£85000 GBP

Onsite WORKING

Location: Central London, Greater London - United Kingdom Type: Permanent

Senior SOC Solutions Engineer - IBM QRadar Specialist

Location: UK-wide (with preference for London, Bristol, Manchester) Clearance: Must hold or be eligible for SC Clearance Work Type: Full-time, with 24/7 on-call rotation

A high-performing innovation and transformation consultancy is seeking a Senior SOC Solutions Engineer to elevate its security operations capability. This is a hands-on engineering role focused on SIEM development, playbook automation, and threat modelling-delivering proactive defence across cloud and on-prem environments.

You'll be instrumental in designing and implementing advanced detection and response strategies, working closely with cross-functional teams and contributing to continual service improvement.

Key Responsibilities

SIEM Engineering & Management

• Deploy, configure, and maintain IBM QRadar SIEM platform
• Onboard and normalize diverse log sources across hybrid environments
• Develop and tune analytical rules for threat detection and behavioural analysis

Playbook Development & Automation

• Design incident response playbooks for scenarios including phishing, lateral movement, and data exfiltration
• Integrate playbooks with SOAR platforms (e.g., Microsoft Logic Apps, XSOAR)
• Continuously refine automation based on threat intelligence and incident feedback

Threat Detection & Response

• Monitor and investigate security alerts and anomalies
• Lead incident response activities and collaborate with threat intelligence teams
• Enrich detection logic with contextual threat data

Threat Modelling & Use Case Development

• Conduct threat modelling using MITRE ATT&CK, STRIDE, or Kill Chain frameworks
• Translate models into actionable SIEM use cases and detection rules
• Prioritize engineering efforts based on risk and business impact

Reporting & Collaboration

• Produce dashboards and reports on security posture and incident trends
• Collaborate with IT, DevOps, and compliance teams to ensure secure configurations
• Mentor junior analysts and engineers
• Maintain documentation including runbooks, playbooks, and incident response plans
• Support contractual reporting requirements and monthly reporting packs

Additional Duties

• Support pre-sales activities and solution scoping for new opportunities
• Demonstrate SOC tools and capabilities to stakeholders
• Drive continual service improvement through recommendations and change initiatives

Required Skills & Experience

• Proven expertise in IBM QRadar SIEM
• Strong understanding of log formats, parsing, and normalization
• Experience with SIEM query languages (KQL, SPL, AQL)
• Scripting skills (Python, PowerShell) for automation and enrichment
• Deep knowledge of threat detection, incident response, and cyber kill chain
• Familiarity with MITRE ATT&CK, NIST, and CIS frameworks
• Understanding of network traffic flows and vulnerability management
• Exposure to ethical hacking and penetration testing
• Knowledge of ITIL disciplines (Incident, Problem, Change Management)
• Experience with ServiceNow Security Suite
• Cloud experience (AWS and/or Azure)
• Excellent communication, presentation, and analytical skills
• Ability to work independently and participate in 24/7 on-call rotation

Qualifications

• 3-5 years in IT security, ideally in SOC/NOC environments
• Relevant certifications preferred: ISC2 CISSP, GIAC, SC-200, IBM QRadar Certified Specialist, Splunk Admin/Power User, Chronicle Security Engineer
• Proficiency in Microsoft Office (Excel, Word)

This is a career-defining opportunity to shape the future of cyber defence within a consultancy that values technical excellence, innovation, and mission impact