Senior SOC Analyst

Are you in a Security Operations Centre and every day is the same? We can assure you that there is no boredom in our role.

We have a growing Cyber practice in our Defence sector supporting enterprise-scale clients. We now have opportunities for L2 SOC Analysts to join our success and work with multiple high-profile clients. You must have proven experience working in a busy SOC with a tech-first approach and be able to lead from the front.

From a technical perspective, we are using Microsoft Sentinel, Splunk, and MISP Threat sharing, so any knowledge of these technologies would be a substantial benefit.

This role is based at our head offices in Farnborough or Hemel Hempstead and involves a shift pattern with 12-hour shifts (nights and days).

You need to be eligible for DV Clearance.

We offer great career progression opportunities, benefits that you can tailor to meet your needs, and training and development opportunities.

What you will be doing:

• Monitor, triage, and investigate security incidents on critical client infrastructure.
• Conduct in-depth analysis of network traffic, logs, and system events to identify potential security threats and vulnerabilities.
• Provide Incident Response support.
• Maintain, improve, and develop team knowledge of SOC tools, security operations, and triage processes.
• Prepare reports for managed clients for both technical and non-technical audiences, continuously improving content and presentation.
• Maintain and update security incident documentation, including incident reports, analysis findings, and mitigation strategies.

What you will bring:

• Experience working in a Security Operations Centre.
• Demonstrable experience managing Microsoft Sentinel or Splunk implementations.
• Knowledge and experience with the Mitre ATT&CK Framework.
• Solid understanding of client-server applications, multi-tier web applications, relational databases, firewalls, VPNs, and enterprise AntiVirus products.
• Deep technical knowledge in log data analysis and intrusion detection systems.
• Strong understanding of networking principles including TCP/IP, WANs, LANs, and common Internet protocols such as SMTP, HTTP, FTP, POP, LDAP.

Desirable skills:

• Understanding of static malware analysis and reverse engineering.
• CREST Practitioner Intrusion Analyst certification.
• Experience with SIEM technologies, especially Sentinel and Splunk, with some familiarity with QRadar.

If you're interested in this role but unsure if your skills match exactly, please apply — we'd love to hear from you!

Employment Type: Permanent
Location: Farnborough or Hemel Hempstead (office-based)
Security Clearance Level: Eligible for DV Clearance
Internal Recruiter: Jane
Benefits: 25 days annual leave (with the option to buy additional days), health cash plan, life assurance, pension, and flexible benefits fund

Interested in learning more about us? Sopra Steria's Aerospace, Defence, and Security business designs, develops, and deploys digital solutions for Central Government clients. Our work makes a real difference to national security. We foster a culture of professional growth, mentorship, and support, delivering outstanding customer satisfaction in the UK's most complex safety- and security-critical markets.