Dieses Stellenangebot ist nicht mehr verfügbar
Über
We are seeking a motivated SOC Analyst to join our growing security practice, delivering managed security operations to a client running a customer-facing application on Microsoft Azure. This is a remote, Monday to Friday (08:00–17:00) position with no on-call, no out-of-hours, and no on-site requirements.
You will be the primary analyst responsible for monitoring, triaging and responding to security incidents across an Azure-native environment using Microsoft Sentinel as the core SIEM and SOAR platform. The threat surface is well-defined, the alert volume is manageable, and Sentinel automation handles the noise — meaning you spend your time on real incidents, not false positives.
You will be supported by an experienced internal SOC Lead who provides escalation support, Sentinel tuning, and management oversight. This is an excellent role for someone with 1–2 years of SOC experience who wants to deepen their Azure and Microsoft security specialism in a focused, low-noise environment.
Key Responsibilities
* Monitor the Microsoft Sentinel incident queue throughout each shift, triaging and prioritising alerts according to severity and business impact
* Investigate confirmed security incidents across the Azure B2C environment including suspicious sign-ins, credential abuse, token anomalies, and Azure resource changes
* Execute response actions using Sentinel Playbooks (Logic Apps) and manual remediation steps including account disabling, IP blocking, and session revocation via Entra ID
* Review and action Microsoft Entra ID sign-in risk events, Identity Protection alerts, and Conditional Access policy violations
* Monitor Defender for Cloud Apps for anomalous application-layer activity including unusual API call patterns and OAuth token abuse
* Manage and update security incidents in the ITSM ticketing system, ensuring accurate documentation of timeline, actions taken, and outcome
* Produce daily shift handover notes and contribute to weekly and monthly customer-facing security reports using Sentinel Workbooks
* Identify patterns in alert data and recommend tuning improvements to the SOC Lead to reduce false positives and improve detection quality
* Maintain and follow documented runbooks and response playbooks, flagging gaps or improvements as they are identified
* Escalate complex or high-severity incidents to the SOC Lead promptly with a clear incident summary and supporting evidence
Azure & Microsoft Technology Stack
This role is built around the Microsoft security ecosystem. You will work with the following technologies every day:
* Microsoft Sentinel — primary SIEM/SOAR platform for monitoring, investigation and automated response
* Microsoft Entra ID (Azure AD) — identity and access management, sign-in logs, audit logs, Identity Protection
* Azure AD B2C — customer identity platform; understanding of user flows, custom policies and sign-in behaviour
* Microsoft Defender for Cloud Apps — application-layer anomaly detection, OAuth app monitoring, session policies
* Microsoft Defender for Cloud — Azure resource security posture, threat detection across Azure workloads
* Azure Monitor & Log Analytics — log ingestion, KQL querying, custom workbook dashboards
* Logic Apps / Sentinel Playbooks — automated response workflows triggered by Sentinel analytics rules
* Microsoft Defender XDR — cross-domain alert correlation and incident management
* Azure Resource Manager — monitoring configuration changes, IAM role assignments, policy violations
Essential Skills & Experience
* 1–2 years’ experience in a SOC, IT security, or security engineering role
* Hands-on experience with Microsoft Sentinel — alert triage, incident investigation, and KQL queries
* Working knowledge of Microsoft Entra ID (Azure AD) — sign-in logs, MFA, Conditional Access, Identity Protection
* Understanding of common Azure B2C or cloud identity attack patterns: credential stuffing, impossible travel, MFA fatigue, token theft
* Ability to read and write basic KQL (Kusto Query Language) to investigate Sentinel incidents and build simple queries
* Familiarity with the MITRE ATT&CK framework and how techniques map to Azure / identity-based threats
* Comfortable working independently in a remote environment with minimal supervision during shift hours
* Strong written communication skills — able to produce clear, concise incident reports and customer-facing summaries
Desirable Skills & Certifications
* Microsoft SC-200 (Microsoft Security Operations Analyst) — held or actively working toward
* Microsoft AZ-900 or AZ-500 — Azure fundamentals or security certification
* Experience with Microsoft Defender for Cloud Apps or Defender XDR
* Exposure to Logic Apps or Sentinel Playbook creation and editing
* Experience writing or following incident response runbooks and playbooks
* Familiarity with ITSM platforms such as ServiceNow or Jira for ticket management
* Understanding of OAuth 2.0 / OpenID Connect flows relevant to B2C application authentication
* CompTIA Security+ or equivalent baseline security certification
What We Offer
* £28,000 – £35,000 salary depending on experience
* Fully remote role — work from anywhere in the UK
* Monday to Friday, 08:00–17:00 only — no on-call, no weekends, no out-of-hours
* Funded training and certification support (SC-200, AZ-500)
* Clear progression path toward senior analyst and SOC Lead roles
* Focused, low-noise environment — Azure-native stack with strong Sentinel automation
* Supportive SOC Lead providing escalation, mentoring and regular 1:1 oversight
Pay: From £26,196.31 per year
Benefits:
* Company pension
* Employee mentoring programme
* Sick pay
* Work from home
Experience:
* SOC : 2 years (required)
* Microsoft SIEM and Defender, Sentinel: 2 years (required)
Language:
* English (required)
Location:
* United Kingdom (required)
Work Location: Remote
Sprachkenntnisse
- English
Hinweis für Nutzer
Dieses Stellenangebot wurde von einem unserer Partner veröffentlicht. Sie können das Originalangebot einsehen hier.