Security Operations (SOC)

Role Overview

This role supports Security Operations Centre (SOC) activities, including monitoring, investigation, threat hunting, and incident response. The resource operates as a second line of defence, translating alerts into actionable findings and improving detection capability.

Core Responsibilities

• Perform L2 triage and investigation of security alerts across SIEM, EDR/XDR, email, identity, network, and cloud platforms
• Correlate events to identify root cause, scope, and impact of security incidents
• Investigate phishing, malware, account compromise, and unauthorised access cases
• Conduct proactive threat hunting using threat intelligence and MITRE ATT&CK
• Support containment, remediation, and recovery activities
• Contribute to SOC improvements (playbooks, detection tuning, onboarding of new tools)

Core Requirements

• Degree or Diploma in Cybersecurity, IT, or related field
• At least 3 years of experience in SOC operations or incident response (L2 preferred)
• Experience with SIEM, EDR/XDR, and cloud or identity security tools
• Strong understanding of attack chains, MITRE ATT&CK, and threat analysis
• Demonstrated hands-on experience in incident investigation or threat hunting
• Ability to operate independently in a SOC environment