Monitor and triage security alerts between 8:00 AM and 5:00 PM (UK time), ensuring timely prioritization and escalation of high and critical severity threats in accordance with defined SLAs
Participate in a 24/7 on-call rotation (approximately one week every 4-5 weeks), with the expectation of rapid response to incidents
6-24 months of SOC experience in real-time monitoring and incident response
Experience with EDR, Email Security, and vulnerability management
Familiarity with CASB/DLP and Web Application Firewalls
Knowledge of cloud security best practices
Qualifications
Bachelor's degree in Cybersecurity, Computer Science, IT, or equivalent
2-3 years of SOC L1/L2 experience in real-time monitoring and incident response
Strong experience with Splunk (including SPL for advanced queries and automation)
Hands-on experience with tools such as SentinelOne, Cylance, Mimecast, Netskope, Fastly WAF/CDN, Tenable, SOCRadar, KnowBe4, Jira, Slack/MS Teams, and PagerDuty
Experience developing and tuning SIEM detection rules and incident response playbooks