, and adapt to a rapidly changing threat landscape and technological environment.

Mentorship & Communication: Excellent verbal communication, technical writing, and presentation skills. Ability to clearly articulate complex technical concepts to diverse audiences and effectively mentor junior team members.

Collaboration & Initiative: Highly self-motivated, directed, and a strong team player who can harness different skills and experiences to achieve common goals.

Confidentiality & Ethics: Must demonstrate the ability to maintain strict confidentiality and adhere to ethical security practices.

Ability to manage multiple tasks and effectively make judgments in prioritising and time allocation in a high- pressure, ever changing, environment

Highly self-motivated and directed, and able to harness different skills and experience, and enjoy a strong sense of team spirit.

Excellent verbal communication and documentation/technical writing skills in English.

Nice to have:

Degree in Computer Science, Cyber Security, or a related technical field.

Advanced Cyber Security Certifications such as:

o SANS GIAC certifications (e.g., GCIA, GCIH, GCSA, GNFA, GPEN)

o OSCP, CRTO, or other offensive security certifications

o CISSP, CISM, or other management-level certifications (demonstrates broader security understanding)

·Programming / scripting skills or experience (Python, PowerShell, etc)