Hiring an experienced L2 SOC Incident Responder to strengthen a growing cyber defence function. This role is ideal for someone who enjoys deep-dive investigations, owns incidents end-to-end, and wants real influence over detection and response maturity.
What you'll be doing
- Investigate and validate security incidents escalated from L1, performing in-depth log, packet and endpoint analysis to determine impact and scope.
- Lead containment and eradication actions across endpoints, network, cloud and identities, working closely with IT and security engineering teams.
- Tune SIEM rules, use-cases and security tooling to reduce false positives and improve detection quality over time.
- Contribute to playbooks and incident response procedures, and support post-incident reviews and reporting.
- Stay current on emerging threats, TTPs and vulnerabilities, applying relevant threat intelligence to ongoing investigations.
What we're looking for
- 24 years hands-on experience in a SOC / incident response role (L2 or strong L1 ready to step up).
- Solid experience with SIEM platforms and EDR tools, plus comfort working with logs from firewalls, proxies, servers and cloud environments.
- Good understanding of core security concepts such as incident handling, malware, lateral movement, phishing, and common attack techniques (MITRE ATT&CK familiarity a plus).
- Strong analytical mindset, clear communication skills, and the ability to remain calm and structured during live incidents.
Nice to have
- Experience contributing to or running incident response playbooks and table-top exercises.
- Relevant certifications such as GCIA, GCIH, GCED, CySA+, or equivalent practical experience.
How to apply
If this sounds like your next step, please apply with your CV or reach out directly for a confidential discussion. Shortlisted candidates will be contacted to discuss the environment, team setup and progression path in more detail.
