Cyber Security Operations Engineer

Flexible Remote - occasional on-site visits required

12-month FTC, with a view to move into permanent contract

We’re urgently looking for an SC-cleared SOC Engineer to support a UK public sector organisation as part of an established security operations team.

The initial focus will be hands‑on operational support, helping manage alerts, incidents and SOC capacity. As the engagement progresses, the role will evolve to support improvements across the SOC, including greater use of automation, enhanced SIEM capability, and strengthening overall security posture.

• Monitoring and analysing security alerts and events from SIEM platforms
• Investigating and triaging security incidents, escalating where appropriate
• Responding to incidents in line with established playbooks
• Analysing logs and network traffic to identify anomalies and threats
• Supporting containment, eradication and recovery activities
• Conducting root cause analysis and documenting findings
• Performing proactive threat hunting and leveraging threat intelligence feeds
• Supporting the adoption of SOAR and improved use of SIEM tooling

• Active SC clearance
• Strong understanding of TCP/IP, DNS, HTTP/S and common network protocols
• Solid knowledge of Windows and Linux operating systems
• Experience with security frameworks such as MITRE ATT&CK, NIST or ISO 27001
• Hands‑on experience with SIEM tools (e.g. Microsoft Sentinel, Splunk, QRadar)
• Experience with EDR tools such as Crowd Strike or Carbon Black
• Comfortable working in live operational SOC environments