SOC Analyst
Posted 2 weeks ago by Infoplus Technologies UK Ltd
Negotiable
Undetermined
Undetermined
Manchester, United Kingdom
Summary: The SOC Analyst role focuses on advanced threat detection and incident response, requiring the investigation of complex security incidents and the use of Microsoft Sentinel and Defender for in-depth analysis. The position involves proactive threat hunting, security engineering, license usage monitoring, and automation of response workflows. Candidates must possess strong analytical skills and experience in cybersecurity operations, particularly with Microsoft tools. Effective communication and a proactive approach to continuous improvement are essential attributes for success in this role.
Key Responsibilities:
- Investigate and analyze complex security incidents escalated from L1/L2 SOC analysts.
- Leverage Microsoft Sentinel (SIEM) and Microsoft Defender XDR for incident response.
- Correlate multi-source telemetry to identify and contain threats.
- Perform proactive threat hunting using KQL within Microsoft Sentinel.
- Develop and fine-tune custom analytics rules, workbooks, and hunting queries.
- Apply the MITRE ATT&CK framework to improve threat visibility.
- Onboard and integrate new data sources into Microsoft Sentinel.
- Build and manage data connectors, custom log parsers, and normalization schemas.
- Collaborate with teams to onboard telemetry from various platforms.
- Monitor Microsoft Sentinel and Defender license consumption.
- Analyze daily ingestion volumes and recommend optimization strategies.
- Design and implement automated response workflows using Sentinel playbooks.
- Produce comprehensive incident reports and maintain technical documentation.
- Generate dashboards and reports for SOC leadership and compliance stakeholders.
Key Skills:
- Bachelor's degree in computer science, Cybersecurity, Engineering, or a related field.
- 5+ years of hands-on experience in cybersecurity operations.
- Minimum 2 years of experience with Microsoft Sentinel and Microsoft Defender suite.
- Strong skills in KQL (Kusto Query Language).
- Security architecture and data integration expertise.
- Knowledge of Azure and Microsoft 365 security services.
- Experience in onboarding and managing log sources in a SIEM.
- Understanding of log ingestion cost management and licensing considerations.
- Familiarity with cloud-native security tools and threat intelligence integration.
- Scripting experience (e.g., PowerShell, Python) is an advantage.
- Preferred certifications: SC-200, AZ-500, GCIA, GCIH, or equivalent.
- Strong analytical and problem-solving mindset.
- Ability to lead under pressure during real-time incidents.
- Clear and effective communicator, both verbal and written.
- Proactive, self-driven, and committed to continuous improvement.
Salary (Rate): undetermined
City: Manchester
Country: United Kingdom
Working Arrangements: undetermined
IR35 Status: undetermined
Seniority Level: undetermined
Industry: IT
Advanced Threat Detection & Incident Response
Investigate and analyze complex security incidents escalated from L1/L2 SOC analysts.
Leverage Microsoft Sentinel (SIEM) and Microsoft Defender XDR to conduct in-depth incident response.
Correlate multi-source telemetry (network, endpoint, identity, cloud) to identify and contain threats.
Threat Hunting & Detection Engineering
Perform proactive threat hunting using KQL within Microsoft Sentinel.
Develop and fine-tune custom analytics rules, workbooks, and hunting queries.
- Apply the MITRE ATT&CK framework to build coverage and improve threat visibility.
Security Engineering & Platform Management
Onboard and integrate new data sources into Microsoft Sentinel, ensuring accurate log ingestion and parsing.
Build and manage data connectors, custom log parsers, and normalization schemas.
Collaborate with cloud and infrastructure teams to onboard telemetry from endpoints, identity systems, and SaaS platforms.
License Usage Monitoring & Optimization
Monitor Microsoft Sentinel and Defender license consumption on an ongoing basis.
Analyze and average daily ingestion volumes, ensuring alignment with the procured license limits.
Recommend optimization strategies to control costs without compromising visibility or detection capabilities.
Automation & Response
Design and implement automated response workflows using Sentinel playbooks (Logic Apps).
o Enhance response efficiency by developing SOAR integrations across security tooling.
Documentation & Reporting
Produce comprehensive incident reports and root cause analyses.
Maintain technical documentation for use cases, configurations, response procedures, and data source onboarding.
Generate regular dashboards and reports for SOC leadership and compliance stakeholders.
Required Skills & Qualifications
Bachelor's degree in computer science, Cybersecurity, Engineering, or a related field.
5+ years of hands-on experience in cybersecurity operations.
Minimum 2 years of experience with Microsoft Sentinel and Microsoft Defender suite.
Strong skills in:
- KQL (Kusto Query Language)
- Security architecture and data integration
- Azure and Microsoft 365 security services
Experience in onboarding and managing log sources in a SIEM.
Understanding of log ingestion cost management and licensing considerations in Sentinel.
Familiarity with cloud-native security tools and threat intelligence integration.
Scripting experience (eg, PowerShell, Python) is an advantage.
Preferred certifications:
- SC-200: Microsoft Security Operations Analyst
- AZ-500: Microsoft Azure Security Technologies
- GCIA, GCIH, or equivalent
Preferred Personal Attributes
Strong analytical and problem-solving mindset.
Ability to lead under pressure during Real Time incidents.
Clear and effective communicator-both verbal and written.
Proactive, self-driven, and committed to continuous improvement