Principal SOC Analyst

Principal SOC Engineer

Fully Remote (Mon-Fri, Days)

Must be UK Based

Up to £70k DOE

Role details:

We’re partnering with a specialist Cyber Security services provider with exciting growth plans. They’re looking for a Principal SOC Analyst to play a key role in the detection, investigation, and response to advanced cyber threats within their virtual Security Operations Centre.

Responsibilities:

• Lead complex incident investigations from triage to remediation and post-incident review.
• Act as the analyst “goto” for questions, support and specialist analytical expertise.
• Guide and mentor junior analysts, providing technical leadership during incidents
• Work with the analyst team to ensure proactive threat hunting using SIEM, EDR, and threat intel sources covers the pyramid of pain, and develops analysts into threat hunting beyond IoC’s.
• Analyse and validate security alerts, refining detection rules in collaboration with engineers.
• Correlate signals from multiple platforms (e.g., EDR, network, cloud, identity) to identify adversary techniques (MITRE ATT&CK).
• Leverage threat intelligence (including MISP) to enrich investigations and build contextual awareness.
• Contribute to detection use case development, helping to identify gaps in coverage and recommend improvements.
• Support the evolution of incident response playbooks and knowledge base articles.
• Collaborate with other teams to support vulnerability management, purple teaming, and security awareness activities.

Requirements:

• 4+ years working in a SOC or cyber defence team, with demonstrable experience leading high-impact investigations.
• SIEM: Elastic Stack (Kibana, Logstash), Microsoft Sentinel
• EDR: Microsoft Defender for Endpoint, CrowdStrike Falcon, Elastic Defend
• Threat Intel: MISP (querying, correlation, pivoting)
• SOAR: Jira automations, Azure logic apps and logic functions
• Security Frameworks: MITRE ATT&CK, NIST, Cyber Kill Chain
• Proficiency in interpreting logs from systems, endpoints, cloud services (e.g., Azure, M365), and network sources.
• Experience using threat intelligence to contextualise alerts and enhance response decisions.
• Experience in developing and utilising hypothesis, analysis and iteration to drive results from threat hunting across the pyramid of pain.
• Familiarity with threat hunting methodologies and anomaly detection approaches.
• Ability to script or automate repetitive tasks (Python, PowerShell, or similar).

Eligibility:

To be considered for the role, you must live and have permanent right to work the UK.

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason, please let us know when you apply or talk to the recruiters directly so we can support you.