IT Specialist - SOC and SIEM

As an IT Specialist in SOC and SIEM, you will play a vital role in strengthening the organisation’s detection and response capabilities. Reporting to the IT Manager – SOC and SIEM, you will deliver technical processes and controls across SOC operations, SIEM optimisation, Vulnerability & Patch Management, Incident Response & Disaster Recovery, and Asset & Threat Discovery. 

You will work collaboratively with SOC analysts, IT operations, engineering, and risk teams to ensure rapid detection and timely remediation of security incidents. This role requires strong technical expertise, meticulous attention to detail, and a proactive approach to improving operational resilience. 

We are committed to building a diverse, inclusive, and high-performing security function. In this role, you will be supported and empowered to develop your skills, contribute to innovation, and help protect the organisation. 

Key Responsibilities 

• Maintain and optimise SIEM platforms for accurate log ingestion, parsing, and correlation. 

• Develop and tune detection rules, dashboards, and automated alerts to improve threat visibility and reduce false positives. 

• Integrate threat intelligence feeds and ensure alignment with frameworks such as MITRE ATT&CK for comprehensive detection coverage. 

• Support SOC operations by improving triage workflows and operational efficiency. 

• Automate vulnerability scanning across endpoints, servers, and cloud workloads; coordinate patch deployment processes with IT teams to minimise exposure windows. 

• Track remediation progress and verify fixes through re-scan and compliance reporting. 

• Assist in developing and maintaining incident response and disaster recovery playbooks for common attack scenarios. 

• Participate in planning and executing tabletop exercises and simulations to validate readiness and response times. 

• Support containment, eradication, and recovery activities during live incidents, providing technical input for root cause analysis and corrective actions. 

• Implement continuous asset discovery tools to maintain an accurate inventory of systems and services; ensure asset data feeds into CMDB and SIEM for correlation and reporting. 

• Deploy threat discovery solutions to identify emerging risks and anomalous behaviours proactively. 

• Maintain accurate records of incidents, vulnerabilities, and remediation status; support audit preparation for Cyber Essentials, ISO 27001, and internal governance reviews. 

• Contribute to the development and update of security policies, standards, and operational procedures. 

• Proactively identify opportunities to improve detection and response workflows and strengthen the organisation’s security posture. 

Personal Attributes 

• Demonstrates meticulous attention to detail in all aspects of detection, configuration, and documentation. 

• Applies strong analytical thinking to interpret complex alerts and prioritise effective remediation. 

• Collaborates effectively with colleagues across SOC, IT, engineering, and risk teams, building positive working relationships. 

• Communicates clearly and confidently, adapting technical information for both technical and non-technical audiences. 

• Proactively identifies and acts on opportunities to improve operational resilience and reduce risk. 

• Maintains the highest standards of integrity, confidentiality, and professional conduct at all times. 

• Adapts positively to changing priorities and remains resilient under pressure. 

Key Performance Indicators 

• Reduction in Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR). 

• Timely closure of vulnerabilities and patch compliance within SLA. 

• Successful completion of incident response and disaster recovery exercises, with improvement in readiness scores. 

• Accuracy of asset inventory and threat discovery coverage. 

• Audit readiness and successful evidence submission. 

Candidate Specification 

Essential 

• Demonstrable hands-on experience with SIEM platforms and SOC operations within a complex enterprise environment. 

• Strong knowledge of detection engineering, vulnerability management, patching processes, and incident response/disaster recovery frameworks. 

• Practical experience with asset discovery tools, threat detection methodologies, and remediation processes. 

• Experience supporting or preparing for security audits and maintaining compliance evidence. 

• Ability to interpret and apply security policies, standards, and regulatory requirements. 

• Strong problem-solving skills, with the ability to analyse technical issues and recommend effective solutions. 

• Excellent written and verbal communication skills, able to document findings and engage with both technical and non-technical stakeholders. 

• Proven ability to work independently and as part of a team, managing multiple priorities in a fast-paced environment. 

Desirable 

• Industry certifications such as CISSP, CCSP, or equivalent. 

• Experience with automation tools, vulnerability scanners, and EDR/XDR platforms. 

• Exposure to frameworks and standards such as MITRE ATT&CK, ISO 27001, NIST CSF. 

• Experience participating in incident response activities and post-incident reviews. 

• Awareness of automation and scripting for security operations.