Microsoft Security Operations Centre; SOC Analyst - T2 & T3

Microsoft Security Operations Centre (SOC) Analyst - T2 & T3

Security Clearance Required

Preferred Location - Newcastle

The SOC Analyst Team operates as a next‑generation, intelligence‑led Security Operations function, designed to deliver high‑quality, scalable 24x7 security monitoring and response.

All SOC analysts participate in a 24x7 shift model, ensuring uninterrupted service coverage, while also contributing to detection improvement, automation feedback, and service optimisation when operational demand allows.

Technology Primary - Microsoft Sentinel & Service Now.

Tier 2 SOC Analysts represent the primary human analysis function, responsible for investigating escalated alerts and incidents that require human judgement, contextual understanding, and analytical depth.

• Perform deep investigation of escalated alerts and incidents from automated Tier 1 workflows
• Validate threats, scope impact, and determine severity using contextual analysis
• Investigate across multiple data sources, including:
  • SIEM
  • EDR / XDR
  • Identity and authentication telemetry
  • Cloud and SaaS platforms
• Coordinate and execute response actions in line with:
  • Defined playbooks
  • Client‑specific requirements
  • Incident response procedures
• Maintain clear, high‑quality investigation documentation and handover notes

• Operate as part of a 24x7 shift rota
• Maintain accountability for investigation accuracy and quality
• Escalate complex or ambiguous cases to Tier 3 appropriately
• Provide structured feedback into:
  • Detection tuning
  • Alert quality improvements
  • Automation optimisation

When operational demand allows, Tier 2 analysts are expected to contribute insight time to platform improvement activities, supporting the Platform Automation Lead through:

• Identification of repeatable investigation patterns
• Feedback on automation opportunities
• Playbook refinement and improvement
• Detection logic tuning recommendations

Tier 3 analysts provide advanced security expertise and escalation handling, focusing on complex, high‑risk, or ambiguous security incidents and ensuring consistent investigation quality across the SOC.

• Handle escalations involving:
  • High‑impact or business‑critical incidents
  • Advanced or evasive attacker techniques
  • Ambiguous or novel threat behaviour
• Conduct advanced threat analysis, including:
  • Attacker behaviour and intent assessment
  • Cross‑incident correlation
  • Campaign and intrusion analysis
• Provide oversight and quality assurance of Tier 2 investigations
• Lead complex incident response coordination where required

• Participate in 24x7 escalation coverage, via on‑call or senior shift roles
• Act as a technical mentor to Tier 2 analysts
• Support analyst development through coaching and investigative guidance
• Set investigation and response quality standards across the SOC

Like Tier 2, Tier 3 analysts are expected to provide structured feedback into platform and automation initiatives, working indirectly with the Platform Automation Lead to:

• Improve detection fidelity
• Reduce repeat incident patterns
• Increase automation coverage over time
• Ensure complex incidents inform long‑term service improvement