Senior SOC Analyst

Senior SOC Analyst - Lead & Deliver

Hybrid (Manchester or Shoreham)

Up to £50k + Benefits

Ready to lead a SOC team while staying hands-on with the technical work you actually enjoy?

Focus Group needs a Senior SOC Analyst who can do both—run daily SOC operations, mentor analysts, and still get stuck into complex threat investigations. This isn't a desk job where you lose touch with the technical side. You'll be leading by example.

You'll oversee our SOC's day-to-day operations, manage Tier 1-2 analysts, and act as the primary escalation point for investigations that need serious technical depth. Think advanced threat hunting, detection tuning, and coordinating response activities across diverse customer environments—while building the capability of your team and shaping how we deliver managed security services.

What you'll be doing:

Leading daily SOC operations—triage workflows, escalation management, SLA adherence, and customer communication. You'll conduct quality reviews, support customer onboarding, and work directly with our Cyber Security Technical Lead on detection strategy and service maturity improvements.

On the technical side, you'll handle complex investigations across SIEM, EDR, and cloud platforms, perform proactive threat hunting to improve detection coverage, analyse logs and endpoints for malicious behaviour, and produce clear incident reports for customers and internal stakeholders. You'll also engage directly with clients during escalations and threat briefings—building trusted advisor relationships while maintaining operational excellence.

You're not just managing tickets. You're identifying automation opportunities, improving detection logic, contributing to playbook development, and keeping the team sharp on emerging threats and MITRE ATT&CK developments.

You'll bring:

• 4-6 years' SOC or MSSP experience operating at Tier 2-3 or Lead level
• Strong hands-on experience with SIEM platforms like Microsoft Sentinel, LogPoint, Splunk, or Elastic
• Solid EDR platform skills—Microsoft Defender for Endpoint, Bitdefender, SentinelOne, or similar
• Deep understanding of MITRE ATT&CK framework, TTPs, and detection engineering principles
• Proven ability in log analysis, threat investigation methodologies, and incident response
• Leadership experience—team management, mentoring, and operational oversight
• Strong written communication for producing concise incident reports and customer updates
• Calm decision-making during critical incidents with the ability to manage multiple concurrent investigations
• Genuine interest in developing junior analysts and improving team capability

Nice to have:

Certifications like Microsoft SC-200, GCIA, GCIH, BTL1, or CompTIA Security+

MSSP/MDR experience across multiple customer environments

KQL expertise for log analysis and detection development

Scripting skills in PowerShell or Python

Threat intelligence platform experience

Familiarity with compliance frameworks (Cyber Essentials, ISO 27001, NIST)

Why this role matters:

We're a 1,300-person Microsoft partner backed by HG Capital with serious growth ambitions. Our SOC is central to that strategy, and we need someone who can scale operations without losing quality. You'll have clear progression pathways toward SOC Manager, Cyber Security Technical Lead, Detection Engineering Lead, or advisory services roles.

This is a dual-role position—technical expert and operational leader. If you want to stay technical while developing leadership skills, this is the right move.

Hybrid working from Manchester or Shoreham. Salary up to £50k depending on experience, plus benefits.