Security Analyst III - SOC

As a Security Analyst III, you will be the technical authority within the SOC, leading high-quality investigations and proactive threat hunting to protect the organisation from evolving threats. This hands-on role combines advanced technical expertise with leadership, coaching analysts, driving SOC maturity, and optimising tools and processes to set the standard for excellence across the team.

You will act as a role model for SOC Analysts, coaching and guiding them to elevate technical capability and analytical rigour. Beyond day-to-day operations, you will lead maturity objectives, optimise SOC tooling, and identify opportunities for automation, AI integration, and impactful service improvements. You will also play a key role within the CSIRT team, collaborating on major incidents.

• Deliver high-quality investigative analysis to ensure rapid and accurate incident resolution.
• Act as the escalation point and technical authority for complex SOC investigations.
• Lead proactive threat-hunting initiatives to identify and mitigate emerging threats before they impact the business.
• Role-model analytical excellence and decision-making, setting the benchmark for SOC performance.
• Coach and mentor analysts to build technical depth and confidence across the team.
• Drive SOC maturity objectives, improving processes, tooling, and automation for greater efficiency.
• Enhance SOC tool utilisation, including workflow optimisation.
• Identify and implement automation, AI-driven enhancements, and playbook developments.
• Support CSIRT activities during major incidents, ensuring coordinated and effective response.
• Monitor MSSP performance, ensuring alert triage and investigations meet quality and timeliness standards.

• Over 2 years’ experience working in an internal SOC or 3 years at an MSSP in a senior role.
• Deep knowledge of cybersecurity frameworks: MITRE ATT&CK, Cyber Kill Chain, Incident Response Lifecycle, Pyramid of Pain.
• Expertise in threat hunting and advanced investigative analysis.
• Deep understanding of attacker tactics, techniques, and procedures (TTPs) and threat actor behaviours.
• Proficiency in SIEM/XDR platforms and tuning detection logic, use cases, and alert optimisation.
• Advanced querying and scripting skills (e.g., KQL, SPL) for data analysis and threat detection.
• Ability to recommend tooling enhancements and process improvements to strengthen SOC capability.
• Practical knowledge of networks, operating systems, and scripting for investigative purposes.
• Experience in leading technical initiatives and driving service maturity improvements.
• Demonstrated ability to coach and develop team members, fostering technical excellence.

Desirable

• GIAC certifications
• Other relevant certifications such as CISSP or CISM will be considered.
• A relevant degree, with professional experience.