Your new company

Your new role

You’ll operate within a mature Security Operations Centre (SOC), focused on real-time threat monitoring, detection engineering, and incident response. This role will play a key part in evolving the organisation’s SIEM capability, with a strategic shift from Splunk to Microsoft Sentinel.

• Perform continuous security event monitoring, triage, and analysis across enterprise environments
• Engineer and tune use cases, correlation rules, and analytics within Microsoft Sentinel (Azure-native SIEM/SOAR)
• Conduct incident detection, investigation, and response (IR), including root cause analysis and remediation
• Monitor and optimise security controls, including endpoint, network, identity, and cloud telemetry
• Leverage threat intelligence to enhance detection capability and reduce false positives
• Support the migration and optimisation of SIEM pipelines from Splunk to Sentinel
• Align SOC processes with NIST Cybersecurity Framework (CSF) and incident response best practices

What you'll need to succeed

• Proven experience in a SOC
• Strong hands-on expertise with SIEM platforms (Microsoft Sentinel, Splunk, or similar)
• Solid understanding of incident response lifecycle, including containment, eradication, and recovery
• Exposure to MITRE ATT&CK framework, threat hunting, and adversary tactics/techniques
• Familiarity with security monitoring across hybrid/cloud environments (Azure preferred)
• Working knowledge of NIST frameworks and defensive security controls

What you need to do now