Security Operations Center Analyst

Job Description

Senior SOC Analyst

Location: Glasgow (hybrid)

Salary: Up to £57,000 + package

NOTE: Candidates for this role must be eligible for UK Security Clearance (SC).

We are seeking a Senior SOC Analyst to join a growing Security Operations Centre team. This is a hybrid role based in Glasgow, offering the opportunity to take a leading role in incident response and advanced security monitoring within a dynamic environment.

As a Senior SOC Analyst, you will take ownership of escalated incidents from L1 and L2 analysts, leading investigations, performing root cause analysis, and guiding appropriate remediation actions. You will play a key role in developing SOC use cases, enhancing monitoring capabilities, and ensuring incident response follows best practice standards.

This role combines technical depth, client interaction, and leadership, requiring someone who thrives in a fast-moving environment and is comfortable working with both technical and non-technical stakeholders.

Key Responsibilities

• Lead investigations into escalated security incidents, including detailed analysis and root cause identification.
• Monitor and optimise SIEM tools (Splunk, QRadar, or similar), ensuring accurate detection and effective alerting.
• Perform malware analysis, reverse engineering, and develop detection signatures.
• Provide incident response leadership, from containment and eradication to recovery.
• Collaborate with cross-functional teams and external parties (forensics, law enforcement, clients).
• Stay current on threat intelligence and integrate insights into monitoring processes.
• Contribute to the creation and refinement of runbooks, playbooks, and incident response documentation.
• Support pre-sales activities, solution scoping, and client demonstrations when required.

What We’re Looking For

• 3+ years’ experience in cybersecurity, preferably in a SOC or NOC environment.
• Strong hands-on experience with SIEM tools, specifically QRadar
• Solid understanding of incident response methodologies and DFIR principles.
• Knowledge of network traffic analysis, vulnerability management, penetration testing, and malware reverse engineering.
• Familiarity with ITIL processes (Incident, Problem, Change).
• Strong written and verbal communication, with the ability to produce clear technical documentation and reports.
• Relevant certifications (e.g., CISSP, GIAC, SC-200) are highly desirable.
• Cloud security experience (AWS and/or Azure) .
• Willingness to participate in 24/7 operations or on-call rotations.

If you’re passionate about protecting organisations and leading from the front in cyber defence, we’d love to hear from you.