Senior SOC Analyst

2 months, 2 weeks ago
Full-time
Senior
Cybersecurity
Phoenix Software

Phoenix Software

Phoenix Software specializes in leveraging information technology to empower the UK public sector to innovate and transform, facilitating the delivery of smart connected services to various stakeholders, including staff, citizens, patients, and students.

IT Services
251-1K
Founded 1990

Description

  • Lead major security incidents from detection through remediation, including containment and attacker activity analysis.
  • Support clients through high-severity security events and critical decision-making during incident response.
  • Proactively hunt for threats using advanced KQL analytics and other SOC investigation techniques.
  • Enhance SIEM and EDR detections, tune rules, and develop signatures aligned to MITRE ATT&CK.
  • Perform malware triage and behavioural analysis, including reverse engineering when needed.
  • Produce clear investigation reports, timelines, and intelligence summaries for technical and non-technical audiences.
  • Contribute to SOC playbooks and help improve SOC processes, tooling, and overall capability.
  • Mentor junior analysts and support skill development within the SOC team.
  • Support onboarding of new customers and help integrate them into SOC operations.
  • Participate in the 24x7 on-call rota to provide expert support during critical incidents.

Requirements

  • Strong background in DFIR, SOC operations, or incident response.
  • Experience leading complex investigations and high-severity security incidents.
  • Ability to make confident decisions and guide clients through critical situations.
  • Strong communication skills with the ability to translate technical findings for any audience.
  • Collaborative mindset with willingness to work closely across teams.
  • Ability to mentor junior analysts and support skill development.
  • Comfortable working in fast-paced, high-pressure environments.
  • Proactive approach to improving SOC processes, playbooks, and detection capabilities.
  • Advanced SIEM expertise, ideally with Microsoft Sentinel and Defender XDR.
  • High-level KQL capability, with Python and PowerShell for automation.
  • Core digital forensics skills.
  • Experience with Velociraptor, KAPE, and sandbox tools.
  • Solid understanding of detection engineering.
  • Strong technical reporting and documentation skills.
  • Must have lived in the UK continuously for at least 5 years and have no criminal record to achieve clearance.
  • Must already have, or be able to obtain, NPPV3.
  • Fully remote role apart from an initial onboarding week on-site in Pocklington.
  • Shift pattern is 9:00am to 5:00pm with flexible start and finish times, plus on-call responsibilities.

Benefits

  • Fully remote working apart from an initial onboarding week on-site in Pocklington.
  • Flexible start and finish times.
  • Opportunity to join a culture focused on encouragement, support, and skill development.
  • Chance to work for a UK IT solution and managed service provider with a strong people-first culture.

Interested in this position?

Apply directly on the company website

Apply Now

Similar Roles

Cyber Security Analyst I

CyberSheath 51-250 Internet Software & Services

CyberSheath Services International LLC is hiring a Cyber Security Analyst I to support its remote Security Operations team in monitoring client environments for the defense industrial base and responding to security threats.

Cybersecurity SIEM SOC
14 hours, 43 minutes ago

Senior GRC Analyst

Morgan & Morgan 1K-5K Specialized Consumer Services

Morgan & Morgan is hiring a Senior GRC Analyst to help build and run its Risk & Resilience program within Information Security, with end-to-end ownership of governance, risk, compliance, and awareness work across a national law firm.

14 hours, 43 minutes ago

Information Security Manager

HICX.com 51-250 Professional Services

HICX is hiring an Information Security Manager to lead its internal IT and security function, overseeing governance, compliance, incident response, privacy, and employee IT operations for a remote global SaaS business.

AWS Azure SIEM
14 hours, 58 minutes ago

Security Awareness Analyst

Monzo 1K-5K Banks

Monzo is hiring a part-time Security Awareness role to help the People Centred Security Squad create security processes and communications that protect customers while keeping the bank moving quickly.

Notion
15 hours, 43 minutes ago

You're on a roll! Sign up now to keep applying.

Sign Up

Already have an account? Log in

Used by 14,729+ remote workers