Level 3 SOC Analyst

Location: London (Hybrid – 1–3 days per week)

Salary: Up to £82,000 + Bonus + Private Healthcare

A leading UK retail organisation is continuing to invest heavily in its cyber security capabilities and is looking to hire an experienced Level 3 SOC Analyst to join a mature and well-established Security Operations function.

This role sits at the sharp end of detection, investigation, and response. You’ll be responsible for handling complex security incidents, improving detection capability, and acting as a technical escalation point for the wider SOC team, while working closely with engineering, threat intelligence, and security leadership.

Key Responsibilities

• Act as the final escalation point for complex security alerts and incidents across the enterprise
• Lead and coordinate incident response activities, including containment, eradication, and post-incident reviews
• Perform advanced threat hunting and proactive investigations using SIEM, EDR, and cloud telemetry
• Develop, tune, and optimise detection rules aligned to MITRE ATT&CK
• Work extensively with the Microsoft Security stack, including Sentinel, Defender XDR, Entra ID, and M365 Security
• Improve SOC processes, playbooks, and response procedures to reduce MTTD and MTTR
• Support and mentor Level 1 and Level 2 analysts, raising overall SOC capability
• Collaborate with wider security teams (engineering, IAM, cloud, risk) on remediation and security improvements
• Provide clear technical reporting and recommendations to both technical and non-technical stakeholders

Required Experience

• Proven experience working as a Level 3 / Senior SOC Analyst or equivalent role
• Strong hands-on experience with the Microsoft security ecosystem (Sentinel, Defender, MDE, MDI)
• Deep understanding of incident response, attacker TTPs, and kill-chain methodologies
• Experience creating and tuning SIEM detections and alerts
• Strong knowledge of Windows environments, Active Directory, Azure, and M365
• Experience with threat hunting and forensic investigation techniques
• Comfortable working in a hybrid on-site model (1–3 days per week in London)

Desirable Skills

• Experience in large-scale or enterprise environments
• Exposure to retail, e-commerce, or high-volume customer-facing environments
• Scripting or automation experience (PowerShell, KQL, Python)
• Relevant certifications such as GCIA, GCED, GCIH, SC-200, or similar

What’s On Offer

• Salary up to £82,000 depending on experience
• Annual performance bonus
• Private healthcare plan
• Hybrid working (London-based, 1–3 days per week)
• Opportunity to work in a high-impact SOC role within a well-funded security programme
• Clear progression and the chance to influence SOC strategy and detection maturity