We are seeking a Level 1 SOC Cyber Analyst to join a growing internal security function within a major defence and engineering organisation. This role is ideal for someone with a strong foundation in security operations who is ready to take ownership of first‑line triage, investigation, and incident escalation activities.
As the first internal responder to alerts generated by an outsourced SOC provider, you will play a crucial role in validating potential threats, engaging with users, and ensuring incidents are escalated through the correct channels. This is a hands‑on, fast‑paced role where your analytical mindset and communication skills will make a real impact.
Key Responsibilities
Alert Triage: Review and validate alerts escalated by the outsourced SOC, assessing accuracy and potential impact.
Initial Investigation: Conduct first‑line investigations using SIEM tools, device logs, firewall logs, and authentication data.
User Engagement: Work directly with end users and asset owners to gather information, verify events, and support immediate containment actions (e.g., password resets, asset isolation).
Incident Escalation: Escalate confirmed or high‑severity incidents to Level 2 SOC teams or internal incident response teams with complete and accurate documentation.
Case Documentation: Maintain detailed case notes, timelines, and evidence within the case management system.
Collaboration: Act as a key link between the internal security team and the external SOC provider, ensuring strong communication and situational awareness.
Playbook Execution: Follow established triage and escalation playbooks and contribute suggestions for improvement.
Threat Awareness: Stay informed on current cyber threats, attacker techniques (e.g., MITRE ATT&CK), and industry trends.
Knowledge & Experience
Essential:
2-4 years' experience in a SOC, IT operations, or security support role.
Understanding of core security concepts: malware, phishing, lateral movement, privilege escalation.
Working knowledge of network fundamentals, Windows/Linux logs, and authentication systems.
Experience with SIEM platforms such as Microsoft Sentinel, Splunk, Elastic, or QRadar.
Desirable:
Awareness of frameworks such as NIST CSF, MITRE ATT&CK, ISO27001.
Experience working with MSSPs or outsourced SOC environments.
Basic scripting or automation skills (PowerShell, Python, Bash).
Skills
Essential:
Familiarity with ticketing/case management tools (e.g., Jira, The Hive, ServiceNow).
Strong analytical skills with the ability to interpret logs and alerts.
Excellent written and verbal communication skills, able to explain technical findings to varied audiences.
Desirable:
Exposure to managed security service environments.
Interest in automation or scripting.
Qualifications
Desirable: CompTIA Security+, CySA+, or similar entry‑level certifications.
Additional Information
The role requires a strong commitment to safety, security, and compliance. You will be expected to follow organisational policies, report hazards, and maintain high standards of operational discipline.
Due to the nature of the work, this role may be subject to security and export control restrictions.
