Senior SOC Analyst

The Senior SOC Analyst is responsible for managing and maintaining the security operations centre’s day-to-day activities, including mentoring, supervising and developing SOC staff, developing and implementing security protocols, and ensuring the detection, analysis, response and resolution of security incidents. The role requires leadership in incident response, detection engineering, threat intelligence, and vulnerability management, while collaborating with other teams across the business to ensure enterprise-wide security measures are effective

Key responsibilities for this role may include:

Leadership and Team Management:

• Lead and manage a team of SOC analysts and security engineers, ensuring operational excellence and maintaining high levels of motivation.
• Create and maintain shift schedules for the SOC team to ensure continuous coverage.
• Develop and implement training programs to enhance the team’s skill set and knowledge in cybersecurity best practices.
• Conduct performance evaluations, mentoring, and career development for SOC staff.

Incident Management:

• Lead the incident response process, ensuring that security incidents are properly identified, triaged, investigated, and resolved.
• Develop and refine incident response procedures, playbooks, and escalation protocols.
• Coordinate with internal stakeholders (e.g., Service Desk, Security Assurance, Customer Success Managers) to respond to security incidents.
• Ensure that all incidents are properly documented and that lessons learned are integrated into security processes.

Threat Hunting and Intelligence

• Conduct and support proactive threat hunting based on current and emerging threats across multiple SIEM platforms.
• Integrate threat intelligence into SOC operations.
• Contributing to threat intelligence sharing within the organisation and with external partners.

Threat Monitoring and Detection:

• Oversee real-time security monitoring activities to detect potential security threats or vulnerabilities.
• Ensure the proper configuration and use of security tools, such as SIEM (Security Information and Event Management) systems, intrusion detection systems (IDS), and firewalls.
• Collaborate with other security and IT teams to identify and mitigate risks proactively.
• Detection engineering – creation, tuning and optimisation of SIEM rules to effectively detect current and emerging threats.
• Performing or supporting in-depth forensic analysis on potentially compromised systems.

Strategic Planning and Process Improvement:

• Develop SOC strategies, policies, and procedures to improve overall security operations and incident response capabilities.
• Ensure continuous improvement of SOC operations through regular assessments, audits, and performance reviews.
• Stay current on the latest cyber security trends, threats, and technology developments to inform security strategy and improvements.
• Manage relationships with external partners, vendors, and customers.

Compliance and Reporting:

• Ensure compliance with industry standards, regulations, and internal security policies.
• Prepare regular reports and metrics for senior management and Service Review boards on SOC operations, incidents, and overall security posture.
• Ensure that logs, reports, and evidence are maintained in a way that supports regulatory and legal requirements.

Budget and Resource allocation:

• Develop and manage the SOC budget, ensuring efficient use of resources and optimal tool set performance.
• Recommend investments in security technologies and upgrades based on risk assessments and identified gaps.