Job Description
We are looking for a SOC Analyst - Level 1 who can take ownership of routine security investigations, not just review alerts and pass them on. The role combines hands-on alert analysis, evidence correlation, clear case documentation, sound recommendations, and reliable handoff quality. This is a shift-based live operations role . You will be expected to work as part of a rota that may include day, late, night, and weekend shifts, with public-holiday coverage only where the agreed service model requires it. Good handover discipline and clear shift continuity are part of the role. This is not just a queue-monitoring role, and it is not a senior incident leadership position. You will be expected to work cases properly, reach a well-supported view of what is happening, and either move the case to closure within your scope or escalate it cleanly when impact, uncertainty, or complexity goes beyond it Must Have: comfort with investigation and alert analysis in a SOC, MDR, or similar operational security environment ability to collect, validate, and correlate evidence across multiple data sources working knowledge of endpoint, identity, email, cloud, and network security concepts familiarity with investigation, monitoring, case-handling, and escalation workflows clear written and verbal communication in English good documentation habits and disciplined escalation judgment willingness and ability to work shift patterns as required by the service model responsible AI literacy, including the ability to use approved AI-assisted workflows cautiously, validate outputs against source evidence, avoid entering customer-sensitive data into unapproved or public AI tools, and avoid treating AI output as evidence, approval, or authority ability to explain why a detection, workflow, or playbook is not working well in practice and suggest useful improvements Nice to Have: 1-4 years of relevant experience in cybersecurity operations, incident analysis, or incident response prior exposure t
