Senior/Principal SOC Analyst

About the Role

We are looking for a highly skilled Senior or Principal SOC Analyst to play a key role in the detection, investigation, and response to advanced cyber threats within our Security Operations Centre. This role requires deep technical expertise, strong investigative instincts, and the ability to mentor others while driving the maturity of the SOC’s threat detection and response capabilities.

You will work closely with our SOC leadership, engineering and analyst teams, leveraging platforms such as Elastic SIEM, Microsoft Sentinel, Defender for Endpoint, CrowdStrike Falcon, and MISP. You will also influence playbook design, threat hunting strategy, and the continuous tuning of detection logic.

Key Responsibilities

• Lead complex incident investigations from triage to remediation and post-incident review.
• Act as the analyst “goto” for questions, support and specialist analytical expertise.
• Guide and mentor junior analysts, providing technical leadership during incidents
• Work with the analyst team to ensure proactive threat hunting using SIEM, EDR, and threat intel sources covers the pyramid of pain, and develops analysts into threat hunting beyond IoC’s.
• Analyse and validate security alerts, refining detection rules in collaboration with engineers.
• Correlate signals from multiple platforms (e.g., EDR, network, cloud, identity) to identify adversary techniques (MITRE ATT&CK).
• Leverage threat intelligence (including MISP) to enrich investigations and build contextual awareness.
• Contribute to detection use case development, helping to identify gaps in coverage and recommend improvements.
• Support the evolution of incident response playbooks and knowledge base articles.
• Collaborate with other teams to support vulnerability management, purple teaming, and security awareness activities.
• Participate in the on-call rotation for high-priority escalations

Required Experience

• 4+ years working in a SOC or cyber defence team, with demonstrable experience leading high-impact investigations.
• Strong working knowledge of:

• SIEM: Elastic Stack (Kibana, Logstash), Microsoft Sentinel
• EDR: Microsoft Defender for Endpoint, CrowdStrike Falcon, Elastic Defend
• Threat Intel: MISP (querying, correlation, pivoting)
• SOAR: Jira automations, Azure logic apps and logic functions
• Security Frameworks: MITRE ATT&CK, NIST, Cyber Kill Chain

• Proficiency in interpreting logs from systems, endpoints, cloud services (e.g., Azure, M365), and network sources.
• Experience using threat intelligence to contextualise alerts and enhance response decisions.
• Experience in developing and utilising hypothesis, analysis and iteration to drive results from threat hunting across the pyramid of pain.
• Familiarity with threat hunting methodologies and anomaly detection approaches.
• Ability to script or automate repetitive tasks (Python, PowerShell, or similar).
• Strong written and verbal communication skills for clear reporting and incident documentation.

Desirable Skills

• Exposure to ITSM platforms like Jira (for incident workflows and automation).
• Experience with SOAR tools or Sentinel playbooks.
• Participation in red/purple team exercises or incident simulation.
• Security certifications (e.g., GCIA, GCFA, GCIH, SC-200, etc).

What We Offer

• A key role in a technically advanced SOC with a strong analyst-led culture.
• Collaboration with detection engineers, threat intelligence analysts, and incident responders.
• Continuous learning, mentoring opportunities, and exposure to cutting-edge tools and techniques.
• The opportunity to work in a SOC team with over 50 years of combined experience, who have built and operationalised more than 50 SOCs globally, and defended over 500 customers.
• Remote working in a cutting edge virtual SOC.
• Support for relevant training and certifications.

Our Purpose

The Cyberfort Group is a community of 150+ passionate people united by one overall mission “to make the world safer, one business at a time”. We are the "one-stop shop" for all things cyber and are working to build a centre of excellence for our customers by building an amazing place to work, learn and develop all our people.

We work with a diverse range of clients, including large Governmental departments as well as other public sector organisations and businesses within the private sector. We're growing our business and our team through our continuous investment in developing technology and cyber capability; we aim to deliver innovation to our customers as fast as possible.

Our goal is to implement, deliver and support solutions that make us stand out.