Role Overview
This role supports Security Operations Centre (SOC) activities, including monitoring, investigation, threat hunting, and incident response. The resource operates as a second line of defence, translating alerts into actionable findings and improving detection capability.
Core Responsibilities
- Perform L2 triage and investigation of security alerts across SIEM, EDR/XDR, email, identity, network, and cloud platforms
- Correlate events to identify root cause, scope, and impact of security incidents
- Investigate phishing, malware, account compromise, and unauthorised access cases
- Conduct proactive threat hunting using threat intelligence and MITRE ATT&CK
- Support containment, remediation, and recovery activities
- Contribute to SOC improvements (playbooks, detection tuning, onboarding of new tools)
Core Requirements
- Degree or Diploma in Cybersecurity, IT, or related field
- At least 3 years of experience in SOC operations or incident response (L2 preferred)
- Experience with SIEM, EDR/XDR, and cloud or identity security tools
- Strong understanding of attack chains, MITRE ATT&CK, and threat analysis
- Demonstrated hands-on experience in incident investigation or threat hunting
- Ability to operate independently in a SOC environment
