Responsibilities
- Lead major security incidents from detection through remediation, coordinating containment, analysing attacker activity, and supporting clients through critical decision-making.
- Proactively hunt for threats using advanced KQL analytics, enhance SIEM/EDR detections, tune rules, and develop signatures aligned to MITRE ATT&CK.
- Perform malware triage and behavioural analysis, using reverse-engineering tools when needed to support investigations and strengthen detection coverage.
- Produce clear, high-quality investigation reports, timelines, and intelligence summaries that translate technical findings for a range of audiences.
- Contribute to SOC playbooks, mentor junior analysts, support onboarding of new customers, and help evolve SOC processes and tooling.
- Participate in the 24×7 on-call rota to provide expert support during critical incidents.
Requirements
- A strong background in DFIR, SOC operations, or incident response
- Ability to lead complex investigations and high-severity security incidents
- Confident decision-maker who can guide clients through critical situations
- Strong communicator, able to translate technical findings for any audience
- Collaborative mindset with willingness to work closely across teams
- Ability to mentor junior analysts and support skill development
- Comfortable working in fast-paced, high-pressure environments
- Proactive approach to improving SOC processes, playbooks, and detection capabilities
Benefits
- Encouragement, support and skill development
- Culture Blueprint
- Flexible start & finish
- On call responsibilities
Work Arrangement
Hybrid
Additional Information
- You will need to have lived in the UK continuously for at least 5 years and have no criminal record to achieve the clearance you need for this role. You must also already have/have the ability to obtain NPPV3.
- 9:00am until 5:00pm (Flexible start & finish) with on call responsibilities
