Cyber Operations Senior Engineer

About the Role

The Softcat Cyber Operations teams provides our customers with cyber security monitoring, analysis, assessment and remediation. It is our job to design and deploy effective security monitoring and assessment tools into customer IT systems to provide monitoring and detection capabilities against cyber threats. Our Engineering team is responsible for ensuring these tools are properly configured, deployed and maintained to deliver the service effectively.

• Work with customers and internal stakeholders to identify development and improvement opportunities and continually evaluate our cyber practices and capabilities to increase effectiveness and timeliness of the service.
• Provide on‑call support alongside other senior team members as part of a continuous on‑call rota.
• Work as a senior member of Engineering, designing and developing security tooling, automation, best practice and efficiency across the platforms in use and surrounding technical practices.
• Deliver end‑to‑end SIEM/Sentinel engineering by onboarding customers, configuring data connectors, integrations, KQL, automation, dashboards and reporting.
• Drive continual tuning, enrichment and optimisation across Sentinel and align with other SIEM tools.

• Knowledge and understanding of incident response frameworks such as NIST CSF, SOC2 or equivalent.
• Knowledge and understanding of information security architecture and IT security policies relevant to logging (secure transport, retention, privacy by design).
• Organised, with strong communication skills both written and oral, and the ability to translate and deliver technical information (standards, runbooks, feed specs) to a non‑technical audience.
• Customer focused and proactive in resolving technical issues and challenges.
• Prior experience working within a Managed Service Provider or MSSP organisation is strongly preferred. Candidates who have performed a similar role but not necessarily in a SOC will be considered.
• Experience with other SIEM and related information security management platforms desirable, such as Alien Vault, Elastic, EDR/MDR tools, vulnerability management platforms etc.
• Demonstrable knowledge of SIEM data modelling, event normalization, and enrichment strategies.
• Ability to perform requirements analysis and use case modelling to define logging/integration needs for new and evolving services.
• Strong experience working with KQL, ADX, data connectors, Git Hub and other components of MS Sentinel.

• Competitive salary and benefits package.
• Hybrid working – 2 days in the office and 3 days working from home.
• Flexibility in working hours.
• Flexibility around school pick‑up and drop‑offs.
• Pension.
• Share incentive plan.
• Life Assurance.
• Holiday.
• Trips.
• Vouchers.
• Partner/family Benefits.
• Maternity, Paternity and Adoption support.
• Support and adjustments for disabilities or neurodiversity.