£600 Per day
Inside
Hybrid
Reading or Havant - Hybrid
Summary: Whitebridge is seeking a 2nd Line SOC Analyst with current SC Clearance to provide operational support for a utilities client. The role involves managing escalated incidents, validating alerts, and supporting log source onboarding into Microsoft Sentinel. The position requires effective triage and investigation of security events while contributing to operational improvements. The successful candidate should be available to start ASAP and will work in a hybrid arrangement.
Key Responsibilities:
- Provide hands-on 2nd line SOC operational support, including investigation and management of escalated incidents from the 1st line SOC
- Validate and assure quality and effectiveness of Sentinel alerts and detections
- Support onboarding of log sources and priority use cases into Microsoft Sentinel in line with CAF, T3, and ECS Keystone requirements
- Develop and utilise KQL queries to enable effective triage, investigation, and validation of security events
- Provide operational support and guidance to L1 SOC, improving consistency in alert handling and escalation
- Contribute to clearing operational backlog, including rule validation, clean-up activity, and onboarding delivery
- Perform basic tuning of analytic rules to improve signal quality and reduce alert noise (non-engineering activity)
Key Skills:
- Current SC Clearance
- Experience in 2nd line SOC operations
- Proficiency in Microsoft Sentinel and KQL queries
- Strong analytical and problem-solving skills
- Ability to provide operational support and guidance
- Experience in incident management and alert validation
- Familiarity with log source onboarding and security event investigation
Salary (Rate): £600 per day
City: Reading or Havant
Country: United Kingdom
Working Arrangements: hybrid
IR35 Status: inside IR35
Seniority Level: Mid-Level
Industry: IT
Whitebridge is looking for a 2nd Line SOC Analyst with current SC Clearance to join our utilities client.
Role Overview:
- Provide hands-on 2nd line SOC operational support, including investigation and management of escalated incidents from the 1st line SOC
- Validate and assure quality and effectiveness of Sentinel alerts and detections
- Support onboarding of log sources and priority use cases into Microsoft Sentinel in line with CAF, T3, and ECS Keystone requirements
- Develop and utilise KQL queries to enable effective triage, investigation, and validation of security events
- Provide operational support and guidance to L1 SOC, improving consistency in alert handling and escalation
- Contribute to clearing operational backlog, including rule validation, clean-up activity, and onboarding delivery
- Perform basic tuning of analytic rules to improve signal quality and reduce alert noise (non-engineering activity
The successful applicant should be able to commit to starting ASAP. The role will be hybrid between home and office visits and will be umbrella based working. Direct applicants only please.