National AI Awards 2025Discover AI's trailblazers! Join us to celebrate innovation and nominate industry leaders.

Nominate & Attend

SOC Security Analyst (Microsoft Sentinel & Defender Specialist)

Whitehall Resources Ltd
Manchester
3 weeks ago
Applications closed

Related Jobs

View all jobs

Product Security Analyst

Graduate Cyber Security Analyst

CyberSecurity Operations Engineer

Senior Information Security Analyst, SOC (Manchester)

Security Analyst

Senior Security Analyst

Social network you want to login/join with:

SOC Security Analyst (Microsoft Sentinel & Defender Specialist), Manchester

col-narrow-left

Location:

Manchester, United Kingdom

Job Category:

Information Technology

EU work permit required:

Yes

col-narrow-right

Job Reference:

BBBH64047_1750251157

Job Views:

21

Posted:

18.06.2025

Expiry Date:

02.08.2025

col-wide

Job Description:

SOC Security Analyst (Microsoft Sentinel & Defender Specialist)

Whitehall resources are looking for an experienced SOC Security Analyst (Microsoft Sentinel & Defender Specialist). This role is hybrid working with 2-3 days per week on site in Manchester, and the remainder remote working, for an initial 6-month contract.

***Inside IR35***
Job Summary:
We are seeking a highly skilled and experienced SOC L3 Analyst with strong engineering knowledge and deep expertise in Microsoft Sentinel and the Microsoft Defender suite. The ideal candidate will take a lead role in advanced threat detection, incident response, detection engineering, and security monitoring, while also optimising license consumption and SIEM integration efforts.

Key Responsibilities:
Advanced Threat Detection & Incident Response
- Investigate and analyze complex security incidents escalated from L1/L2 SOC analysts.
- Leverage Microsoft Sentinel (SIEM) and Microsoft Defender XDR to conduct in-depth incident response.
- Correlate multi-source telemetry (network, endpoint, identity, cloud) to identify and contain threats.
Threat Hunting & Detection Engineering
- Perform proactive threat hunting using KQL within Microsoft Sentinel.
- Develop and fine-tune custom analytics rules, workbooks, and hunting queries.
- Apply the MITRE ATT&CK framework to build coverage and improve threat visibility.
Security Engineering & Platform Management
- Onboard and integrate new data sources into Microsoft Sentinel, ensuring accurate log ingestion and parsing.
- Build and manage data connectors, custom log parsers, and normalisation schemas.
- Collaborate with cloud and infrastructure teams to onboard telemetry from endpoints, identity systems, and SaaS platforms.
License Usage Monitoring & Optimisation
- Monitor Microsoft Sentinel and Defender license consumption on an ongoing basis.
- Analyse and average daily ingestion volumes, ensuring alignment with the procured license limits.
- Recommend optimisation strategies to control costs without compromising visibility or detection capabilities.
Automation & Response
- Design and implement automated response workflows using Sentinel playbooks (Logic Apps).
- Enhance response efficiency by developing SOAR integrations across security tooling.
Documentation & Reporting
- Produce comprehensive incident reports and root cause analyses.
- Maintain technical documentation for use cases, configurations, response procedures, and data source onboarding.
- Generate regular dashboards and reports for SOC leadership and compliance stakeholders.

Required Skills & Qualifications:
- Bachelor’s degree in computer science, Cybersecurity, Engineering, or a related field.
- 5+ years of hands-on experience in cybersecurity operations.
- Minimum 2 years of experience with Microsoft Sentinel and Microsoft Defender suite.
Skills:
- KQL (Kusto Query Language)
- Security architecture and data integration
- Azure and Microsoft 365 security services
- Experience in onboarding and managing log sources in a SIEM.
- Understanding of log ingestion cost management and licensing considerations in Sentinel.
- Familiarity with cloud-native security tools and threat intelligence integration.
- Scripting experience (e.g., PowerShell, Python) is an advantage.
Preferred certifications:
- SC-200: Microsoft Security Operations Analyst
- AZ-500: Microsoft Azure Security Technologies
- GCIA, GCIH, or equivalent

Preferred Personal Attributes:
- Strong analytical and problem-solving mindset.
- Ability to lead under pressure during real-time incidents.
- Clear and effective communicator—both verbal and written.
- Proactive, self-driven, and committed to continuous improvement.

All of our opportunities require that applicants are eligible to work in the specified country/location, unless otherwise stated in the job description.



Whitehall Resources are an equal opportunities employer who value a diverse and inclusive working environment. All qualified applicants will receive consideration for employment without regard to race, religion, gender identity or expression, sexual orientation, national origin, pregnancy, disability, age, veteran status, or other characteristics.


#J-18808-Ljbffr

National AI Awards 2025

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Jobs Careers

Cyber Security Jobs Skills Radar 2026: Emerging Frameworks, Tools & Certifications to Learn Now

Cyber threats are evolving—and so must the people defending against them. As ransomware, AI-enhanced phishing, and supply chain attacks grow more advanced, UK employers are urgently hiring cyber security professionals with the right mix of strategic and hands-on skills. Welcome to the Cyber Security Jobs Skills Radar 2026, your go-to guide for the most in-demand tools, frameworks, certifications, and technologies shaping the UK's cyber workforce. Whether you're a SOC analyst, penetration tester, or cloud security architect, this annual radar is designed to help you stay ahead of the market.

Jobs

How to Find Hidden Cyber Security Jobs in the UK Using Professional Bodies like BCS, CIISec & More

The demand for skilled cyber security professionals in the UK has never been higher. With threats increasing in sophistication and frequency, organisations are urgently hiring ethical hackers, threat analysts, GRC specialists, and security architects. But many of the most valuable roles—particularly in government, defence, and critical infrastructure—are never publicly advertised. Instead, these jobs are shared behind the scenes through trusted networks, private communities, and professional bodies. In this article, we explore how to uncover hidden cyber security jobs in the UK using organisations like the BCS (The Chartered Institute for IT), CIISec (The Chartered Institute of Information Security), ISACA, and ISC² UK Chapter. We’ll show you how to use membership directories, special interest groups, CPD events and informal networks to gain early access to roles most people never see.

Jobs

How to Get a Better Cyber Security Job After a Lay-Off or Redundancy

Redundancy is never easy—especially in a fast-moving field like cyber security, where your skills and experience are constantly evolving. But if you’ve recently been made redundant from a cyber security role, know this: the UK cyber workforce remains in high demand, and your expertise is more valuable than ever. Whether you’re a SOC analyst, penetration tester, incident responder, security architect or GRC specialist, there are still thousands of opportunities across sectors including finance, defence, government, retail, and critical infrastructure. This guide will help you turn redundancy into a career relaunch, with a clear action plan tailored to the UK cyber security job market.

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.