SOC Security Analyst (Microsoft Sentinel & Defender Specialist)
Posted 2 weeks ago by Whitehall Resources Ltd
Negotiable
Inside
Hybrid
Manchester, UK
Summary: The SOC Security Analyst (Microsoft Sentinel & Defender Specialist) role involves advanced threat detection, incident response, and security monitoring, primarily utilizing Microsoft Sentinel and Defender. The position requires a highly skilled individual with strong engineering knowledge to lead in detection engineering and optimize license consumption. This is a hybrid role based in Manchester, requiring 2-3 days on-site work per week. The contract is for an initial duration of 6 months and falls inside IR35 regulations.
Key Responsibilities:
- Investigate and analyze complex security incidents escalated from L1/L2 SOC analysts.
- Leverage Microsoft Sentinel (SIEM) and Microsoft Defender XDR to conduct in-depth incident response.
- Correlate multi-source telemetry (network, endpoint, identity, cloud) to identify and contain threats.
- Perform proactive threat hunting using KQL within Microsoft Sentinel.
- Develop and fine-tune custom analytics rules, workbooks, and hunting queries.
- Apply the MITRE ATT&CK framework to build coverage and improve threat visibility.
- Onboard and integrate new data sources into Microsoft Sentinel, ensuring accurate log ingestion and parsing.
- Build and manage data connectors, custom log parsers, and normalisation schemas.
- Collaborate with cloud and infrastructure teams to onboard telemetry from endpoints, identity systems, and SaaS platforms.
- Monitor Microsoft Sentinel and Defender license consumption on an ongoing basis.
- Analyse and average daily ingestion volumes, ensuring alignment with the procured license limits.
- Recommend optimisation strategies to control costs without compromising visibility or detection capabilities.
- Design and implement automated response workflows using Sentinel playbooks (Logic Apps).
- Enhance response efficiency by developing SOAR integrations across security tooling.
- Produce comprehensive incident reports and root cause analyses.
- Maintain technical documentation for use cases, configurations, response procedures, and data source onboarding.
- Generate regular dashboards and reports for SOC leadership and compliance stakeholders.
Key Skills:
- Bachelor's degree in computer science, Cybersecurity, Engineering, or a related field.
- 5+ years of hands-on experience in cybersecurity operations.
- Minimum 2 years of experience with Microsoft Sentinel and Microsoft Defender suite.
- KQL (Kusto Query Language)
- Security architecture and data integration
- Azure and Microsoft 365 security services
- Experience in onboarding and managing log sources in a SIEM.
- Understanding of log ingestion cost management and licensing considerations in Sentinel.
- Familiarity with cloud-native security tools and threat intelligence integration.
- Scripting experience (e.g., PowerShell, Python) is an advantage.
- Preferred certifications: SC-200, AZ-500, GCIA, GCIH, or equivalent.
- Strong analytical and problem-solving mindset.
- Ability to lead under pressure during Real Time incidents.
- Clear and effective communicator-both verbal and written.
- Proactive, self-driven, and committed to continuous improvement.
Salary (Rate): undetermined
City: Manchester
Country: UK
Working Arrangements: hybrid
IR35 Status: inside IR35
Seniority Level: undetermined
Industry: IT
SOC Security Analyst (Microsoft Sentinel & Defender Specialist)
Whitehall resources are looking for an experienced SOC Security Analyst (Microsoft Sentinel & Defender Specialist). This role is hybrid working with 2-3 days per week on site in Manchester, and the remainder remote working, for an initial 6-month contract.
*Inside IR35*
Job Summary:
We are seeking a highly skilled and experienced SOC L3 Analyst with strong engineering knowledge and deep expertise in Microsoft Sentinel and the Microsoft Defender suite. The ideal candidate will take a lead role in advanced threat detection, incident response, detection engineering, and security monitoring, while also optimising license consumption and SIEM integration efforts.
Key Responsibilities:
Advanced Threat Detection & Incident Response
- Investigate and analyze complex security incidents escalated from L1/L2 SOC analysts.
- Leverage Microsoft Sentinel (SIEM) and Microsoft Defender XDR to conduct in-depth incident response.
- Correlate multi-source telemetry (network, endpoint, identity, cloud) to identify and contain threats.
Threat Hunting & Detection Engineering
- Perform proactive threat hunting using KQL within Microsoft Sentinel.
- Develop and fine-tune custom analytics rules, workbooks, and hunting queries.
- Apply the MITRE ATT&CK framework to build coverage and improve threat visibility.
Security Engineering & Platform Management
- Onboard and integrate new data sources into Microsoft Sentinel, ensuring accurate log ingestion and parsing.
- Build and manage data connectors, custom log parsers, and normalisation schemas.
- Collaborate with cloud and infrastructure teams to onboard telemetry from endpoints, identity systems, and SaaS platforms.
License Usage Monitoring & Optimisation
- Monitor Microsoft Sentinel and Defender license consumption on an ongoing basis.
- Analyse and average daily ingestion volumes, ensuring alignment with the procured license limits.
- Recommend optimisation strategies to control costs without compromising visibility or detection capabilities.
Automation & Response
- Design and implement automated response workflows using Sentinel playbooks (Logic Apps).
- Enhance response efficiency by developing SOAR integrations across security tooling.
Documentation & Reporting
- Produce comprehensive incident reports and root cause analyses.
- Maintain technical documentation for use cases, configurations, response procedures, and data source onboarding.
- Generate regular dashboards and reports for SOC leadership and compliance stakeholders.
Required Skills & Qualifications:
- Bachelor's degree in computer science, Cybersecurity, Engineering, or a related field.
- 5+ years of hands-on experience in cybersecurity operations.
- Minimum 2 years of experience with Microsoft Sentinel and Microsoft Defender suite.
Skills:
- KQL (Kusto Query Language)
- Security architecture and data integration
- Azure and Microsoft 365 security services
- Experience in onboarding and managing log sources in a SIEM.
- Understanding of log ingestion cost management and licensing considerations in Sentinel.
- Familiarity with cloud-native security tools and threat intelligence integration.
- Scripting experience (eg, PowerShell, Python) is an advantage.
Preferred certifications:
- SC-200: Microsoft Security Operations Analyst
- AZ-500: Microsoft Azure Security Technologies
- GCIA, GCIH, or equivalent
Preferred Personal Attributes:
- Strong analytical and problem-solving mindset.
- Ability to lead under pressure during Real Time incidents.
- Clear and effective communicator-both verbal and written.
- Proactive, self-driven, and committed to continuous improvement.
All of our opportunities require that applicants are eligible to work in the specified country/location, unless otherwise stated in the job description.
Whitehall Resources are an equal opportunities employer who value a diverse and inclusive working environment. All qualified applicants will receive consideration for employment without regard to race, religion, gender identity or expression, sexual orientation, national origin, pregnancy, disability, age, veteran status, or other characteristics.