Level 3 SOC Analyst

Job Description:

Level 3 SOC Analyst Overview

We are seeking an experienced Level 3 SOC Analyst to play a critical role in defending the organisation against sophisticated cyber threats. As part of the Security Operations Centre (SOC), you will act as the senior escalation point for complex incidents, mentor junior analysts, and contribute to the continuous improvement of detection and response capabilities.

This role requires deep technical expertise across threat hunting, digital forensics, and incident response, along with the ability to lead investigations, support containment and remediation, and collaborate with stakeholders across the wider security function.

• Act as the senior escalation point for complex security incidents, providing advanced investigation and analysis.
• Lead incident response activities including containment, eradication, recovery, and post-incident reporting.
• Conduct proactive threat hunting across enterprise environments, identifying anomalous behaviour and emerging threats.
• Perform digital forensics and malware analysis on compromised hosts, network traffic, and logs to establish root cause.
• Mentor and guide Level 1 and Level 2 analysts, providing technical expertise and knowledge transfer.
• Develop, tune, and optimise SIEM rules, detection logic, and use cases to improve threat visibility.
• Conduct regular assessments of SOC processes and contribute to playbook and runbook development.
• Support red team/blue team exercises, pen testing, and purple teaming activities where required.
• Stay current with the latest threat intelligence, TTPs, and attack methodologies, feeding insights into the SOC.
• Prepare detailed incident reports and deliver findings to technical and non-technical stakeholders.

• Proven experience working in a SOC environment with escalation responsibilities (Level 2/3 Analyst or equivalent).
• Strong knowledge of SIEM, EDR, IDS/IPS, and SOAR platforms.
• Deep understanding of threat detection, digital forensics, and incident response methodologies.
• Hands‑on experience with Windows, Linux, cloud, and network investigations.
• Familiarity with frameworks such as MITRE ATT&CK, NIST, and ISO 27001.
• Ability to analyse and interpret complex datasets, logs, and alerts.
• Excellent communication skills, with the ability to translate technical findings into actionable outcomes.
• Relevant certifications (e.g., GCIA, GCIH, GCFA, GNFA, OSCP, CREST CRT, CISSP, or equivalent) are highly desirable.

• Competitive salary (DOE) with strong pension contributions.
• Flexible working arrangements (remote and hybrid options).
• Access to a wide range of employee benefits, including health and wellbeing initiatives, insurance, and professional development opportunities.