Phoenix Software is looking for a Senior SOC Analyst to take a leading role in complex incident response cases, guiding clients through high-severity security events and strengthening our overall SOC capability. We aim to be the UK’s leading IT solution and managed service provider, and we recognise that people are the heart of everything we do.
What You'll Do
- Lead major security incidents from detection through remediation, coordinating containment, analysing attacker activity, and supporting clients through critical decision-making.
- Proactively hunt for threats using advanced KQL analytics, enhance SIEM/EDR detections, tune rules, and develop signatures aligned to MITRE ATT&CK.
- Perform malware triage and behavioural analysis, using reverse-engineering tools when needed to support investigations and strengthen detection coverage.
- Produce clear, high-quality investigation reports, timelines, and intelligence summaries that translate technical findings for a range of audiences.
- Contribute to SOC playbooks, mentor junior analysts, support onboarding of new customers, and help evolve SOC processes and tooling.
- Participate in the 24×7 on-call rota to provide expert support during critical incidents.
What We're Looking For
- A strong background in DFIR, SOC operations, or incident response.
- Ability to lead complex investigations and high-severity security incidents.
- Confident decision-maker who can guide clients through critical situations.
- Strong communicator, able to translate technical findings for any audience.
- Collaborative mindset with willingness to work closely across teams.
- Ability to mentor junior analysts and support skill development.
- Comfortable working in fast-paced, high-pressure environments.
- Proactive approach to improving SOC processes, playbooks, and detection capabilities.
- Advanced SIEM expertise, ideally in Microsoft Sentinel & Defender XDR.
- High-level KQL capability.
- Proficiency in Python or PowerShell for automation.
- Core digital forensics skills and experience with Velociraptor, KAPE & sandbox tools.
- Solid detection engineering understanding.
- Strong technical reporting and documentation skills.
- Have lived in the UK continuously for at least 5 years and have no criminal record to achieve the clearance needed.
- Already have or have the ability to obtain NPPV3 security clearance.
Technical Stack
- Microsoft Sentinel
- Defender XDR
- KQL
- Python
- PowerShell
- Velociraptor
- KAPE
- Sandbox tools
Work Mode
This is a hybrid position based in the UK.
Phoenix Software provides encouragement, support and skill development, and we believe a diversity of perspectives and experiences makes a team stronger.
