IT Specialist - SOC and SIEM
Role details
Job location
Tech stack
Job description
As an IT Specialist in SOC and SIEM, you will play a vital role in strengthening the organisation's detection and response capabilities. Reporting to the IT Manager - SOC and SIEM, you will deliver technical processes and controls across SOC operations, SIEM optimisation, Vulnerability & Patch Management, Incident Response & Disaster Recovery, and Asset & Threat Discovery.
You will work collaboratively with SOC analysts, IT operations, engineering, and risk teams to ensure rapid detection and timely remediation of security incidents. This role requires strong technical expertise, meticulous attention to detail, and a proactive approach to improving operational resilience.
We are committed to building a diverse, inclusive, and high-performing security function. In this role, you will be supported and empowered to develop your skills, contribute to innovation, and help protect the organisation.
Key responsibilities and duties include:
- Maintain and optimise SIEM platforms for accurate log ingestion, parsing, and correlation
- Develop and tune detection rules, dashboards, and automated alerts to improve threat visibility and reduce false positives
- Integrate threat intelligence feeds and ensure alignment with frameworks such as MITRE ATT&CK for comprehensive detection coverage
- Support SOC operations by improving triage workflows and operational efficiency
- Automate vulnerability scanning across endpoints, servers, and cloud workloads; coordinate patch deployment processes with IT teams to minimise exposure windows
- Track remediation progress and verify fixes through re-scan and compliance reporting
- Assist in developing and maintaining incident response and disaster recovery playbooks for common attack scenarios
- Participate in planning and executing tabletop exercises and simulations to validate readiness and response times
- Support containment, eradication, and recovery activities during live incidents, providing technical input for root cause analysis and corrective actions
- Implement continuous asset discovery tools to maintain an accurate inventory of systems and services; ensure asset data feeds into CMDB and SIEM for correlation and reporting
- Deploy threat discovery solutions to identify emerging risks and anomalous behaviours proactively
- Maintain accurate records of incidents, vulnerabilities, and remediation status; support audit preparation for Cyber Essentials, ISO 27001, and internal governance reviews
- Contribute to the development and update of security policies, standards, and operational procedures
- Proactively identify opportunities to improve detection and response workflows and strengthen the organisation's security posture
Key performance indicators:
- Reduction in Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR)
- Timely closure of vulnerabilities and patch compliance within SLA
- Successful completion of incident response and disaster recovery exercises, with improvement in readiness scores
- Accuracy of asset inventory and threat discovery coverage
- Audit readiness and successful evidence submission., Please be advised that offers for this role are conditional upon obtaining the appropriate level of Security Clearance.
UK Immigration Mott MacDonald Ltd. are not currently offering sponsorship to candidates under the Skilled Worker visa route in the UK. This decision is as a consequence of the changes made to the Skilled Worker route by the UK Government in April 2024. We continue to welcome applications from candidates who are eligible for alternative immigration routes in the UK, that do not require sponsorship as a Skilled Worker now or in future.
Agile working At Mott MacDonald, we believe it makes business sense for you and your manager to choose how you can work most effectively to meet your client, team, and personal commitments. We offer a hybrid working policy that embraces your well-being, flexibility, and trust.
Equality, diversity, and inclusion We put equality, diversity, and inclusion at the heart of our business, seeking to promote fair employment procedures and practices to ensure equal opportunities for all. We encourage individual expression in our workplace and are committed to creating an inclusive environment where everyone feels they can contribute.
Accessibility We want you to perform your best at every stage in the recruitment process. If you are disabled or need any support to enable you to apply or attend an interview, please contact us at reasonable.adjustments@mottmac.com and we will talk to you about how we can support you.
We offer some fantastic benefits including:
Financial wellbeing
- We match employee pension contributions between 4.5% and 7%.
- Life assurance equal up to 4 x your basic salary, with an option to increase the level of cover to 6 x your salary.
- Our income protection scheme provides a financial benefit, as well as absence and return to work support due to long-term illness or injury.
- Flexible benefits, including increased life assurance cover, critical illness insurance, payroll saving and will writing.
- As an independently owned business we share the financial success of the business with all our colleagues in various ways including annual bonus schemes.
Employee Ownership
- Our employee ownership model means no external investors, just us, creating a culture of shared success.
- Our employees have a stake and a voice in our business, giving them a direct connection to our success through our personal and group performance bonuses.
- As your career grows, so does your stake, recognising your long-term impact and contribution.
- Your voice matters, with the opportunity to connect directly with senior leadership through formal channels to help shape our future.
- For our senior roles you will have a direct pathway towards ownership from day one.
Health and wellbeing
- Private medical insurance for all UK colleagues.
- Health cash plan to support you with every day health costs and treatments.
- Access to Peppy, providing free support from menopause experts for all UK colleagues.
- A variety of wellbeing support is available through our comprehensive wellbeing program, including access for you and your family.
- Ability to flex your salary to opt into a wide range of health benefits, many of which can be extended to your family too.
Requirements
Demonstrable hands-on experience with SIEM platforms and SOC operations within a complex enterprise environment
- Strong knowledge of detection engineering, vulnerability management, patching processes, and incident response/disaster recovery frameworks
- Practical experience with asset discovery tools, threat detection methodologies, and remediation processes
- Experience supporting or preparing for security audits and maintaining compliance evidence
- Ability to interpret and apply security policies, standards, and regulatory requirements
- Strong problem-solving skills, with the ability to analyse technical issues and recommend effective solutions
- Excellent written and verbal communication skills, able to document findings and engage with both technical and non-technical stakeholders
- Proven ability to work independently and as part of a team, managing multiple priorities in a fast-paced environment.
Desirable:
- Industry certifications such as CISSP, CCSP, or equivalent
- Experience with automation tools, vulnerability scanners, and EDR/XDR platforms
- Exposure to frameworks and standards such as MITRE ATT&CK, ISO 27001, NIST CSF
- Experience participating in incident response activities and post-incident reviews
- Awareness of automation and scripting for security operations., Demonstrates meticulous attention to detail in all aspects of detection, configuration, and documentation
- Applies strong analytical thinking to interpret complex alerts and prioritise effective remediation
- Collaborates effectively with colleagues across SOC, IT, engineering, and risk teams, building positive working relationships
- Communicates clearly and confidently, adapting technical information for both technical and non-technical audiences
- Proactively identifies and acts on opportunities to improve operational resilience and reduce risk
- Maintains the highest standards of integrity, confidentiality, and professional conduct at all times
- Adapts positively to changing priorities and remains resilient under pressure, Disability Confident About Disability Confident A Disability Confident employer will generally offer an interview to any applicant that declares they have a disability and meets the minimum criteria for the job as defined by the employer. It is important to note that in certain recruitment situations such as high-volume, seasonal and high-peak times, the employer may wish to limit the overall numbers of interviews offered to both disabled people and non-disabled people. For more details please go to .
Benefits & conditions
A minimum of 33-35 days holiday each year, inclusive of public holidays and dependent on level, with the ability to buy or sell leave through our flexible benefits programme.
- Holiday entitlement increased to a minimum of 35 days after 5 years' service.
- Variety of employee saving schemes and discounts from high-street retailers.
Enhanced family and carers leave
- Enhanced family leave policies, including 26 weeks paid maternity and adoption leave, and two weeks paid paternity/partner leave.
- Our shared parental leave matches maternity leave meaning we pay up to 24 weeks at full pay.
- Up to five additional days leave are provided for those with significant caring responsibilities, two of which are paid.
Learning and development
- Primary annual professional institution subscription.
- A broad range of opportunities to enhance both technical and soft skills through mentoring, formal training, and self-development options.
Networks, communities, and social outcomes
- Join a wide range of groups including our Advanced Employee Networks which support our LGBTQ+, gender, race and ethnicity, disability, and parents/carers communities.
- Make a difference within our communities through our social outcomes.
