Senior SOC Engineer

I.T. & Communications
Glasgow
September 14, 2025
Permanent
Urgent

Job Description

Senior SOC Engineer
£60,000 GBP
Hybrid WORKING
Location: Glasgow, Scotland – United Kingdom Type: Permanent
Senior SOC Engineer
A leading organisation is seeking a Senior SOC Engineer to strengthen its security operations capability and drive continuous improvement across detection, response, and automation. This pivotal role requires deep expertise in IBM QRadar, with a strong focus on playbook development, analytical rule creation, and threat modelling. The Senior SOC Engineer will play a key role in building and optimising detection and response strategies, ensuring robust protection against evolving threats.
Key Responsibilities
SIEM Engineering & Management

  • Deploy, configure, and maintain the QRadar SIEM platform.
  • Onboard and normalise log sources across on-premises and cloud environments.
  • Develop and optimise analytical rules for threat detection, anomaly detection, and behavioural analysis.

Playbook Development & Automation

  • Design and implement incident response playbooks for scenarios such as phishing, lateral movement, and data exfiltration.
  • Integrate playbooks with SOAR platforms (e.g., Microsoft Logic Apps, XSOAR) to streamline triage and automate response.
  • Refine playbooks based on threat intelligence and incident insights.

Threat Detection & Response

  • Monitor and analyse security alerts and events to identify potential threats.
  • Conduct investigations and coordinate incident response activities.
  • Collaborate with threat intelligence teams to enhance detection logic.

Threat Modelling & Use Case Development

  • Lead threat modelling exercises using frameworks such as MITRE ATT&CK, STRIDE, and Cyber Kill Chain.
  • Translate threat models into actionable detection use cases and SIEM rules.
  • Prioritise detection engineering based on business risk and impact.

Reporting & Collaboration

  • Produce reports and dashboards to communicate security posture and incident trends.
  • Partner with IT, DevOps, and compliance teams to enforce secure configurations.
  • Provide mentorship to junior analysts and engineers.
  • Maintain documentation of security procedures, incident response plans, runbooks, and playbooks.
  • Contribute to monthly reporting packs in line with contractual obligations.

Additional Contributions

  • Support pre-sales teams with technical requirements for new opportunities.
  • Demonstrate SOC tools and capabilities to clients.
  • Participate in continual service improvement initiatives, recommending changes to address recurring incidents.

Skills & Qualifications

  • Eligible for, or already holding, SC Clearance.
  • Proven expertise in IBM QRadar and SIEM engineering.
  • Strong knowledge of log formats, parsing, and normalisation.
  • Proficiency in SIEM query languages such as KQL, SPL, AQL.
  • Scripting experience with Python or PowerShell for automation.
  • Deep understanding of threat detection, incident response, and the cyber kill chain.
  • Familiarity with frameworks including MITRE ATT&CK, NIST, and CIS.
  • Strong communication, analytical, and presentation skills.
  • Solid understanding of network traffic flows, vulnerability management, and penetration testing principles.
  • Knowledge of ITIL processes (Incident, Problem, Change Management).
  • Ability to work independently and thrive in a 24/7 on-call environment.

Education & Experience

  • 3-5 years’ experience in the IT security industry, ideally in a SOC/NOC environment.
  • Cybersecurity certifications preferred (e.g., ISC2 CISSP, GIAC, SC-200, IBM QRadar Certified Specialist, Splunk Certified Admin/Power User, Google Chronicle Security Engineer).
  • Hands-on experience with ServiceNow Security Suite.
  • Familiarity with cloud platforms (AWS and/or Microsoft Azure).
  • Proficiency in Microsoft Office products, particularly Excel and Word.

Reference: AMC/RHU/SOC

JBRP1_UKTJ

Location

Related Jobs