Security Operations Engineer

About Us

Evalian is a UK based consultancy specialising in cyber security, penetration testing, data protection and ISO compliance. We are excited to be expanding our cyber security offering to encompass managed security services, specialising in security monitoring, threat detection, and response. As we expand, we are looking for a skilled and motivated SOC Engineer to help strengthen our security operations capabilities. This role is ideal for someone who enjoys building security detection capabilities, automating processes, and enhancing security monitoring capabilities.

As a Security Operations Engineer, you will be responsible for developing and fine‑tuning security detection rules, integrating customer data sources, building security processes and documentation, and developing automation workflows to enhance SOC efficiency. In addition, you will provide occasional support to SOC monitoring activities, assisting in incident analysis and response.

• Develop, optimise SIEM detection analytical rules, correlation rules and dashboards.
• Onboard and integrate log data sources, ensuring log collection, parsing, and normalisation.
• Assist in creation and maintenance of security processes, playbooks, and documentation to standardise SOC operations.
• Design and implement automation workflows and integrations using Logic Apps, SOAR platforms, and scripting to enhance SOC efficiency.
• Assist in the monitoring and investigation of security alerts when required, supporting the SOC team.
• Contribute to the rollout, integration and maintenance of security tools and platforms as required.
• Participate in an on‑call rotation to provide out-of-hours support.
• Stay updated with the latest security threats, vulnerabilities, and trends to improve detection capabilities.

Essential:

• Experience working with Microsoft Sentinel, Defender XDR, and/or other SIEM/XDR solutions.
• Strong understanding of log collection, parsing, and correlation for security monitoring.
• Experience in developing KQL queries, custom detection rules.
• Familiarity with automation and integration tools such as Logic Apps, Power Automate, or other SOAR platforms.
• Knowledge of cloud security, particularly Azure, AWS, and Google Cloud.
• Excellent documentation skills and process‑building capabilities.
• Great communication skills and ability to work collaboratively in a team.

• Security certifications such as Microsoft SC‑200, AZ‑500 or similar.
• Knowledge of integrating security tools with Jira Service Management or similar ITSM tools for streamlined incident tracking.

• Opportunities to work on cutting‑edge security technologies and automation projects.
• Flexible work environment.
• A collaborative and engaging workplace with regular team collaboration and knowledge sharing sessions.
• BBQ Thursdays!

The salary will depend on your experience and qualifications but will be in the range of £40,000 – £50,000 plus benefits. All employees get 25 days of annual leave per year plus birthday day off and access to our pension scheme. Benefits include private medical insurance, dental cashback, optical cashback and life insurance cover. We are happy to hear from candidates who are interested but whose experience and qualifications exceed the specification and justify a higher salary range.

If this applies, please include a cover letter with your CV along with your salary expectations.

The role is office / hybrid based in our Winchester office. From time to time, you may also be asked to attend client sites, or we may request you attend our offices or events for various purposes, but we’ll always provide you with advance notice. Travel expenses will be reimbursed. Whenever home based, you’ll need to have a dedicated, secure working area and reliable internet connection.

We are not working with agencies at this time. Thank you.

Apply For Job