£60,000 GBP

Hybrid WORKING

Location: Glasgow, Scotland - United Kingdom Type: Permanent

Senior SOC Engineer

A leading organisation is seeking a Senior SOC Engineer to strengthen its security operations capability and drive continuous improvement across detection, response, and automation. This pivotal role requires deep expertise in IBM QRadar, with a strong focus on playbook development, analytical rule creation, and threat modelling. The Senior SOC Engineer will play a key role in building and optimising detection and response strategies, ensuring robust protection against evolving threats.

Key Responsibilities

SIEM Engineering & Management

• Deploy, configure, and maintain the QRadar SIEM platform.
• Onboard and normalise log sources across on-premises and cloud environments.
• Develop and optimise analytical rules for threat detection, anomaly detection, and behavioural analysis.

Playbook Development & Automation

• Design and implement incident response playbooks for scenarios such as phishing, lateral movement, and data exfiltration.
• Integrate playbooks with SOAR platforms (e.g., Microsoft Logic Apps, XSOAR) to streamline triage and automate response.
• Refine playbooks based on threat intelligence and incident insights.

Threat Detection & Response

• Monitor and analyse security alerts and events to identify potential threats.
• Conduct investigations and coordinate incident response activities.
• Collaborate with threat intelligence teams to enhance detection logic.

Threat Modelling & Use Case Development

• Lead threat modelling exercises using frameworks such as MITRE ATT&CK, STRIDE, and Cyber Kill Chain.
• Translate threat models into actionable detection use cases and SIEM rules.
• Prioritise detection engineering based on business risk and impact.

Reporting & Collaboration

• Produce reports and dashboards to communicate security posture and incident trends.
• Partner with IT, DevOps, and compliance teams to enforce secure configurations.
• Provide mentorship to junior analysts and engineers.
• Maintain documentation of security procedures, incident response plans, runbooks, and playbooks.
• Contribute to monthly reporting packs in line with contractual obligations.

Additional Contributions

• Support pre-sales teams with technical requirements for new opportunities.
• Demonstrate SOC tools and capabilities to clients.
• Participate in continual service improvement initiatives, recommending changes to address recurring incidents.

Skills & Qualifications

• Eligible for, or already holding, SC Clearance.
• Proven expertise in IBM QRadar and SIEM engineering.
• Strong knowledge of log formats, parsing, and normalisation.
• Proficiency in SIEM query languages such as KQL, SPL, AQL.
• Scripting experience with Python or PowerShell for automation.
• Deep understanding of threat detection, incident response, and the cyber kill chain.
• Familiarity with frameworks including MITRE ATT&CK, NIST, and CIS.
• Strong communication, analytical, and presentation skills.
• Solid understanding of network traffic flows, vulnerability management, and penetration testing principles.
• Knowledge of ITIL processes (Incident, Problem, Change Management).
• Ability to work independently and thrive in a 24/7 on-call environment.

Education & Experience

• 3-5 years' experience in the IT security industry, ideally in a SOC/NOC environment.
• Cybersecurity certifications preferred (e.g., ISC2 CISSP, GIAC, SC-200, IBM QRadar Certified Specialist, Splunk Certified Admin/Power User, Google Chronicle Security Engineer).
• Hands-on experience with ServiceNow Security Suite.
• Familiarity with cloud platforms (AWS and/or Microsoft Azure).
• Proficiency in Microsoft Office products, particularly Excel and Word.