SOC Analyst

About

We are looking for an experienced SOC Analyst to anchor our Security Operations function within a managed services environment. This is a senior, client-facing role combining deep technical expertise in threat detection and vulnerability management with the leadership capability to drive service excellence across a cross-functional delivery team.

Key Responsibilities

Security operations & incident management

• Own end-to-end SOC operations — monitoring, triage, escalation, and closure across assigned accounts
• Lead P1/P2 security incident bridges — coordinating technical response, client communication, and executive reporting simultaneously
• Drive post-incident RCA and feed findings back into detection rules and runbooks
• Maintain and continuously improve the SOC runbook library
• Define and enforce SLA targets for detection, containment, and response

Vulnerability management — Qualys

• Own the vulnerability management programme — scan scheduling, asset coverage, findings triage, and remediation tracking
• Configure and govern Qualys scan policies, asset groups, and reporting templates aligned to client risk appetite
• Produce executive and operational vulnerability reports — translating CVSS scores into prioritised remediation plans
• Define and enforce vulnerability SLAs by severity tier (Critical, High, Medium)
• Own the exception register and risk acceptance process
• Drive continuous improvement of scan coverage — agent deployment gaps, credential scan gaps

Threat detection & platform — Palo Alto XSIAM/ Trellix

• Operate and govern XSIAM as the primary SIEM/SOAR platform — ingestion config, data source onboarding, parser management
• Build, tune, and maintain detection rules and correlation logic
• Develop and manage SOAR playbooks for automated response — enrichment, containment, ticketing integration
• Conduct threat hunting exercises using MITRE ATT&CK as the reference framework
• Maintain XSIAM dashboards for both operational and executive audiences

Endpoint security — Trellix & Microsoft Defender (MDE)

• Govern EDR across the estate using Trellix and MDE — coverage, policy compliance, agent health
• Configure and tune Trellix policies — threat prevention rules, containment actions, SIEM integration
• Manage MDE deployment — onboarding, alert suppression, custom KQL detection rules
• Coordinate endpoint isolation, forensic investigation, and remediation workflows
• Track and report on endpoint protection coverage, driving remediation of gaps

Threat management & intelligence

• Lead the threat intelligence function — consuming feeds, contextualising IOCs, translating into actionable detections
• Conduct regular threat landscape reviews and present findings in governance forums
• Map SOC coverage against MITRE ATT&CK — identifying detection gaps
• Maintain a threat register with current actor profiles and defensive recommendations

Process design & governance

• Design, document, and own SOC processes — incident response, vulnerability management, change control, escalation workflows
• Establish and run monthly SOC governance reviews — SLA performance, incident trends, threat posture
• Define and track SOC KPIs — MTTD, MTTR, false positive rate, vulnerability remediation SLA compliance
• Own the SOC tool stack governance — version management, health monitoring, integration integrity

Client engagement & stakeholder management

• Serve as the primary SOC point of contact for client stakeholders — leading governance calls and QBRs
• Prepare and present monthly and quarterly SOC reports for both technical and executive audiences
• Translate complex security findings into clear, risk-contextualised language for C-suite communication
• Manage client expectations proactively — flagging risks and posture changes before they escalate

Team leadership & cross-functional collaboration

• Lead and mentor a team of SOC analysts (L1/L2/L3) — performance expectations, appraisals, skills development
• Act as primary escalation point for the team on complex incidents and ambiguous threat scenarios
• Collaborate with infrastructure, IAM, network, and compliance teams for integrated security coverage
• Drive a continuous improvement culture — blameless retrospectives, lessons learned, good practice recognition
• Coordinate with ITSM and change management to ensure security events are correctly tracked and closed

Skills & Experience

• 7+ years in security operations in a managed services or multi-client SOC environment
• Hands-on Palo Alto XSIAM — rule writing, playbook development, data source integration, threat hunting
• Strong Trellix knowledge — policy management, EDR configuration, SIEM integration
• Microsoft Defender for Endpoint (MDE) — onboarding, custom KQL detections, incident response
• Qualys expertise — scan configuration, asset management, vulnerability reporting, remediation governance
• Threat intelligence capability — IOC analysis, MITRE ATT&CK mapping, threat hunting methodology
• Strong ITIL process knowledge applied in live operations — incident, problem, change, and service reporting
• Proven ability to lead client-facing governance sessions and communicate to senior stakeholders
• Track record of building or improving SOC processes and runbooks

Desirable

• Certifications: CISSP, CISM, CEH, SC-200, Palo Alto XSIAM specialist
• SOAR scripting — Python or PowerShell for playbook development
• Cloud security operations — Azure Sentinel, AWS Security Hub
• Regulatory framework familiarity — PCI-DSS, SOC 2, ISO 27001

Behavioural Competencies

• Accountability — owns outcomes, not just activities
• Client orientation — treats operational excellence and client confidence as inseparable
• Composure under pressure — leads calmly during P1s regardless of client or internal pressure
• Communication clarity — adjusts depth and tone for engineers, managers, and executives
• Continuous improvement mindset — treats every incident and process gap as a learning opportunity
• Collaborative leadership — builds trust across functions through expertise and follow-through