SOC Analyst
Role details
Job location
Tech stack
Job description
maturity, evolution, and operational effectiveness of SOC, MDR, and XDR services.ResponsibilitiesIncident investigation & response (primary focus)Act as a escalation point for all security alerts raised by Level 1 analystsValidate incidents and determine severity, scope, root cause, and business impactLead technical investigations using:Microsoft Sentinel (KQL, analytics rules, workbooks, hunting)Microsoft Defender XDR (Endpoint, Identity, Office 365, Cloud Apps)Entra ID (Azure AD) sign-in and audit logsCorrelate identity, endpoint, email, and cloud activity to reconstruct attack chains and timelinesOwn incidents through identification, containment, eradication coordination, recovery validationPost-incident review and documentationExecute or coordinate containment actions including: device isolation, account disablement and credential resets, revocation of tokens and sessions, blocking malicious indicators, email purge/quarantine via Defender for Office 365, Conditional Access policy enforcementProduce high-quality incident records including evidence and KQL queries used, actions taken, root cause analysis, MITRE ATT&CK mapping, lessons learned and improvement actionsSOC operations & stakeholder communicationServe as technical incident lead during major security eventsProvide accurate, timely updates to IT, security leadership, and affected teamsMaintain clear case management, documentation, and shift handovers within Sentinel/ITSM toolingContribute to operational reporting: incident volumes, time to detect / contain, alert fidelity, repeat incident driversParticipate in a business-hours operating model with an on-call rotation for out-of-hours incidentsAct as a trusted technical point of contact for SOC service discussions, supporting leadership in understanding risk, response options, and technical trade offs during live incidentsDetection engineering & continuous improvement (Microsoft-focused)Tune Sentinel analytics rules to reduce false positives and missed threatsImprove correlation logic, entity mapping, and severity scoringDevelop and maintain: Sentinel investigation playbooks, incident response runbooks, triage guides for Defender alertsBuild and refine SOAR workflows using Logic Apps / Sentinel automation rulesPerform quality assurance on Level 1 investigations and provide structured coaching feedbackIntroduce threat-informed detection improvements based on real incidents and Microsoft threat intelligenceTake ownership of defined components of the SOC, MDR, or XDR service, ensuring they are operationally effective, well documented, and aligned to current threat and platform capabilitiesIdentify gaps in detection coverage, tooling, or process maturity and propose practical, Microsoft aligned improvementsSupport service innovation by evaluating and piloting new Microsoft security features, detection approaches, and automation capabilities, assessing their operational value before wider adoptionTranslate incident learnings into service improvements, updated playbooks, enhanced automation, and refined escalation modelsLeadership, Collaboration & Platform MaturityProvide informal technical leadership to Level 1 analysts through mentoring, coaching, and example, raising investigation quality and analyst confidenceSet and reinforce expectations for investigative rigour, documentation quality, and decision making within the SOCWork closely with: Microsoft 365 administrators, Identity and access management teams, Endpoint engineering, Cloud platform teamsSupport onboarding of new Microsoft data connectors and Defender featuresAdvise on security telemetry requirements for new services or architectural changesWhat Success Looks LikeIncidents are accurately classified and contained quicklySentinel alert quality continuously improvesStakeholders trust SOC technical judgement and communicationLevel 1 analysts steadily increase investigation quality and independencePlaybooks and automation remain current and operationally usefulThe service is viewed as proactive, technically credible, and continuously improvingRequirements Required experience & skills2+ years' experience in a SOC or security operations role with ownership of complex investigationsStrong hands-on experience with:Microsoft Sentinel (KQL querying, investigations, analytics rules)Microsoft Defender for EndpointDefender for Office 365Defender for IdentityDefender for Cloud AppsEntra ID (Azure AD) logs and Conditional AccessSolid understanding of:Windows internals and endpoint telemetryIdentity-based attacks and token abuseEmail threat techniquesCommon attacker TTPs and kill chainsConfident writing technical incident reports and stakeholder updatesDemonstrated ability to influence service quality and operational maturity without formal line management responsibilityCertifications (desirable): Microsoft SC-200, SC-100 / SC-300, CompTIA CySA+ / Security+, GIAC certifications (GCIH, GCIA, GMON), Security Blue Team Level 2Working patternMonday to Friday, business hoursParticipation in a rotating on-call schedule for evenings/weekends to support major security incidentsBenefitsMethods is passionate about its people; we want our colleagues to develop the things they are good at and enjoy.By joining us you can expect autonomy to develop and grow your skills and experience, be part of exciting project work that is making a difference in society, strong leadership, and a supportive environmentDevelopment - access to LinkedIn Learning, a management development programme, and trainingWellness - 24/7 confidential employee assistance programmeFlexible Working - including home working and part timeSocial - office parties, breakfast Tuesdays, monthly pizza Thursdays, Thirsty Thursdays, and charitable causesTime Off - 25 days of annual leave a year, plus bank holidays, with the option to buy 5 extra days each yearVolunteering - 2 paid days per year to volunteer in local communities or within a charity organisationPension - Salary Exchange Scheme with 4% employer contribution and 5% employee contributionLife Assurance - 4 times base salaryPrivate Medical Insurance - non-contributory (spouse and dependants included)Worldwide Travel Insurance - non-contributory (spouse and dependants included)Enhanced Maternity and Paternity PayTravel - season ticket loan, cycle to work schemeFull benefits details available on methods.co.uk/careers/benefits#J-18808-Ljbffr Similar jobs, SOC Analyst This is an internalcentral SOC role, responsible for running day-to-day security operations and managing all security alerts and tickets received from the MSSP.Day Rate: £450pdIR35 Status: InsideDuration: 6 months initiallyTravel: 3 days a week in Central..., OverviewSOC Analyst / SecOps Consultant - Remote with occasional trip to Farnborough Must have an Active DV Clearance An opportunity is available for an experiencedSOC Analyst / SecOps Consultantto support and enhance Security Operations Centre capability within a highly..., A leading cybersecurity firm in the United Kingdom is seeking an experienced L2 SOC Analyst to monitor and respond to security incidents. The role requires expertise in threat analysis and the use of SIEM tools like Crowdstrike and Splunk. Ideal candidates have a minimum of..., Incident Response Analyst SOC London / WFH to £55k Are you a bright, enthusiastic technical graduate with Incident Response or Security Operations Centre experience? You could be progressing your career, working on Greenfield Cyber Security software products and learning..., SOC Analyst Basingstoke (Hybrid) Full Time Up to £30,000 per annum + 5% pension contribution A Microsoft Solution Partner have an exciting opportunity to join their growing Managed Service team as a Security Operations Centre (SOC) Analyst.In this role, you will monitor..., A leading IT Services Consultancy in the UK is seeking a Level 2 SOC Analyst to take on senior technical responsibilities within their secure operations team. You will be responsible for managing security incidents using Microsoft security platforms, leading investigations,..., A leading cybersecurity firm is seeking an experienced Level 3 SOC Analyst to enhance its security capabilities. The role demands expertise in incident response, threat hunting, and the Microsoft security ecosystem, while collaborating with various teams to improve the... © 2026, Jobsora.com
Requirements
Methods is a £100M+ IT Services Consultancy who has partnered with a range of central government departments and agencies to transform the way the public sector operates in the UK. Established over 30 years ago and UK-based, we apply our skills in transformation, delivery, and collaboration from across the Methods Group, to create end-to-end business and technical solutions that are people-centred, safe, and designed for the future. Our human touch sets us apart from other consultancies, system integrators and software houses - with people, technology, and data at the heart of who we are, we believe in creating value and sustainability through everything we do for our clients, staff, communities, and the planet. We support our clients in the success of their projects while working collaboratively to share skill sets and solve problems. At Methods we have fun while working hard; we are not afraid of making mistakes and learning from them. Predominantly focused on the public-sector, A leading managed service provider in the UK is seeking a mid-senior SOC Analyst to support their SOC Manager. In this remote role, you will handle security monitoring, incident response, and vulnerability testing. Candidates should have at least 2 years of experience in a...
