Senior SOC Analyst (Incident Response, Microsoft Security) - London

Senior SOC Analyst (Incident Response, Microsoft Security)
London (Hybrid – 2 days onsite every 2 weeks)

6-month contract, Inside IR35

About the Role

We’re looking for a hands-on Senior SOC Analyst to join a mature Cyber Fusion function, focused on detection and response across a Microsoft 365 environment.

This is a true operational security role—you’ll be actively investigating incidents, handling alerts, and improving detection capabilities. You’ll also play a key part in strengthening processes, tooling, and overall response effectiveness.

What You’ll Be Doing

Investigating and responding to security incidents end-to-end (triage → containment → recovery)
Performing deep-dive technical analysis to understand root cause and scope
Handling phishing investigations and user-driven security cases
Working with SIEM and SOAR platforms to support investigations and response workflows
Improving detection rules, alert quality, and triage processes
Supporting reductions in MTTI / MTTR through effective analysis and tooling
Contributing to post-incident reviews, documentation, and playbooks
Collaborating with the wider Blue Team and Cyber Fusion Centre

What We’re Looking For

Strong experience in a SOC, SecOps, or Incident Response role (ideally Tier 2/3 level)
Proven ability to investigate and resolve security incidents in enterprise environments
Hands-on experience with SIEM platforms (e.g. Microsoft Sentinel, Splunk, QRadar)
Experience working with SOAR tools or automated response workflows
Solid understanding of attack techniques and frameworks (e.g. MITRE ATT&CK)
Strong technical knowledge across endpoint, identity, email, and cloud security
Experience with Microsoft Defender and Microsoft 365 security tooling
Ability to work effectively during active incidents and time-sensitive situations
Clear communication skills, both technical and non-technical

Nice to Have

Experience in detection engineering or tuning alert logic
Certifications such as GCIH, CySA+, SC-200, BTL1/BTL2
Exposure to Google Cloud security operations

Working Setup

Hybrid model: 2 days onsite every two weeks (London)
Embedded within a Cyber Security / Cyber Fusion team
Collaborative, hands-on environment with a focus on continuous improvement

If you’re a Senior SOC Analyst who enjoys real investigation work and improving how security operations run, this is a strong opportunity to make an impact.

#LI-DNI

Threat & Cyber Intelligence

London

359 Threat & Cyber Intelligence

London

359

Apply

Contact Us

2 Redheughs Rigg, Edinburgh, EH12 9DQ

recruitment@i-confidential.com

+44 (0) 131 445 1458

GDPR Candidate Agreement | Terms of Use