Incident Responder

As an Incident Responder you will be part of our 24/7 SOC, reviewing incidents occurring in our customers' environments, alerting them to malicious activities and working with them to investigate and remediate incidents. This is a shift position – 4 days on, 4 days off, 4 nights on, 4 off. Candidates must hold or be able to gain SC clearance upon hire. Softcat is a passionate, fun‑loving company with a warm and friendly culture, centred on striving to be a great place to work. We want employees to want to come to work and enjoy it and we want customers to enjoy working with Softcat. You'll work alongside our engineering team to help identify tuning and optimisation opportunities, and with our wider team to support our customers through major incidents.

• Monitoring for security alerts from security platforms, primarily MS Sentinel, MS Defender, USM Anywhere.
• Providing in‑depth incident management and analysis to our customers through effective monitoring, reporting and technical guidance for successful resolution, maintaining high levels of ownership through the incident lifecycle.
• Interfacing with our customers to resolve issues, provide additional information and answer questions related to incidents and monitoring.
• Maintaining high‑quality ticket, SLA and KPI adherence.
• Identifying tuning and optimisation opportunities within the customers' environments.

• At least two years’ experience working in a SOC, especially in an MSSP environment.
• Previous technical security role experience (not necessarily in a SOC) also considered.
• The ability to dynamically assess risks, threats and threat actors for new and existing customers.
• Significant cyber‑security incident‑response experience and knowledge of the NIST Incident Response Framework or equivalent.
• A cyber‑security focused degree or related qualifications such as CompTIA SEC+, CySA+, Blue Team Level 1–2, or equivalent experience. Microsoft SC‑200 and related certificates are highly desirable.
• Previous experience with SIEM tools such as MS Sentinel, AlienVault, ELK, QRadar or similar.
• Ability to hold or gain SC clearance upon hire.

• Hybrid working – 2 days in the office and 3 days working from home.
• Flexible hours – flexing the times you start and finish during the day.
• Flexibility around school pick‑up and drop‑offs.

We do not prohibit the use of AI (artificial intelligence) in our application process, as we understand how far it can go to creating a truly equitable candidate experience. That being said, as a culture‑driven organisation, we believe that the genuine essence of each person is what truly matters, so we highly encourage you to be authentically yourself when submitting your application to showcase your true and whole self. We recognise that everyone is different and that the way in which people want to work and deliver at their best is different for everyone too. In this role, we can offer the following flexible working patterns.

Working with us – Wherever you work, we want you to experience the freedom and autonomy to realise your potential. You will feel supported by a team that celebrates individuality, encourages different perspectives, and embraces every background.