Senior SOC Analyst - Systems Integrator

Ready to take charge of enterprise servers, cloud environments, and critical infrastructure?

Join a managed IT and cybersecurity team as a Senior SOC Analyst, serving as an escalation point for complex incidents, mentoring junior analysts, and contributing to the evolution of our managed security strategy across endpoint, email, identity, cloud, and vulnerability management services. With a human-first approach that prioritises reliability and responsiveness, this opportunity offers exposure to real-world security challenges and the chance to deliver tangible, measurable impact for clients. This position blends hands-on technical investigation with strong service delivery discipline, customer-facing communication, and operational excellence in a 24/7 SOC environment.

Key Responsibilities:

• SOC MONITORING, DETECTION & ADVANCED TRIAGE:
  • Perform advanced investigation of security escalations across SIEM, XDR, EDR, email, identity, cloud, and network telemetry
  • Act as an escalation point for Tier 1 analysts
  • Create and update runbooks for Tier 1 analysts to execute
  • Automate routine processes to improve efficiency
• INCIDENT RESPONSE & FORENSICS:
  • Lead end-to-end incident response including containment and remediation
  • Execute active response actions such as endpoint isolation when authorized
  • Perform forensic analysis to determine root cause and remediation in collaboration with IT Support team
  • Produce root cause analysis and lessons learned reports
• SECURITY PROGRAMS AND SERVICES:
  • Support delivery of phishing simulations and awareness programs
  • Analyze phishing trends and user behavior to tailor protection capabilities
  • Review dark web escalations related to exposed credentials, and drive credential containment actions if required
  • Investigate and respond to phishing and BEC campaigns
  • Recommend and apply email security posture improvements
  • Investigate endpoint alert escalations
  • Coordinate containment and remediation actions
  • Manage and investigate DLP incidents and configurations
  • Recommend and execute policy tuning for platforms
  • Support identity security hardening initiatives
  • Support vulnerability scanning and remediation tracking, prioritization, and remediation
  • Monitor, investigate, and respond to security alerts generated from perimeter network security controls including firewalls, VPN gateways, web application firewalls (WAF), and remote access solutions
  • Perform advanced triage of perimeter-related alerts such as intrusion attempts, anomalous traffic patterns, blocked exploit attempts, suspicious VPN activity, and unauthorized access attempts
  • Correlate firewall, VPN, and WAF telemetry with endpoint, identity, email, and cloud signals to determine attack scope, intent, and progression
  • Support active incident response involving perimeter controls by:
  • Recommending or executing temporary containment actions (e.g., IP blocking, geo-restrictions, access revocation) in accordance with client authorization and established playbooks
  • Coordinating rapid response during active exploitation, brute force, or reconnaissance activity
  • Investigate and validate web-based attacks including SQL injection, cross-site scripting (XSS), credential stuffing, and application-layer abuse observed through WAF telemetry
  • Review firewall and perimeter security events during incident investigations to identify initial access vectors, lateral movement paths, or command-and-control activity
  • Provide actionable recommendations to improve perimeter security posture
• MENTORSHIP & OPERATIONS:
  • Mentor Tier 1 analysts
  • Contribute to SOC process improvements
  • Collaborate with IT Support and other functions
• AVAILABILITY:
  • Participate in on-call rotation for 24/7 SOC coverage

Requirements:

• Excellent oral and written communication skills
• Up to date technical certifications and skills
• Security compliance knowledge
• 5+ years of experience in SOC, MDR, or incident response roles, preferably in an MSSP environment
• Experience operating in a multi-tenant SOC supporting multiple customer environments
• Strong working knowledge of SIEM/XDR, EDR, email security, identity security, and vulnerability management
• Ability to work outside standard business hours and participate in an on-call rotation
• Remote work readiness with a professional and secure workspace

Salary:

• Competitive Salary based on experience.