Summary: The role of Incident Response (CSIRT)/SOC Level 3 Analyst involves joining a cyber security operations team to manage and respond to high-severity cyber security incidents. The position requires strong expertise in incident response, threat hunting, and SOC operations to protect enterprise environments from advanced threats. The analyst will collaborate with various teams to enhance security operations and improve incident response capabilities. This is a 6-month contract based in Crawley, requiring some on-site presence.
Key Responsibilities:
- Lead the investigation and response to high-severity cyber security incidents and escalated alerts
- Drive containment, eradication, and recovery activities to minimise business impact
- Perform advanced threat hunting using threat intelligence, IOCs, and behavioural analysis
- Analyse complex security events across endpoints, networks, cloud, applications, and infrastructure
- Improve and develop incident response playbooks, SOC procedures, and technical standards
- Support SIEM use case development, log onboarding, and detection engineering initiatives
- Work with internal teams and external MSSP providers to improve monitoring and detection coverage
- Support and enhance SOAR workflows to automate response and enrichment processes
- Conduct forensic investigations using multiple security data sources and provide actionable findings
- Contribute to cyber resilience exercises, simulation testing, and crisis scenario planning
- Produce operational metrics, dashboards, and reporting to improve SOC performance
- Participate in audit and compliance activities including security frameworks and standards
- Identify opportunities for continuous improvement across detection, response, and automation
Key Skills:
- Strong experience working in a SOC Level 3, CSIRT, or senior incident response role
- Proven experience managing and responding to high-priority cyber security incidents
- Strong knowledge of Incident Response, Threat Hunting, Digital Forensics, SIEM platforms, SOAR tools, Detection Engineering
- Experience investigating alerts across Endpoint security tools, Network security tools, Cloud environments, Enterprise applications
- Strong understanding of threat intelligence, attack techniques, and adversary behaviour
- Experience mentoring junior SOC analysts and supporting operational maturity
- Strong communication skills with the ability to explain technical risks to non-technical stakeholders
- Desirable: Knowledge of Operational Technology (OT) environments, industrial systems, or critical infrastructure security
- Exposure to security frameworks and standards such as ISO 27001, NCSC CAF, SOC audits
Salary (Rate): undetermined
City: Crawley
Country: England
Working Arrangements: hybrid
IR35 Status: outside IR35
Seniority Level: Senior
Industry: IT
Incident Response (CSIRT)/SOC Level 3 Analyst - Outside IR35
Location: Crawley (2-3 days onsite)
Contract: 6 months
Outside IR35
We are looking for an experienced Incident Response (CSIRT)/SOC Level 3 Analyst to join a high-performing cyber security operations team on an initial 6-month contract.
This is an excellent opportunity for a senior cyber security professional with strong incident response, threat hunting, and SOC expertise to play a critical role in protecting enterprise IT and operational environments from advanced cyber threats.
You will work closely with cyber security operations teams, technical service providers, and senior stakeholders to detect, investigate, contain, and remediate cyber security incidents while continuously improving security operations capabilities.
Key Responsibilities:
Lead the investigation and response to high-severity cyber security incidents and escalated alerts
Drive containment, eradication, and recovery activities to minimise business impact
Perform advanced threat hunting using threat intelligence, IOCs, and behavioural analysis
Analyse complex security events across endpoints, networks, cloud, applications, and infrastructure
Improve and develop incident response playbooks, SOC procedures, and technical standards
Support SIEM use case development, log onboarding, and detection engineering initiatives
Work with internal teams and external MSSP providers to improve monitoring and detection coverage
Support and enhance SOAR workflows to automate response and enrichment processes
Conduct forensic investigations using multiple security data sources and provide actionable findings
Contribute to cyber resilience exercises, simulation testing, and crisis scenario planning
Produce operational metrics, dashboards, and reporting to improve SOC performance
Participate in audit and compliance activities including security frameworks and standards
Identify opportunities for continuous improvement across detection, response, and automation
Required Skills & Experience:
Strong experience working in a SOC Level 3, CSIRT, or senior incident response role
Proven experience managing and responding to high-priority cyber security incidents
Strong knowledge of:
Incident Response
Threat Hunting
Digital Forensics
SIEM platforms
SOAR tools
Detection Engineering
Experience investigating alerts across:
Endpoint security tools
Network security tools
Cloud environments
Enterprise applications
Strong understanding of threat intelligence, attack techniques, and adversary behaviour
Experience mentoring junior SOC analysts and supporting operational maturity
Strong communication skills with the ability to explain technical risks to non-technical stakeholders
Desirable:
Knowledge of Operational Technology (OT) environments, industrial systems, or critical infrastructure security
Exposure to security frameworks and standards such as:
ISO 27001
NCSC CAF
SOC audits
Ideal Candidate:
You are a technically strong cyber security professional who thrives in fast-paced environments and can confidently lead incident response activities during critical situations. You will bring deep SOC and cyber defence expertise, a proactive mindset, and a strong focus on continuous improvement.