FreeHire

Avanade

Microsoft Security Operations Centre (SOC) Analyst – T2 & T3

Show

Microsoft Security Operations Centre (SOC) Analyst – T2 & T3

(Security Clearance Required)

Preferred Location - Newcastle

Job Description

The SOC Analyst Team operates as a next‑generation, intelligence‑led Security Operations function, designed to deliver high‑quality, scalable 24×7 security monitoring and response.

All SOC analysts participate in a 24×7 shift model, ensuring uninterrupted service coverage, while also contributing to detection improvement, automation feedback, and service optimisation when operational demand allows.

Tier 2 – SOC Analyst

Technology Primary – Microsoft Sentinel & Service Now.

Role Purpose

Tier 2 SOC Analysts represent the primary human analysis function, responsible for investigating escalated alerts and incidents that require human judgement, contextual understanding, and analytical depth.

Key Responsibilities

  • Perform deep investigation of escalated alerts and incidents from automated Tier 1 workflows

  • Validate threats, scope impact, and determine severity using contextual analysis

  • Investigate across multiple data sources, including:

    • SIEM

    • EDR / XDR

    • Identity and authentication telemetry

    • Cloud and SaaS platforms

  • Coordinate and execute response actions in line with:

    • Defined playbooks

    • Client‑specific requirements

    • Incident response procedures

  • Maintain clear, high‑quality investigation documentation and handover notes

Operational Expectations

  • Operate as part of a 24×7 shift rota

  • Maintain accountability for investigation accuracy and quality

  • Escalate complex or ambiguous cases to Tier 3 appropriately

  • Provide structured feedback into:

    • Detection tuning

    • Alert quality improvements

    • Automation optimisation

Continuous Improvement Contributions

When operational demand allows, Tier 2 analysts are expected to contribute insight time to platform improvement activities, supporting the Platform Automation Lead through:

  • Identification of repeatable investigation patterns

  • Feedback on automation opportunities

  • Playbook refinement and improvement

  • Detection logic tuning recommendations

    .

    Tier 3 – Senior SOC Analyst / Incident Specialist

    Role Purpose

    Tier 3 analysts provide advanced security expertise and escalation handling, focusing on complex, high‑risk, or ambiguous security incidents and ensuring consistent investigation quality across the SOC.

    Key Responsibilities

    • Handle escalations involving:

      • High‑impact or business‑critical incidents

      • Advanced or evasive attacker techniques

      • Ambiguous or novel threat behaviour

    • Conduct advanced threat analysis, including:

      • Attacker behaviour and intent assessment

      • Cross‑incident correlation

      • Campaign and intrusion analysis

    • Provide oversight and quality assurance of Tier 2 investigations

    • Lead complex incident response coordination where required

    Leadership & Mentorship

    • Participate in 24×7 escalation coverage, via on‑call or senior shift roles

    • Act as a technical mentor to Tier 2 analysts

    • Support analyst development through coaching and investigative guidance

    • Set investigation and response quality standards across the SOC

    Platform & Automation Feedback

    Like Tier 2, Tier 3 analysts are expected to provide structured feedback into platform and automation initiatives, working indirectly with the Platform Automation Lead to:

    • Improve detection fidelity

    • Reduce repeat incident patterns

    • Increase automation coverage over time

    • Ensure complex incidents inform long‑term service improvement

      .