L2 SOC Analyst

Job Title: Level 2 SOC Analyst (Microsoft Stack)

Location: Remote-First (1 day per week in Midlands Office)

Salary: Up to £43,000 per annum

Working Hours: 9:00 AM - 5:00 PM (Monday to Friday)

Client: Client Name , a leading organization in the utilities sector

Our client, a prominent organization within the utilities space, is seeking a proactive and skilled Level 2 SOC Analyst with expertise in the Microsoft stack to join their Security Operations Center (SOC) team. This is a remote-first role with one day per week in the Midlands office. The Level 2 SOC Analyst will be responsible for investigating and responding to advanced security incidents, leveraging Microsoft-based security tools and platforms, and collaborating with other teams to ensure the protection of critical infrastructure and data.

• Incident Investigation & Response:

  • Analyze and investigate security alerts from Microsoft security tools (e.g., Microsoft Sentinel, Defender for Endpoint, Microsoft Defender for Identity, etc.).

  • Perform in-depth analysis of security incidents to assess impact and severity, including handling incidents such as malware infections, phishing attacks, insider threats, and more.

  • Escalate and coordinate response efforts with senior analysts and management as necessary.

• Microsoft Stack Security Management:

  • Utilize Microsoft security tools, including Microsoft Sentinel (SIEM), Defender for Endpoint, Defender for Identity, and other Microsoft security solutions, to monitor, detect, and respond to security threats.

  • Manage, configure, and fine-tune Microsoft security tools to optimize detection capabilities and reduce false positives.

• Threat Monitoring & Intelligence:

  • Monitor and analyze logs, network traffic, and system behavior using Microsoft-based security technologies to identify potential security risks and anomalous activities.

  • Integrate threat intelligence feeds into Microsoft security platforms to enhance threat detection and incident response capabilities.

  • Stay informed about the latest threats, vulnerabilities, and trends relevant to the utilities industry.

• Collaboration & Communication:

  • Collaborate closely with Level 1 SOC analysts, IT teams, and other stakeholders to ensure timely response to security incidents and proactive threat hunting.

  • Communicate effectively with both technical and non-technical stakeholders, providing detailed incident reports and status updates.

  • Mentor and support junior team members, contributing to their skill development and knowledge.

• Reporting & Documentation:

  • Document and log all security incidents, investigations, and responses accurately, ensuring compliance with internal processes and industry standards.

  • Prepare and present incident reports, including detailed analyses, to management and stakeholders.

  • Conduct post-incident reviews to identify lessons learned and improve future response efforts.

• Continuous Improvement:

  • Contribute to the development of incident response procedures and playbooks to ensure best practices and standardized processes.

  • Participate in regular training and development to stay current with Microsoft security technologies, industry best practices, and emerging threats.

• Education & Experience:

  • Bachelor's degree in Cybersecurity, Information Technology, or related field (or equivalent experience).

  • 2+ years of experience in a Security Operations Center (SOC) role, specifically with Microsoft security tools and platforms (e.g., Microsoft Sentinel, Defender, etc.).

  • Experience in a security monitoring and incident response capacity within an enterprise environment, ideally in the utilities or similar critical infrastructure sectors.

• Skills & Competencies:

  • Proficient in Microsoft security technologies, including Microsoft Sentinel (SIEM), Defender for Endpoint, Defender for Identity, and other Microsoft-based security solutions.

  • Strong understanding of security protocols, networking, and systems architecture (e.g., TCP/IP, DNS, HTTP/S).

  • Experience in performing log analysis, identifying indicators of compromise (IoCs), and handling security events within Microsoft environments.

  • Ability to respond to and mitigate security incidents, including malware, phishing, and network intrusions.

  • Strong communication and documentation skills, with the ability to provide clear reports to stakeholders.

  • Ability to work independently and manage multiple priorities in a fast-paced environment.

• Certifications (Preferred but not required):

  • Microsoft Certified: Security Operations Analyst Associate (Exam SC-200).

  • CompTIA Security+, Certified Information Systems Security Professional (CISSP), or other relevant security certifications.

  • GIAC Security Essentials (GSEC) or Certified Ethical Hacker (CEH).

• Strong problem-solving and analytical abilities, with attention to detail.

• Ability to work under pressure and handle high-stress situations effectively.

• A collaborative mindset with the ability to work closely with cross-functional teams.

• A passion for cybersecurity and staying up-to-date with the latest trends and threats.