Senior SOC Analyst - Public Sector

**Introduction** At IBM Consulting UK FutureNow, you'll build a career at the forefront of hybrid cloud and AI, working with leading clients across the public and private sectors. You'll collaborate with top industry professionals, gain hands on experience with cutting edge technologies, and deliver solutions that create real business impact. From day one, you'll work on meaningful, high profile programmes that stretch your skills and accelerate your growth. We invest heavily in you--supporting continuous learning, in demand skills development, and long term career progression. You'll thrive in a flexible, inclusive environment that values curiosity, encourages reinvention, and recognises what makes you unique. We offer: * Tools and policies to support your work-life balance from flexible working approaches, sabbatical programs, paid paternity leave, maternity leave and an innovative maternity returners scheme * More traditional benefits, such as 25 days holiday (in addition to public holidays), private medical, dental & optical cover, online shopping discounts, an Employee Assistance Program, life assurance and a group pension plan through salary sacrifice. **Your role and responsibilities** As a Technical Consultant specialising in Threat Detection, Response & Intelligence, you will support and lead the monitoring, detection, and initial response to cyber security threats within a 24×7 SOC consulting environment. You will play a key role in maintaining operational excellence on shift, supporting incident investigation, and ensuring consistent delivery of high-quality security operations across client environments. Working across SIEM platforms, security tooling, and incident response workflows, you will help ensure threats are identified, triaged, and escalated effectively, while contributing to the continuous improvement of SOC processes and capabilities. This is a hands-on operational role with responsibility for incident leadership, team support, and quality assurance, alongside exposure to client environments and senior stakeholders. Key Responsibilities: • Monitor, triage, and investigate security alerts and incidents across a range of SIEM and security platforms • Lead or support incident response activities, including: o Initial investigation o Containment coordination o Escalation to relevant teams • Act as a senior presence on shift, supporting Tier 1/2 analysts and ensuring smooth SOC operations • Drive incident quality and consistency, ensuring playbooks and procedures are followed • Support major incident initiation and coordination, including communication across technical and non-technical stakeholders • Analyse security events and identify: o Patterns o Threat behaviours o Opportunities for improvement • Contribute to playbook development and refinement, improving SOC efficiency and response capability • Work with detection and engineering teams to: o Improve alert quality o Reduce false positives o Support operational effectiveness • Produce clear and structured incident reports and handovers • Participate in shift handovers, retrospectives, and continuous improvement activities • Support client interactions where required, providing updates and operational insights **Required technical and professional expertise** Required Professional and/or Technical Expertise: • Proven experience working in a SOC environment (L2 / L3 level) within a 24×7 operational setting • Strong experience with SIEM platforms, such as: o Microsoft Sentinel, QRadar, Splunk, Elastic or similar • Practical experience in: o Incident triage and investigation o Security event analysis o Alert validation and escalation • Understanding of: o Incident response processes and workflows o Threat detection methodologies • Exposure to security tooling, such as: o EDR/XDR platforms o Network security technologies o Identity and access systems • Ability to interpret logs and identify suspicious behaviour across: o Endpoints o Networks o Cloud environments • Strong communication skills, with the ability to clearly articulate incidents and risks • Experience working in client-facing or service-based environments This role is subject to pre-employment screening in line with the UK Government’s Baseline Personnel Security Standard (BPSS). An additional range of Personal Security Controls referred to as National Security Vetting (NVS) may apply, this could include meeting the eligibility requirements for The Security Check (SC) or Developed Vetting (DV). **Preferred technical and professional experience** Preferred Professional/Technical Expertise: • Experience acting as a shift lead or senior escalation point within a SOC • Exposure to threat hunting or detection improvement activities • Experience working with: o MITRE ATT&CK o Threat intelligence integration • Familiarity with SOAR platforms and automated response workflows • Relevant certifications such as: o SC-200 o GCIH / GIAC o Vendor SIEM certifications • Experience working in regulated or public sector environments • Understanding of SOC performance metrics and continuous improvement approaches IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.