Remote L3 SOC Analyst - Microsoft XDR​/Defender​/Sentinel

Robert Walters Operations Limited is an employment business and welcomes applications from all candidates

• Lead and manage high‑severity security incidents from identification through containment, eradication, recovery, and post‑incident reporting
• Perform advanced threat hunting using Microsoft Defender XDR, Sentinel, KQL, and other telemetry sources to identify emerging threats, anomalous behaviour, and undetected malicious activity
• Develop, tune, and maintain Sentinel analytics rules, workbooks, playbooks (Logic Apps), and custom detection use cases to improve SOC detection capability
• Act as a subject matter expert for the Microsoft security ecosystem, including Defender for Endpoint, Office 365, Identity, Cloud Apps, Defender for Cloud, and Azure security controls
• Create and maintain Kusto Query Language (KQL) queries, automation workflows, and enrichment logic to enhance detections and investigation efficiency
• Support purple‑team activities, threat modelling, and attack‑simulation scenarios aligned to MITRE ATT&CK
• Provide technical escalation support and mentorship to L1/L2 SOC analysts
• Perform root‑cause analysis, identify systemic issues, and drive continuous improvement across SOC processes.
• Collaborate with engineering, cloud, and cybersecurity teams to enhance log ingestion, telemetry quality, and SIEM/SOAR architecture
• Produce clear, structured incident reports, threat briefs, and stakeholder updates

• Extensive hands‑on experience with Microsoft Sentinel (SIEM) and Microsoft Defender XDR (formerly M365 Defender)
• Strong proficiency in KQL, analytic rule creation, hunting queries, custom detection engineering, and automation
• Deep understanding of Windows, Azure AD / Entra , M365, network security, and cloud workloads
• Advanced knowledge of attacker TTPs, threat intelligence sources, and MITRE ATT&CK mapping
• Proven experience leading major incidents in an enterprise SOC environment
• Strong understanding of SOAR automation and experience building Logic Apps‑based playbooks
• Ability to interpret log data from diverse sources and build correlation logic that reduces false positives
• Experience with Power Shell, Python, or tooling integration for enrichment and automation (are strong advantages)
• Familiarity with EDR tuning, threat intelligence platforms, and cloud workload security (Azure/AWS/GCP)
• Excellent analytical, documentation, and communication skills

• Contract Type:
  Temporary
• Focus:
  Information Security
• Workplace Type:
  Remote
• Experience Level: Associate
• Location:
  
  London
• Salary: £450 - £500 per day
• Specialism:
  Technology & Digital
• Industry: FMCG

Job Reference: 4

FVVPN-6

EEE1E0E

Date posted: 16 February 2026