Senior SOC Analyst

Senior Soc Analyst

Phoenix is a leading UK IT solutions and managed service provider, with a deep specialism in the public sector. We work with organisations across government, healthcare, defence, public safety, education, housing, and the charity sector - helping them modernise with confidence across cloud, data and AI, cyber security, and managed services.

Through strategic partnerships with the world's leading technology providers - and a trusted place on the major public sector frameworks - our work has a direct impact on the services that millions of people rely on every day.

Due to continued growth, we are hiring a new Senior SOC Analyst to take a leading role in complex incident response cases, guiding clients through high-severity security events and strengthening our overall SOC capability.

What will you be doing?

• Incident response & forensics: You'll lead major security incidents from detection through remediation, coordinating containment, analysing attacker activity, and supporting clients through critical decision-making.
• Threat hunting & detection engineering: You'll proactively hunt for threats using advanced KQL analytics, enhance SIEM/EDR detections, tune rules, and develop signatures aligned to MITRE ATT&CK.
• Malware analysis & reverse engineering: You'll perform malware triage and behavioural analysis, using reverse-engineering tools when needed to support investigations and strengthen detection coverage.
• Reporting & client communication: You'll produce clear, high-quality investigation reports, timelines, and intelligence summaries that translate technical findings for a range of audiences.
• SOC leadership & continuous improvement: You'll contribute to SOC playbooks, mentor junior analysts, support onboarding of new customers, and help evolve SOC processes and tooling.
• On-call support: You'll participate in the 24×7 on-call rota to provide expert support during critical incidents.

Why should you apply?

At Phoenix, our ambition is to be the UK's leading IT solutions and managed service provider - and we know that only happens because of our people. Culture isn't an afterthought here; it's the thing we work hardest on.

We're proud to be certified as a Great Place to Work®, and to be recognised on their UK Best Workplaces lists for Women, Wellbeing, and Development. These aren't badges we chase - they're the result of how we genuinely choose to treat each other, and how seriously we take our colleagues' careers, health, and lives outside of work.

When you join Phoenix, you can expect:

• A culture built on trust and belonging: set out clearly in our Culture Blueprint, lived day-to-day, and reflected in our consistently strong colleague feedback.
• Real investment in your development: structured learning pathways, funded industry certifications, mentoring, and the encouragement to stretch into new areas.
• A workplace that takes wellbeing seriously: from mental health support and flexible working to active employee networks and a leadership team that listens.
• A commitment to equity and inclusion: where we actively work to make Phoenix a brilliant place to build a career, whoever you are.
• Work that matters: supporting the public sector organisations that keep the UK running, from government and healthcare to defence, public safety, education, housing, and the charities serving the most vulnerable in our communities.
• Working with the best of the industry: alongside genuine experts, and with strategic partnerships across the world's leading technology providers, you'll be at the front of the conversations shaping how UK public services modernise.

We believe in encouraging, supporting, and skilling our people up so that you can be the very best you can be at work - and we'd love you to consider being part of it.

Take a look at our Culture Blueprint to get a real sense of who we are.

What are we looking for?

• A strong background in DFIR, SOC operations, or incident response
• Ability to lead complex investigations and high-severity security incidents
• Confident decision-maker who can guide clients through critical situations
• Strong communicator, able to translate technical findings for any audience
• Collaborative mindset with willingness to work closely across teams
• Ability to mentor junior analysts and support skill development
• Comfortable working in fast-paced, high-pressure environments
• Proactive approach to improving SOC processes, playbooks, and detection capabilities

Key Skills:

• Advanced SIEM expertise (ideally Microsoft Sentinel & Defender XDR)
• Strong DFIR/SOC/incident response experience
• High-level KQL capability
• Python/PowerShell for automation
• Core digital forensics skills
• Experience with Velociraptor, KAPE & sandbox tools
• Solid detection engineering understanding
• Strong technical reporting and documentation skills

Practical stuff

Where is the role based? This role can be fully remote apart from an initial onboarding week on-site in Pocklington.

What are the shift patterns?

9:00am until 5:00pm (Flexible start & finish) with on call responsibilities

What about security clearance? You will need to have lived in the UK continuously for at least 5 years and have no criminal record to achieve the clearance you need for this role. You must also already have/have the ability to obtain NPPV3.

What are the benefits? You can read about the benefits on offer here

Have you made it this far? If you're still reading, we think there's a strong chance you might be our kind of person.

Here's the thing, though — research suggests that 60% of women and underrepresented people might have already talked themselves out of applying. Even if you don't check every box above, we want to encourage you to introduce yourself. We believe a diversity of perspectives and experiences makes a team stronger — and the stronger our team, the more successful we will be.