Senior SOC Engineer

1 Days Old

Senior SOC Engineer £60,000 GBP Hybrid WORKING Location:
Glasgow, Scotland - United Kingdom
Type:
Permanent
Senior SOC Engineer A leading organisation is seeking a Senior SOC Engineer to strengthen its security operations capability and drive continuous improvement across detection, response, and automation. This pivotal role requires deep expertise in IBM QRadar, with a strong focus on playbook development, analytical rule creation, and threat modelling. The Senior SOC Engineer will play a key role in building and optimising detection and response strategies, ensuring robust protection against evolving threats.
Key Responsibilities SIEM Engineering & Management
Deploy, configure, and maintain the QRadar SIEM platform. Onboard and normalise log sources across on-premises and cloud environments. Develop and optimise analytical rules for threat detection, anomaly detection, and behavioural analysis. Playbook Development & Automation
Design and implement incident response playbooks for scenarios such as phishing, lateral movement, and data exfiltration. Integrate playbooks with SOAR platforms (e.g., Microsoft Logic Apps, XSOAR) to streamline triage and automate response. Refine playbooks based on threat intelligence and incident insights. Threat Detection & Response
Monitor and analyse security alerts and events to identify potential threats. Conduct investigations and coordinate incident response activities. Collaborate with threat intelligence teams to enhance detection logic. Threat Modelling & Use Case Development
Lead threat modelling exercises using frameworks such as MITRE ATT&CK, STRIDE, and Cyber Kill Chain. Translate threat models into actionable detection use cases and SIEM rules. Prioritise detection engineering based on business risk and impact. Reporting & Collaboration
Produce reports and dashboards to communicate security posture and incident trends. Partner with IT, DevOps, and compliance teams to enforce secure configurations. Provide mentorship to junior analysts and engineers. Maintain documentation of security procedures, incident response plans, runbooks, and playbooks. Contribute to monthly reporting packs in line with contractual obligations. Additional Contributions
Support pre-sales teams with technical requirements for new opportunities. Demonstrate SOC tools and capabilities to clients. Participate in continual service improvement initiatives, recommending changes to address recurring incidents. Skills & Qualifications
Eligible for, or already holding, SC Clearance. Proven expertise in IBM QRadar and SIEM engineering. Strong knowledge of log formats, parsing, and normalisation. Proficiency in SIEM query languages such as KQL, SPL, AQL. Scripting experience with Python or PowerShell for automation. Deep understanding of threat detection, incident response, and the cyber kill chain. Familiarity with frameworks including MITRE ATT&CK, NIST, and CIS. Strong communication, analytical, and presentation skills. Solid understanding of network traffic flows, vulnerability management, and penetration testing principles. Knowledge of ITIL processes (Incident, Problem, Change Management). Ability to work independently and thrive in a 24/7 on-call environment. Education & Experience
3-5 years' experience in the IT security industry, ideally in a SOC/NOC environment. Cybersecurity certifications preferred (e.g., ISC2 CISSP, GIAC, SC-200, IBM QRadar Certified Specialist, Splunk Certified Admin/Power User, Google Chronicle Security Engineer). Hands-on experience with ServiceNow Security Suite. Familiarity with cloud platforms (AWS and/or Microsoft Azure). Proficiency in Microsoft Office products, particularly Excel and Word. Reference:
AMC/RHU/SOC
#ryhu TPBN1_UKTJ
Apply
Location:
London
Salary:
not provided
Category:
Engineering

We found some similar jobs based on your search