Senior Security Operations / Incident Response - #1676935

Senior L2 Security Operations / Incident Response x2

Base earnings to £50,000 + £4k in Bonuses +

*Pure Remote (UK Only)

Leading Microsoft Managed Security Partner + MISA Member/Awards Finalist

**UK Only**

High level overview:

Essentially a Microsoft Security Operations Engineer/Incident Analyst with advanced L2 and Incident Response skills

This is a highly technical role in a Microsoft Security Partner with an incredible reputation inside Microsoft. on your work environments as this requires more than most! Based remote in the main plus a single site in either Manchester, Birmingham or Marlow for only a handful of days a month on site. SC Level Security clearance will be provided (*5 years minimum in the UK only to pass clearance). You'll review security incidents occurring in their customers' environments, alerting them to malicious activities and working with them to investigate and remediate the incidents to resolution.

The Company:

You will work for one of Microsoft UK's deepest embedded partners in their Managed XDR Security Operations Center (SOC) team. They deliver Microsoft security services and solutions among other services, into enterprise customers across Commercial, Public Sector, Government and Microsoft fronted critical national infrastructure focusing on Microsoft Safe XDR SOC services for Sentinel, Defender and more!

They're also a Microsoft Security Solutions Partner (with all 6 solutions partner designations in total), have multiple Microsoft Advanced specializations including all the security ones, and have a Microsoft certified MXDR SOC. A Microsoft Intelligent Security Association (MISA) member they are one of the biggest names in IT Services in the UK with a multi award winning culture built around the values of its people.

The role...

As a Senior level SOC incident response expert in the Microsoft Security operations team, you'll be responsible for:

• Monitoring for security alerts from Security Platforms, primarily Microsoft Sentinel/Defender. Providing advanced second line security incident management and analysis to the customers through effective monitoring, reporting, and technical guidance for successful resolution


• Maintaining high levels of ownership through the security incident lifecycle


• Documenting and managing cases to utilise information for customers reports, providing insight and intelligent recommendations


• Interfacing with our customers to resolve issues, provide additional information, and answer questions related to incidents and monitoring


• Maintaining high quality security incident resolution and performance adherence


• Identifying and reporting tuning and automation opportunities

Ideally you will have...

• Experience working in a Microsoft MDR/XDR SOC,


• Preferably MSSP environment experience, although if you've previously been in busy end customer SOC environment this will be considered


• The ability to dynamically assess risks, threats & threat actors for new and existing customers


• KQL (Kusto Query Language) experience


• Cyber qualifications such as the Microsoft SC-200 or related certs


• Previous experience with SIEM tools including Microsoft Sentinel (and Defender /XDR environments)


• Familiarity with cyber security concepts and their application in different business environments


• Detail orientated, with excellent communication skills and the ability to take a structured approach to procedures and working instructions for incident response/resolution