Security Operations Center Analyst

Job title: SOC Analyst L3

Will the role be 100% remote, hybrid or 100% office? Hybrid – 3 days/week

If the role is hybrid/ office based specify location: Manchester, UK

Duration of assignment: 6 months contract

InsideIR35

Role Description: We are seeking a highly skilled and experienced SOC L3 Analyst with strong engineering knowledge and deep expertise in Microsoft Sentinel and the Microsoft Defender suite. The ideal candidate will take a lead role in advanced threat detection, incident response, detection engineering, and security monitoring, while also optimizing license consumption and SIEM integration efforts. 5+ years in cybersecurity with 2+ years in a Level 3 SOC role

Key Responsibilities:

• Advanced Threat Detection & Incident Response - Investigate and analyze complex security incidents escalated from L1/L2 SOC analysts.
• Leverage Microsoft Sentinel (SIEM) and Microsoft Defender XDR to conduct in-depth incident response.
• Correlate multi-source telemetry (network, endpoint, identity, cloud) to identify and contain threats.
• Threat Hunting & Detection Engineering - Perform proactive threat hunting using KQL within Microsoft Sentinel.
• Develop and fine-tune custom analytics rules, workbooks, and hunting queries.
• Apply the MITRE ATT&CK framework to build coverage and improve threat visibility.
• Security Engineering & Platform Management - Onboard and integrate new data sources into Microsoft Sentinel, ensuring accurate log ingestion and parsing.
• Build and manage data connectors, custom log parsers, and normalization schemas.
• Collaborate with cloud and infrastructure teams to onboard telemetry from endpoints, identity systems, and SaaS platforms.
• License Usage Monitoring & Optimization - Monitor Microsoft Sentinel and Defender license consumption on an ongoing basis.
• Analyze and average daily ingestion volumes, ensuring alignment with the procured license limits.
• Recommend optimization strategies to control costs without compromising visibility or detection capabilities.
• Automation & Response - Design and implement automated response workflows using Sentinel playbooks (Logic Apps).
• Enhance response efficiency by developing SOAR integrations across security tooling.
• Documentation & Reporting - Produce comprehensive incident reports and root cause analyses.
• Maintain technical documentation for use cases, configurations, response procedures, and data source onboarding.
• Generate regular dashboards and reports for SOC leadership and compliance stakeholders.

Essential Skills/knowledge/experience:

• Bachelor’s degree in computer science, Cybersecurity, Engineering, or a related field.
• 5+ years of hands-on experience in cybersecurity operations.
• Minimum 2 years of experience with Microsoft Sentinel and Microsoft Defender suite.
• Strong skills in:
• KQL (Kusto Query Language)
• Security architecture and data integration
• Azure and Microsoft 365 security services
• Experience in onboarding and managing log sources in a SIEM.
• Understanding of log ingestion cost management and licensing considerations in Sentinel.
• Familiarity with cloud-native security tools and threat intelligence integration.
• Scripting experience (e.g., PowerShell, Python) is an advantage.
• Preferred certifications:
• SC-200: Microsoft Security Operations Analyst
• AZ-500: Microsoft Azure Security Technologies
• GCIA, GCIH, or equivalent
• Preferred Personal Attributes:
• Strong analytical and problem-solving mindset.
• Ability to lead under pressure during real-time incidents.
• Clear and effective communicator—both verbal and written.
• Proactive, self-driven, and committed to continuous improvement