Senior SOC Analyst

Hybrid – 1 day in the office every 4 – 6 weeks (depends on how the shift falls) / Home working.

£35,000 – £40,000 base + 17.5% shift allowance.

Work 4 days and then enjoy 4 days completely off, giving you more time for family, travel, or rest. In a critical cybersecurity role, you’ll gain round-the-clock operational experience that accelerates your career. Plus, you’ll avoid the typical Monday-Friday grind and long commute times, all whilst having a generous shift allowance of 17.5%!

Our client is a dedicated, pure-play cybersecurity consulting firm. As part of their growth plans, they are seeking a Senior SOC Analyst, Shift Lead who combines technical expertise with a desire to lead junior analysts to join their dynamic, fast-paced team.

About the Role

This is a hands-on leadership role operating on a 4-on, 4-off shift pattern, ensuring sustained SOC coverage across critical hours. You’ll manage, mentor, and train apprentices and placement students working on your shift, while also delivering advanced security operations services to clients across a range of industries.

As a Senior SOC Analyst, you will be central to incident response, threat hunting, and real-time defence management, guiding and mentoring a small, high-performing team.

The SOC team is deeply committed to leveraging the latest in automation and artificial intelligence, including SOAR platforms, to deliver smarter, faster, and more effective security outcomes. This role provides a unique opportunity to help shape the future of a next-gen SOC environment.

This role combines hands-on technical expertise with management responsibility, offering a unique blend and the chance to contribute meaningfully to both team development and cutting-edge security operations.

Key Responsibilities

• Mentorship & Team Leadership: Guide and support juniors with ticket escalation and investigating incidents, fostering a culture of collaboration and continuous learning.
• Client Relationship Management: Act as a point of contact, managing ongoing communications and ensuring technical needs are met
• Threat Detection & Analysis: Triage and analyse alerts across multiple SIEM platforms (e.g., Microsoft Sentinel, custom ELK stacks).
• Log & Threat Intelligence Analysis: Perform detailed log analysis and threat intelligence research to uncover root causes and bolster security defences.
• Technical Reporting: Deliver clear, client-focused reports on incidents, alerts, and threat activity.
• Escalation Handling: Manage critical escalations with precision and provide comprehensive, well-documented resolutions.
• SOC Innovation: Work with leadership to enhance operational efficiency and integrate emerging technologies.
• Incident Management: Lead security incident investigations and responses, offering strategic input to clients and internal teams.
• Continuous Development: Stay current on cybersecurity trends and research emerging threats, tools, and methodologies.

What We’re Looking For

• Commercial experience with Microsoft Sentinel is a MUST, including investigations, rule tuning, workbook development, and automation playbook design.
• Microsoft SC-200 certification is a mandatory requirement.
• SC-100, SC-300, SC-400, or AZ-500 are highly desirable
• Proficiency with EPP tools such as Microsoft Defender for Endpoint and SentinelOne.
• Experience working with ticketing systems and handling end-to-end workflows.
• Strong incident response and threat hunting skills.
• Excellent problem-solving abilities and the capacity to make sound decisions under pressure.
• Exceptional communication and interpersonal skills, with a customer-focused mindset.
• SANS certifications (desirable but not essential).

If you’re passionate about cybersecurity, thrive in a fast-paced 24/7 environment, and are ready to take the next step in leadership — all while working a shift pattern that gives you more days off and better work-life balance — this is the perfect role for you. Enjoy more flexibility, develop your technical and management skills, and be part of a forward-thinking SOC redefining cybersecurity operations.