Senior SOC Engineer

MTI provides award-winning,
end-to-end technology solutions and services in cyber security and data centre for over 35 years. MTI has 250+ staff, with offices across the UK, France and Germany. MTI was acquired by Ricoh in 2020 as part of their transformation into a global digital services company. As part of the Ricoh family, MTI benefits from access to a much broader set of specialist IT services and significant technical resources available on a global scale.

More information can be found at

Contract:

Permanent

As a Senior SOC Engineer within our Managed Security Services team, you will play a critical role in delivering security operations across a portfolio of customer environments. You will be responsible for leading advanced threat detection, incident response, onboarding of new customers, and managing the transition of services into business‑as‑usual (BAU) support. This role requires hands‑on experience with SIEM, EDR, automation tooling, and a deep understanding of delivering cybersecurity services in an MSP setting.

• Lead technical onboarding for new customers joining the managed service, ensuring a smooth transition into operational support.
• Work with customers and internal stakeholders to define onboarding scope, required access, and configuration timelines.
• Set up secure remote access (e.g., Azure Lighthouse, delegated access) and ensure correct identity and access permissions are in place.
• Ingest new log and telemetry sources into the SIEM platform (Microsoft Sentinel, Splunk, etc.) and validate data visibility and parsing.
• Perform configuration and health validation checks across SIEM and EDR environments post‑onboarding.
• Create and maintain onboarding documentation, playbooks, and configuration baselines for repeatable service delivery.

• Monitor security alerts and events from SIEM platforms, EDR solutions, and other security tools.
• Analyse logs, network traffic, and endpoint data to identify potential security incidents.
• Tune and optimize detection rules to reduce false positives and improve threat detection accuracy.

• Conduct in‑depth investigations of security incidents to determine root cause, scope, and impact.
• Perform analysis on compromised systems, malware, and other indicators of compromise (IOCs).
• Coordinate with client IT teams and stakeholders to contain and remediate incidents.
• Document incidents, including timelines, actions taken, and lessons learned.

• Leverage threat intelligence feeds and platforms to stay informed about emerging threats and attack techniques.
• Proactively hunt for threats and anomalies within client environments using advanced tools and techniques.
• Develop and share actionable threat intelligence with clients and internal teams.

• Generate detailed reports and provide regular updates to clients and internal stakeholders.
• Present findings and recommendations to technical and non‑technical audiences.
• Maintain accurate documentation of incidents, investigations, and response activities.

• Mentor and guide junior SOC analysts, providing training and knowledge sharing.
• Collaborate with other team members to enhance overall security posture.
• Participate in SOC process improvement initiatives and contribute to the development of playbooks and runbooks.

• Manage and maintain SOC tools, including SIEM, EDR, and threat intelligence platforms.
• Develop and implement automation scripts and workflows to improve SOC efficiency.
• Stay current with the latest security technologies and recommend enhancements to the SOC toolset.

• Proficiency with SIEM tools (e.g., Microsoft Sentinel, Level Blue USM), EDR platforms (e.g., Defender for Endpoint, Trend Micro Vision One), and log management.
• Experience with KQL, Power Shell, or similar languages to automate detection and operational tasks.
• Strong understanding of network protocols, log analysis, and threat actor behaviour.
• Solid understanding of security frameworks such as NIST, CIS, ISO 27001, and MITRE ATT&CK.
• Strong communication and presentation skills.
• Ability to manage multiple stakeholders and priorities.
• Leadership and mentoring capabilities.
• Attention to detail and commitment to continuous improvement.

• 5+ years proven experience working in a Managed Security Service Provider (MSSP/MSP) environment.
• Strong understanding of customer onboarding lifecycle, access provisioning (e.g., Azure Lighthouse), and managed detection and response delivery.
• Client‑facing experience in a security advisory capacity.