Job Title: Level 2 SOC Analyst (Microsoft Stack)
Location: Remote-First (1 day per week in Midlands Office)
Salary: Up to £43,000 per annum
Working Hours: 9:00 AM – 5:00 PM (Monday to Friday)
Job Overview:
Our client, a prominent organization within the utilities space, is seeking a proactive and skilled Level 2 SOC Analyst with expertise in the Microsoft stack to join their Security Operations Centre (SOC) team. This is a remote-first role with one day per week in the Midlands office. The Level 2 SOC Analyst will be responsible for investigating and responding to advanced security incidents, leveraging Microsoft-based security tools and platforms, and collaborating with other teams to ensure the protection of critical infrastructure and data.
Key Responsibilities:
* Incident Investigation & Response:
* Analyse and investigate security alerts from Microsoft security tools (e.g., Microsoft Sentinel, Defender for Endpoint, Microsoft Defender for Identity, etc.).
* Perform in-depth analysis of security incidents to assess impact and severity, including handling incidents such as malware infections, phishing attacks, insider threats, and more.
* Escalate and coordinate response efforts with senior analysts and management as necessary.
* Microsoft Stack Security Management:
* Utilize Microsoft security tools, including Microsoft Sentinel (SIEM), Defender for Endpoint, Defender for Identity, and other Microsoft security solutions, to monitor, detect, and respond to security threats.
* Manage, configure, and fine-tune Microsoft security tools to optimize detection capabilities and reduce false positives.
* Threat Monitoring & Intelligence:
* Monitor and analyze logs, network traffic, and system behaviour using Microsoft-based security technologies to identify potential security risks and anomalous activities.
* Integrate threat intelligence feeds into Microsoft security platforms to enhance threat detection and incident response capabilities.
* Stay informed about the latest threats, vulnerabilities, and trends relevant to the utilities industry.
* Collaboration & Communication:
* Collaborate closely with Level 1 SOC analysts, IT teams, and other stakeholders to ensure timely response to security incidents and proactive threat hunting.
* Communicate effectively with both technical and non-technical stakeholders, providing detailed incident reports and status updates.
* Mentor and support junior team members, contributing to their skill development and knowledge.
* Reporting & Documentation:
* Document and log all security incidents, investigations, and responses accurately, ensuring compliance with internal processes and industry standards.
* Prepare and present incident reports, including detailed analyses, to management and stakeholders.
* Conduct post-incident reviews to identify lessons learned and improve future response efforts.
* Continuous Improvement:
* Contribute to the development of incident response procedures and playbooks to ensure best practices and standardized processes.
* Participate in regular training and development to stay current with Microsoft security technologies, industry best practices, and emerging threats.
Qualifications:
* Education & Experience:
* Bachelor's degree in Cybersecurity, Information Technology, or related field (or equivalent experience).
* 2+ years of experience in a Security Operations Centre (SOC) role, specifically with Microsoft security tools and platforms (e.g., Microsoft Sentinel, Defender, etc.).
* Experience in a security monitoring and incident response capacity within an enterprise environment, ideally in the utilities or similar critical infrastructure sectors.
* Skills & Competencies:
* Proficient in Microsoft security technologies, including Microsoft Sentinel (SIEM), Defender for Endpoint, Defender for Identity, and other Microsoft-based security solutions.
* Strong understanding of security protocols, networking, and systems architecture (e.g., TCP/IP, DNS, HTTP/S).
* Experience in performing log analysis, identifying indicators of compromise (IoCs), and handling security events within Microsoft environments.
* Ability to respond to and mitigate security incidents, including malware, phishing, and network intrusions.
* Strong communication and documentation skills, with the ability to provide clear reports to stakeholders.
* Ability to work independently and manage multiple priorities in a fast-paced environment.
* Certifications (Preferred but not required):
* Microsoft Certified: Security Operations Analyst Associate (Exam SC-200).
* CompTIA Security+, Certified Information Systems Security Professional (CISSP), or other relevant security certifications.
* GIAC Security Essentials (GSEC) or Certified Ethical Hacker (CEH).
Key Attributes:
* Strong problem-solving and analytical abilities, with attention to detail.
* Ability to work under pressure and handle high-stress situations effectively.
* A collaborative mindset with the ability to work closely with cross-functional teams.
* A passion for cybersecurity and staying up-to-date with the latest trends and threats.