A skilled SOC Engineer is required to support the design, configuration, and optimisation of a mature security operations capability within a critical public sector environment. The successful candidate will be responsible for the deployment, tuning, and continual improvement of advanced detection and response tooling, with a focus on the Microsoft Security Stack and Azure-native technologies.

This is a hands-on engineering role with cross-functional engagement across detection teams, infrastructure, and threat response.

Key Responsibilities

• Engineer and maintain security tooling, including:
  • Microsoft Sentinel – connector management, rule tuning, data enrichment
  • Microsoft Defender solutions (Endpoint, Identity, Cloud Apps)
• Develop and refine detection logic using KQL, and implement SOAR playbooks via Logic Apps.
• Integrate data sources from hybrid environments (cloud/on-premise) into the SIEM.
• Optimise alert fidelity and reduce false positives through rule refinement and log tuning.
• Support the SOC function by identifying and addressing detection gaps.
• Collaborate with infrastructure and operations teams to ensure telemetry quality and visibility.
• Contribute to engineering playbooks, architectural documentation, and automation pipelines.
• Support threat hunting, red/blue team simulation readiness, and post-incident forensic analysis.