UK SOC Requisition Document
Job Title: L3 SOC Analyst
Location: United Kingdom Type: Full-time, permanent
Role Overview:We are establishing a modern Security Operations Centre designed to deliver proactive,intelligence-driven security outcomes. Moving beyond traditional reactive monitoring, ourSOC emphasises AI, automation, detection engineering, and deep cloud security visibility toidentify and neutralise sophisticated threats at scale.
The L3 SOC Analyst will act as the senior technical escalation point within the SOC, leadingcomplex investigations, driving automation initiatives, and mentoring junior analysts. Thisrole requires strong hands-on expertise across cloud security, threat hunting, incidentresponse, and orchestration technologies.
Key ResponsibilitiesIncident Response & Technical Escalation● Act as the final escalation point for complex incidents originating from L1/L2 analysis.● Lead investigations into high-severity security events, including those impacting AWS,Azure, Kubernetes clusters and hybrid environments.● Perform advanced forensic analysis across endpoints, cloud workloads, and networktelemetry to determine root cause, impact, and remediation actions.● Correlate telemetry from SIEM, EDR, CSPM, and cloud-native sources to identifysophisticated attack chains.Security Automation & SOAR Engineering● Design, develop, and maintain automated response playbooks within the SOARplatform to improve response efficiency.● Build and maintain automation scripts (Python, go, etc.) for alert enrichment,evidence collection, and containment.● Integrate security platforms via APIs to enable streamlined, automated detection andresponse workflows.● Identify opportunities to reduce Mean Time to Detect (MTTD) and Mean Time toRespond (MTTR) through automation and process optimisation.
Threat Hunting & Detection Engineering● Conduct proactive threat hunting across enterprise and cloud environments usingintelligence-driven and hypothesis-based methodologies.● Serve as an SME for cloud security monitoring leveraging tools such as AWSGuardDuty, CloudTrail, CrowdStrike, and Proofpoint.● Develop and tune SIEM detections, correlation rules, and EDR queries aligned toMITRE ATT&CK tactics and emerging threat intelligence.Mentorship & Continuous Improvement● Provide technical mentoring and guidance to L1/L2 analysts to strengthen SOCcapability.● Maintain and enhance SOC documentation including SOPs, runbooks, and responseplaybooks.● Analyse incident trends and operational metrics to recommend improvements indetection coverage, automation effectiveness, and security posture.Skills & Experience Required● Bachelor’s degree in Computer Science, Cybersecurity, or related discipline (orequivalent industry experience).● Extensive experience in Security Operations with demonstrable time in a senioranalyst, threat hunter, or L3 role.● Strong hands-on experience in cloud security monitoring and incident responseacross AWS, Azure, or GCP.● Proven scripting and automation capability using Python, Go, PowerShell,Bash,etc.● Practical experience with SOAR platforms (e.g., CrowdStrike Fusion SOAR) and SIEMtechnologies (e.g., CrowdStrike Falcon, Splunk, QRadar, Microsoft Sentinel).● Deep understanding of EDR tooling, host/network forensics, and detectionengineering practices.● Strong working knowledge of the MITRE ATT&CK framework and its application inthreat detection and hunting.
Additional Role Requirements (UK Specific)- UK Citizenship is mandatory due to data residency, customer contractual obligations,and potential security clearance requirements.- Candidates must have the unrestricted right to work in the United Kingdom.- The role forms part of a global Infosec team, hence availability during weekends andoutside standard working hours is expected to support critical incidents and urgentescalations.
Desirable Certifications● CEH, GIAC, or equivalent