Job ID:
Location:LRQA Nettitude:Birmingham :
Position Category:Information Technology
Position Type:Employee Regular
Role description
This role reports to SOC Team Lead. As the SOC Analyst, you will be accountable for the effective delivery of your tasks, ensuring expected performance standards while continuously developing your skills as part of a high trust, high performing security service.
You will leverage your experience in security operations to enable the smooth delivery of our award-winning defensive monitoring service, supporting proactive detection and response for clients across the globe.
You will be expected to contribute, hands on, technically where and when needed, including deep dive investigations, supporting incident response, threat hunting, tuning detections, and when/if required delivering technical training to new starters.
As a SOC Analyst, you must proactively initiate actions and work independently to quickly mitigate threats, set an example, maintain operational continuity, make informed decisions, and ensure efficient delivery of your tasks under pressure.
The roles and responsibilities of the SOC Analyst are reviewed annually to ensure alignment with current organisational needs, emerging threats, and industry best practice. Collaboration with other teams
As SOC Analyst, you will be working closely with Threat Intelligence, Engineering and Incident Response teams as this is essential to strengthen the SOC’s ability to detect, investigate, and respond to emerging threats. This collaboration ensures timely sharing of actionable intelligence, refinement of detection rules, suggesting improvement of security tools, and alignment of operational processes, ultimately enhancing overall organisational security posture. Continual improvement
This role drives continuous improvement within the SOC by identifying gaps in processes, detection capabilities, and team performance, and supporting implementation of solutions to enhance operational efficiency.
The SOC Analyst works on alerts to refine triage and response workflows, ensuring lessons learned are translated into updated playbooks and best practices. Role details
Analyst & Operations Oversight Perform day-to-day activities of the SOC analysts across all shifts.
Ensure all alarms/cases are reviewed and responded to within the predefined SLA.
Maintain and keep documentation up to date (including design specifications, diagrams and process documentation).
Complete all HALO case files on time and with accurate and timely data/results.
Aim to ensure high-quality incident triage and investigation following predefined and agreed SOC processes.
Coordinate with other shifts to maintain operational continuity and consistent processes. Key Performance Indicators, Service Level Agreements & Reporting Key Performance Indicators (KPIs) are goals that must be achieved to demonstrate satisfactory or above performance for this job role.
KPIs will be monitored on an ongoing basis throughout each year and will be explored in further depth as part of the performance management process.
Service KPIs/SLAs and deliverables are tracked, adhered to and any deviations remediated through root cause analysis and non-conformance. Threat Detection
The analyst continuously monitors security alerts and logs across all customer environments using SIEM, EDR and other security and monitoring tools used by LRQA/Nettitude SOC Team.
Key responsibilities include: Review real‑time alerts and telemetry to identify suspicious activity or breaches.
Analyse logs, network flows and endpoint data to validate alerts and understand threat context.
Maintain and tune SIEM/SOAR correlation rules and endpoint detection signatures to reduce false positives and improve coverage.
Triage and investigate unusual events to confirm incidents or dismiss benign anomalies. Threat Hunting
Proactively search for hidden threats and improve detection.
Responsibilities include: Perform hypothesis‑driven threat hunts across multiple client networks using telemetry, threat intelligence and the MITRE ATT&CK framework.
Identify weak spots or blind spots in monitoring coverage and recommend new rules, queries or sensors to close them.
Analyse Indicators of Compromise (IOCs) and emerging threat data to discover stealthy intrusions. Document hunting methods, findings and update detection content as needed.
Use advanced analytics in SIEM/SOAR and EDR to dig deeper than automated alerts, leveraging both in‑house and public threat intelligence. Management Reports These management reports are written on Monthly, Bimonthly and Quarterly.
The production of management reports is a shared responsibility between Senior and Junior Analysts.
When a report is prepared by a SOC Analyst, the quality assurance must be completed by Senior Analyst or the SOC Team Lead before the document is shared with the client.
Due to the usual workload, the production of management reports is generally completed by the night shift, with support from the day shift when operationally feasible.
The full procedure is described in the “MMR Production Process” documentation on Confluence. Incident Handling & Escalation Oversee the detection, validation, and containment of security incidents/alerts.
When/if required provide technical guidance during live incidents and ensure appropriate escalation. Quality Assurance & Process Improvement Identify and eliminate false positives by identifying new fine-tuning detection rules in collaboration with the Team Leads and Engineering team.
Recommend improvements to XDR/SIEM/SOAR configurations and workflows. Reporting & Communication Communicate important incidents to the Cybersecurity Leadership team as needed.
Maintain clear documentation of:
Incidents
Lessons learned
Operational notes Training & Mentoring
Support training for new SOC analysts, helping them grow technically and operationally. Compliance & Governance Support Ensure analysts follow LRQA Cybersecurity established security policies, procedures, and SLAs.
Help align SOC practices with frameworks (, ISO & MITRE ATT&CK).
Make sure incident documentation meets regulatory and audit requirements. Collaboration Work closely with Threat Intelligence, Vulnerability Management, and Incident Response teams to enhance detection capability.
Collaborate with IT Operations and network teams for containment and recovery actions.
Maintain regular verbal and written communication with customers, suppliers and internally as required. Client Success
Client feedback is actively encouraged and serves as a key measure of success. Positive feedback reflects our achievements, while suggestions or complaints are reviewed with management to assess potential inclusion in service improvements. Professional and Technical Requirements Experience supporting incident management.
Proficient in SIEM, EDR, XDR, EPP, and NetMon tools, including usage, configuration, and identifying a need for new rule creation.
Skilled in analysing log data across multiple device types to support incident management.
In-depth understanding of attack vectors, with the ability to distinguish normal from abnormal activity and recommend appropriate countermeasures and remediation.
Proven experience working in complex, high-performing enterprise SOC/MSSP environments.
Familiarity with offensive tools, techniques, and vulnerabilities, including Kali, Metasploit, Veil, MITRE ATT&CK, CVE, and OWASP frameworks. Core Soft Skills & Emotional Intelligence
Strong soft skills, including effective communication, collaboration, and emotional intelligence, enabling clear stakeholder engagement and the ability to manage high-pressure situations with composure.
Read Less
