L3 SOC Analyst

We are exclusively partnering with a company that is integral to the UK CNI. Our client has received significant funding from the government and are looking to grow their existing team by 200% by the end of 2026. Your role will report directly in to the SOC Manager, and you will have a significant influence on how the SOC is built and run. The vision for this position is to be the lead escalation point for all incidents and that you lead the IR team too. Location: West Sussex On Site Requirement: 5 days during probation, 2-3 days there after Salary: £75,000 + 7.5% bonus + 10% pension contribution Responsibilities You will lead on all high-severity cyber incident. This will be from initial triage, expediate a containment, eradication and recovery strategy to minimise business impact Contribute to the continuous improvement or IR playbooks Produce new workflows for automation using SOAR tools Advanced Threat Hunting: Hypothesis and IoC based hunting. Aid the SOC Manager in developing and creating SOC policies Guide L1 and L2, providing guidance and training Engage with c-suite level stakeholders across a number of different sections of the business and be able to articulate security lingo to non-technical folks. Be comfortable delivering presentations to articulate technical cyber concepts Collaborate with internal and 3rd party providers, suppliers and partners Skills and Experiences The most important thing is that you have evidence of advanced threat hunting and IR. This will include leading on P1 IR engagements either as a L2 or L3. SOC related certifications are a bonus: SANS GIAC/GCIH/GCIA etc. Knowledge of adversarial TTPs and frameworks Experience with: Darktrace, Microsoft Defender and Microsoft Sentinel experience an advantage. Advantageous: Ran tabletop exercises & have experience with security architecture If you're excited about the opportunity to contribute towards the safety of UK CNI, please reach out to Gareth Davies @ Trident Search

Trident Search have exclusively partnered with one of the strongest security teams in the UK to bring in a L3 analyst to their team. They are integral to the UK CNI and are a household name. You will investigate and validate threats through data analysis, using a wide range of security tolls and defense products. A stand out candidate might come from a malware/threat hunting strong environment, or might have a keen interest in the field. Job Title: L3 SOC Analyst Location: 4 days on site per MONTH in Berkshire / Central London Hours: 09:00-17:30 Key Responsibilities: Lead the resolution of escalated security incidents such as sophisticated malware, APTs, and complex intrusions. Use expert-level forensic analysis and threat hunting techniques to contain and recover from incidents. Drive security event analysis to address emerging cyber threats and ensure comprehensive post-incident analysis.. Fine-tune SIEM configurations to filter false positives, detect advanced threats, and optimize alerting. Refine SOAR playbooks to automate response actions and improve incident response efficiency. Act as an escalation point for junior analysts, offering guidance and promoting knowledge sharing within the team. Contribute to threat response activities and collaborate with blue team efforts to identify threat group activities. Skills and Experience Proven SOC analyst experience (Level 2 or above) with extensive hands-on experience in security event analysis and incident response. If you have a passion for malware or come from a DFIR background, that would be advantageous. Strong understanding of networking protocols Expertise in Windows/Linux o/s and a variety of security technologies Familiarity with SOAR technologies Experience with security frameworks such as MITRE, Cyber Kill Chain, and APT strategies. Knowledge of cloud platforms (Azure, AWS, Google Cloud) and cloud security best practices. If you're seeking a opportunity where you'll be working with one of the strongest security teams in the UK, please reach out to Gareth Davies @ Trident Search.

Trident Search have exclusively partnered with a MS MSSP who are looking to hire their next L3 Team Lead. We have made 20+ placements with this client and have plenty of candidates who will attest to the technical standard of this client. You will be joining a high-performing team in a cutting-edge SOC where you'll oversee investigations, respond to incidents, provide customer-facing communication, and ensure operational excellence within the SOC. Location: Remote Hours: 09:00-17:30 (no on-call) Reports To: SOC Manager Key Responsibilities: Lead investigations into security incidents, breaches, and anomalies escalated to the SOC through the ITSM platform. Work closely with SOC analysts to conduct thorough and prompt analysis. Ensure all investigations are conducted according to established security protocols and procedures. Utilize and fine-tune advanced security tools such as SIEM (Security Information and Event Management), IDS/IPS (Intrusion Detection/Prevention Systems), and EDR (Endpoint Detection and Response) to detect and mitigate potential threats. Serve as a point of contact for customers during security incidents, providing clear, concise, and reassuring communication. Address customer inquiries regarding ongoing incidents and security threats, offering knowledgeable responses and technical clarity. Conduct regular service delivery meetings with clients to enhance satisfaction and ensure their needs are being met during and after incidents. Ensure that security incidents are reported in a timely and accurate manner to senior management and relevant stakeholders. Provide guidance and mentorship to SOC analysts through regular one-on-one sessions. Set high standards for behavior and performance and support the professional growth of the team. Identify training gaps and arrange development opportunities to ensure the SOC team maintains up-to-date knowledge of the latest security trends and tools. Foster a high-performance team culture, recognizing achievements and addressing any challenges that may arise within the team Experience: 3-5 years of experience in a SOC where you've had some leadership responsibilities. Able to discuss IR engagements you've had experience with: Ransomware Attacks, Malicious Insider, Malware Investigation Proficient in using and managing SIEM systems, IDS/IPS, EDR, and other security technologies. Familiarity with Microsoft environments and associated security tools is highly desirable. Experience with SOAR capabilities, including security orchestration, automation of workflows, and incident response playbook development, to streamline and enhance operational efficiency in security processes. Proven ability to lead investigations and manage escalated security incidents, ensuring prompt resolution and minimal impact. Ability to remain composed under pressure and effectively lead teams during high-stress incidents. Desirable Skills: Experience with Microsoft-based security solutions and technologies. You may also use Crowdstrike, Darktrace, Elastic etc. Certifications: GCIH, GCFA, MS certs etc.

Trident Search have exclusively partnered with a growing Offensive Security consultancy. They are now one of the largest hirers of Pentesters in the UK with roughly 50+ consultants across all teams. We are looking to make 4 hires in Q1 2025 and are only accepting applicants from candidates that have active CSTM/CRT or CSTL/CCT - it'd be advantageous if you already hold SC clearance, but we're able to put you through vetting if you don't. You will be based from your home with no office requirement. There will be a mix of on site and remote work available, aiming towards 70-75% utilisation and we're open to both CTL Web app and CTL Inf testers Responsibilities: Conduct a mixture of public sector engagements under the guidance of CHECK scheme, private and commercial clients too Produce professional reports that compliment your ability as a consultant Support the Account Management through scoping and client calls Complete QA activities as and when required Experience: At minimum 2 years experience for all CTM's, CTL's would naturally exceed this Range of testing experience from: Web App, Inf Internal/External, Cloud Config reviews, mobile, wireless etc. Relative Certifications: CSTM, CSTL - CRT, CCT. Bonus: Offensive Security Certs and coding experience Please reach out to Gareth Davies @ Trident Search if you're interested in the role.