Find a job

The ideal candidate is someone currently operating at a Tier 2. Training will also be provided in the solutions that you will be interacting with, however experience within Detect and Response operations within a SOC environment would be essential. Eligible for SC Clearance is necessary for this role. High Level Overview: You will be there to support the L1’s when they escalate true positives and be able to offer confidence in your triage, investigation, escalation and remediation. This is an essential part of our growth as we have already moved to a 24/7 SOC. There will be support available from the on-call supervisor, however we would need you to be confident in identifying the above. Responsibilities. Monitor and analyse traffic and events/alerts and advise on remediation actions. Investigate intrusion attempts and perform in-depth analysis of the attempt by correlating various sources and determining which system or data set is affected. Carry out Incident Response actions upon client infrastructure to mitigate and contain verified incidents or intrusion attempts. Follow standard operating procedures for detecting, classifying, and reporting incidents. Demonstrate security expertise to support timely and effective decision making of when to declare an incident. Conduct proactive threat research, with the goal to ingest additional IoC’s or create detection rules based off threat actor TTP’s. Create detection rules off the emerging threat landscape and new techniques used. Analyse a variety of network and host-based security appliance logs (Windows Security Events, Sysmon, Firewalls, NIDS, Sys Logs, etc.) to determine the correct remediation actions and escalation paths for each incident, or how to effectively tune out false positives without hindering the effectiveness of the ruleset. Create playbooks and workbooks within the Azure Sentinel Solution Track trends and configure systems as required to reduce false positives from true events. Document all activities during an incident in order to ensure that the report and updates escalated to a client provides all necessary information, whilst also offering effective remediation actions and any reference material required. Escalate information regarding intrusion events, security incidents, and other threat indications and warning information to the client in a readable manner. Assist with the development of processes and procedures to improve incident response times, analysis of incident, and overall SOC functions Create monthly Managed Detect and Respond (MDR) reports for clients Create articles for publication based off CTI investigations that have been undertaken Modify use cases and manage tuning for multiple clients Provide a daily shift change report Essential Experience Required Experience with SIEM & EDR solutions (Azure Sentinel/AlienVault/Carbon Black/Defender for Endpoint), specifically with investigations and remediation actions. Organizational skills and time management/prioritization. Pro-active in maintaining their workload. Comfortable working against deadlines in a fast-paced environment. Solid foundation of core Information Security aspects (General Investigation process, overview knowledge of surrounding technologies and frameworks to improve an organisations security posture, pain points faced within the industry). Prior SOC experience. Qualifications: Any industry recognized certifications are highly desirable, however we are very big on training and offer a generous training package. 

*Unfortunately we're unable to offer sponsorship of this opportunity, you will need to be eligible for SC clearance* Trident Search have exclusively partnered with a award winning MSSP who have seen great growth over the last 24 months. They are now one of the largest consultancies that offer offensive and defensive security services. You'll work fully remote as a L1 SOC Analyst – this isn’t your typical L1 where you act as a “ticket monkey”. You will be fully emerged in the investigation, and you’ll work with your seniors through to remediation. This is a 24/7 SOC and you'll work 4 on 4 off, days and nights: 7am-7pm, 7pm-7am. Responsibilities • Continuous monitoring of MS tooling: Sentinel and Defender included. You will also get access to Darktrace, Crowdstrike and a bit of Elastic • Proactive threat hunting, utilizing KQL • Risk remediation and mitigation through technical controls within the stack mentioned above • Proactive security assessments - Phishing campaigns, SSO, etc.. Experience: • We’re looking for a minimum of 6-12 months experience as a SOC analyst • Sentinel experience is mandatory, if you can bring experience across Defender, Crowdstrike and Darktrace – that’d be a huge bonus. • Basic KQL query ability – greedy searches, filtering etc. • Experience of deploying, managing, and supporting of endpoint security platforms • Ability to standardize processes for efficiency and productivity, leveraging automation where applicable/possible Bonus: • Industry certs SC100, SC200 etc. • Powershell experience Please reach out to Gareth Davies @ Trident Search

Kickstart Your Sales Career with One of Europe’s Fastest-Growing Cybersecurity Startups!   Are you a motivated sales professional in The Netherlands looking to fast-track your career? Trident Search is excited to present a fantastic opportunity to join a cutting-edge cybersecurity startup that’s reshaping the industry across Europe.   The Role: As a Sales Development Representative (SDR), you’ll play a key role in expanding our footprint across the BENELUX region. Your mission: connect with potential clients and book qualified meetings for our talented Account Executives. You'll gain hands-on experience in sales strategies, build valuable skills, and make a real impact on our growing team!   What You’ll Be Doing: Creating Opportunities: Use calls, emails, and LinkedIn to build a strong pipeline of new business. Engaging Prospects: Reach out to leads through multi-touch campaigns and marketing initiatives. Collaborating: Work closely with marketing and sales teams on account-based strategies. Making an Impact: Schedule quality meetings that drive growth and open doors for the sales team.   What You Bring to the Table: Language Skills: Fluent in both Dutch and English. Proven Success: At least 1 year of experience as an SDR or BDR, ideally in cybersecurity. Sales Savvy: Skilled in outbound and multi-touch campaigns, with a passion for picking up the phone. Ambition: A self-starter with a drive to grow your career and succeed in a fast-paced environment. Bonus Points: Experience in startups or thriving in a hands-on, low-support setting (but not essential).   If you’re ready to be part of something big, apply today and take the next step in your sales journey!

Trident Search has an awesome opportunity with one of the fastest growing cyber security start-ups in Europe. We are looking to speak with revenue generating candidates in The Netherlands who are looking to propel their career. As one of the first people to join this rapidly growing go-to-market team, you will play a pivotal role as this vendor looks to grow into new territories. We are looking for someone with experience in cyber security sales who has taken ownership of the entire sales process, from cradle to grave. The Role Initiate conversations and build relationships with potential customers through phone calls, emails, LinkedIn messages, and in-person events. Target to engage with new prospects on a weekly basis to maintain at least 5x pipeline coverage. Collaborate closely with the marketing team to iterate on messaging used in outbound communications. Work with internal teams to devise. strategies for driving pipeline growth within the Benelux territory. Take charge of both outbound prospecting and inbound lead follow-up. Dive deep into accounts to identify key decision-makers and champions. Craft personalized messaging that resonates with the target audience and qualifies their interest. Demonstrate a deep understanding of our clients’ solutions and their value proposition. Engage with C-level executives, providing industry insights and positioning our solutions effectively. Foster and maintain relationships with key business units and stakeholders. Adopt a consultative approach, listening to customer needs and adjusting strategies accordingly. Consistently meet or exceed quarterly sales quotas, while maintain core values and objectives. The Person. Have minimum 3-4 years of lead generation and sales experience selling cyber security SaaS solutions. Are experienced in cold outreach and generating significant pipeline for account executives. Fluent in Dutch & English is preferential. Have a proven track record of hitting or exceeding sales quotas with minimal account churn. Are flexible in adapting to real-time feedback during discussions. Have strong previous relationships with sales enablement and operation teams. Have experience with CRM tools like Salesforce or HubSpot. Familiarity with the MEDDPICC qualification framework. Previous experience in a startup or low-support environment.

We are exclusively partnering with a company that is integral to the UK CNI. Our client has received significant funding from the government and are looking to grow their existing team by 200% by the end of 2026. Your role will report directly in to the SOC Manager, and you will have a significant influence on how the SOC is built and run. The vision for this position is to be the lead escalation point for all incidents and that you lead the IR team too. Location: West Sussex On Site Requirement: 5 days during probation, 2-3 days there after Salary: £75,000 + 7.5% bonus + 10% pension contribution Responsibilities You will lead on all high-severity cyber incident. This will be from initial triage, expediate a containment, eradication and recovery strategy to minimise business impact Contribute to the continuous improvement or IR playbooks Produce new workflows for automation using SOAR tools Advanced Threat Hunting: Hypothesis and IoC based hunting. Aid the SOC Manager in developing and creating SOC policies Guide L1 and L2, providing guidance and training Engage with c-suite level stakeholders across a number of different sections of the business and be able to articulate security lingo to non-technical folks. Be comfortable delivering presentations to articulate technical cyber concepts Collaborate with internal and 3rd party providers, suppliers and partners Skills and Experiences The most important thing is that you have evidence of advanced threat hunting and IR. This will include leading on P1 IR engagements either as a L2 or L3. SOC related certifications are a bonus: SANS GIAC/GCIH/GCIA etc. Knowledge of adversarial TTPs and frameworks Experience with: Darktrace, Microsoft Defender and Microsoft Sentinel experience an advantage. Advantageous: Ran tabletop exercises & have experience with security architecture If you're excited about the opportunity to contribute towards the safety of UK CNI, please reach out to Gareth Davies @ Trident Search

Trident Search have exclusively partnered with one of the strongest security teams in the UK to bring in a L3 analyst to their team. They are integral to the UK CNI and are a household name. You will investigate and validate threats through data analysis, using a wide range of security tolls and defense products. A stand out candidate might come from a malware/threat hunting strong environment, or might have a keen interest in the field. Job Title: L3 SOC Analyst Location: 4 days on site per MONTH in Berkshire / Central London Hours: 09:00-17:30 Key Responsibilities: Lead the resolution of escalated security incidents such as sophisticated malware, APTs, and complex intrusions. Use expert-level forensic analysis and threat hunting techniques to contain and recover from incidents. Drive security event analysis to address emerging cyber threats and ensure comprehensive post-incident analysis.. Fine-tune SIEM configurations to filter false positives, detect advanced threats, and optimize alerting. Refine SOAR playbooks to automate response actions and improve incident response efficiency. Act as an escalation point for junior analysts, offering guidance and promoting knowledge sharing within the team. Contribute to threat response activities and collaborate with blue team efforts to identify threat group activities. Skills and Experience Proven SOC analyst experience (Level 2 or above) with extensive hands-on experience in security event analysis and incident response. If you have a passion for malware or come from a DFIR background, that would be advantageous. Strong understanding of networking protocols Expertise in Windows/Linux o/s and a variety of security technologies Familiarity with SOAR technologies Experience with security frameworks such as MITRE, Cyber Kill Chain, and APT strategies. Knowledge of cloud platforms (Azure, AWS, Google Cloud) and cloud security best practices. If you're seeking a opportunity where you'll be working with one of the strongest security teams in the UK, please reach out to Gareth Davies @ Trident Search.

Trident Search are working with an incredibly niche MSSP who specialise in threat detection. They leverage some of the best technologies on the market and are looking for someone who is incredibly analytical. Working for this client, you will gain valuable experience detecting threats and aiding clients in mitigation and remediation processes. This is a technical position, and it will require you to get involved across all areas of blue teaming. From initial triaging through to remediation, threat hunting and incident response (on call rota, 1 in 5 weeks).  Location: Remote / London Hours: 09:00-17:30 (on call responsibilities, 1 week in 5) Responsibilities:  Monitor, investigate and report potential cyber threats. Communicate and escalate threats to clients, providing support and guidance where needed. Maintain and support deployed advanced threat protection solutions. Interpret and collate threat analysis into analytically concise incident and threat reports. Maintain and improve the Advanced Threat Management Service offering to ensure a continued high level of service is delivered. Aid pre-sales teams in selling threat detection solutions Requirements: This position requires a detail oriented, critical thinker who can anticipate issues and solve problems. You should be able to analyse large datasets to detect underlying patterns and identify cyber-attacks, malware, and threat actors, determining potential impact and develop remediation guidance.   Knowledge of current and emerging advanced cyber threats, attack and evasion techniques, command and control infrastructures and insider threat behaviour. Understanding of typical malware functionality and capabilities. Understanding of the tools and techniques used by SOC and Incident Response teams. Forensic experience with full network packet capture tools and understanding of common network protocols. Experience with typical security technologies i.e., SIEM, NDR, EDR, Firewalls, proxies, IDS/IPS (snort, bro), DLP, endpoint solutions, access control. Solid understanding of large-scale networking technologies. Solid troubleshooting skills — Windows, Linux, and network environments. Knowledge of scripting languages (e.g., Python, BASH). SANS GIAC or similar certification would be beneficial but not required. If you're passionate about hunting and have a strong technical knowledge, then please send Gareth Davies @ Trident Search a message and apply now  

Trident Search have exclusively partnered with a MS MSSP who are looking to hire their next L3 Team Lead. We have made 20+ placements with this client and have plenty of candidates who will attest to the technical standard of this client. You will be joining a high-performing team in a cutting-edge SOC where you'll oversee investigations, respond to incidents, provide customer-facing communication, and ensure operational excellence within the SOC. Location: Remote Hours: 09:00-17:30 (no on-call) Reports To: SOC Manager Key Responsibilities: Lead investigations into security incidents, breaches, and anomalies escalated to the SOC through the ITSM platform. Work closely with SOC analysts to conduct thorough and prompt analysis. Ensure all investigations are conducted according to established security protocols and procedures. Utilize and fine-tune advanced security tools such as SIEM (Security Information and Event Management), IDS/IPS (Intrusion Detection/Prevention Systems), and EDR (Endpoint Detection and Response) to detect and mitigate potential threats. Serve as a point of contact for customers during security incidents, providing clear, concise, and reassuring communication. Address customer inquiries regarding ongoing incidents and security threats, offering knowledgeable responses and technical clarity. Conduct regular service delivery meetings with clients to enhance satisfaction and ensure their needs are being met during and after incidents. Ensure that security incidents are reported in a timely and accurate manner to senior management and relevant stakeholders. Provide guidance and mentorship to SOC analysts through regular one-on-one sessions. Set high standards for behavior and performance and support the professional growth of the team. Identify training gaps and arrange development opportunities to ensure the SOC team maintains up-to-date knowledge of the latest security trends and tools. Foster a high-performance team culture, recognizing achievements and addressing any challenges that may arise within the team Experience: 3-5 years of experience in a SOC where you've had some leadership responsibilities. Able to discuss IR engagements you've had experience with: Ransomware Attacks, Malicious Insider, Malware Investigation Proficient in using and managing SIEM systems, IDS/IPS, EDR, and other security technologies. Familiarity with Microsoft environments and associated security tools is highly desirable. Experience with SOAR capabilities, including security orchestration, automation of workflows, and incident response playbook development, to streamline and enhance operational efficiency in security processes. Proven ability to lead investigations and manage escalated security incidents, ensuring prompt resolution and minimal impact. Ability to remain composed under pressure and effectively lead teams during high-stress incidents. Desirable Skills: Experience with Microsoft-based security solutions and technologies. You may also use Crowdstrike, Darktrace, Elastic etc. Certifications: GCIH, GCFA, MS certs etc.