Principal SOC Analyst

Principal SOC Engineer

Fully Remote (Mon-Fri, Days)
Must be UK Based
Up to £70k DOE

We're partnering with a specialist Cyber Security services provider with exciting growth plans. They're looking for a Principal SOC Analyst to play a key role in the detection, investigation, and response to advanced cyber threats within their virtual Security Operations Centre.

1. Lead complex incident investigations from triage to remediation and post-incident review.
2. Act as the analyst "goto" for questions, support, and specialist analytical expertise.
3. Guide and mentor junior analysts, providing technical leadership during incidents.
4. Work with the analyst team to ensure proactive threat hunting using SIEM, EDR, and threat intel sources, covering the pyramid of pain, and develop analysts into threat hunters beyond IoCs.
5. Analyse and validate security alerts, refining detection rules in collaboration with engineers.
6. Correlate signals from multiple platforms (e.g., EDR, network, cloud, identity) to identify adversary techniques (MITRE ATT&CK).
7. Leverage threat intelligence (including MISP) to enrich investigations and build contextual awareness.
8. Contribute to detection use case development, helping to identify coverage gaps and recommend improvements.
9. Support the evolution of incident response playbooks and knowledge base articles.
10. Collaborate with other teams to support vulnerability management, purple teaming, and security awareness activities.

1. 4+ years working in a SOC or cyber defence team, with demonstrable experience leading high-impact investigations.
2. Experience with SIEM tools: Elastic Stack (Kibana, Logstash), Microsoft Sentinel.
3. Experience with EDR tools: Microsoft Defender for Endpoint, CrowdStrike Falcon, Elastic Defend.
4. Experience with Threat Intel: MISP (querying, correlation, pivoting).
5. Experience with SOAR tools: Jira automations, Azure logic apps and functions.
6. Knowledge of Security Frameworks: MITRE ATT&CK, NIST, Cyber Kill Chain.
7. Proficiency in interpreting logs from systems, endpoints, cloud services (Azure, M365), and network sources.
8. Experience using threat intelligence to contextualise alerts and enhance response decisions.
9. Experience in developing hypotheses, analysis, and iteration for threat hunting across the pyramid of pain.
10. Familiarity with threat hunting methodologies and anomaly detection approaches.
11. Ability to script or automate tasks (Python, PowerShell, etc.).
12. Must have the right to work permanently in the UK.

We value diversity and inclusion. If you need any adjustments during the recruitment process, please inform us when you apply or contact the recruiters directly so we can support you.