Senior SOC Analyst

We're now looking for a Senior SOC Analyst to take a leading role in complex incident response cases, guiding clients through high-severity security events and strengthening our overall SOC capability.

What will you be doing?

• Incident response & forensics: You'll lead major security incidents from detection through remediation, coordinating containment, analysing attacker activity, and supporting clients through critical decision-making.

• Threat hunting & detection engineering: You'll proactively hunt for threats using advanced KQL analytics, enhance SIEM/EDR detections, tune rules, and develop signatures aligned to MITRE ATT&CK.

• Malware analysis & reverse engineering: You'll perform malware triage and behavioural analysis, using reverse-engineering tools when needed to support investigations and strengthen detection coverage.

• Reporting & client communication: You'll produce clear, high-quality investigation reports, timelines, and intelligence summaries that translate technical findings for a range of audiences.

• SOC leadership & continuous improvement: You'll contribute to SOC playbooks, mentor junior analysts, support onboarding of new customers, and help evolve SOC processes and tooling.

• On-call support: You'll participate in the 24×7 on-call rota to provide expert support during critical incidents.

• A strong background in DFIR, SOC operations, or incident response
• Ability to lead complex investigations and high-severity security incidents
• Confident decision-maker who can guide clients through critical situations
• Strong communicator, able to translate technical findings for any audience
• Collaborative mindset with willingness to work closely across teams
• Ability to mentor junior analysts and support skill development
• Comfortable working in fast-paced, high-pressure environments
• Proactive approach to improving SOC processes, playbooks, and detection capabilities

Key Skills:

• Advanced SIEM expertise (ideally Microsoft Sentinel & Defender XDR)
• Strong DFIR/SOC/incident response experience
• High-level KQL capability
• Python/PowerShell for automation
• Core digital forensics skills
• Experience with Velociraptor, KAPE & sandbox tools
• Solid detection engineering understanding
• Strong technical reporting and documentation skills, You will need to have lived in the UK continuously for at least 5 years and have no criminal record to achieve the clearance you need for this role. You must also already have/have the ability to obtain NPPV3.

At Phoenix, our philosophy is simple - we aim to be the UK's leading IT solution and managed service provider and that means we recognise that it's our people who are the heart of everything we do. We do this by providing the encouragement, support and skill development that you need to be the very best you can be at work. We are proud of our culture, so much so that we have developed our Culture Blueprint which you can read here. Practical stuff Where is the role based?