Overview of the role
Phoenix enables digital transformation in the workplace, empowering UK organisations to innovate and transform with cloud and hybrid infrastructures, data, AI, security, and collaboration tools.
We’re now looking for a Senior SOC Analyst to take a leading role in complex incident response cases, guiding clients through high‑severity security events and strengthening our overall SOC capability.
What will you be doing?
- Incident response & forensics:
You’ll lead major security incidents from detection through remediation, coordinating containment, analysing attacker activity, and supporting clients through critical decision‑making. - Threat hunting & detection engineering:
You’ll proactively hunt for threats using advanced KQL analytics, enhance SIEM/EDR detections, tune rules, and develop signatures aligned to MITRE ATT&CK. - Malware analysis & reverse engineering:
You’ll perform malware triage and behavioural analysis, using reverse‑engineering tools when needed to support investigations and strengthen detection coverage. - Reporting & client communication:
You’ll produce clear, high‑quality investigation reports, timelines, and intelligence summaries that translate technical findings for a range of audiences. - SOC leadership & continuous improvement:
You’ll contribute to SOC playbooks, mentor junior analysts, support onboarding of new customers, and help evolve SOC processes and tooling. - On‑call support:
You’ll participate in the 24×7 on‑call rota to provide expert support during critical incidents.
What are we looking for?
- A strong background in DFIR, SOC operations, or incident response
- Ability to lead complex investigations and high‑severity security incidents
- Confident decision‑maker who can guide clients through critical situations
- Strong communicator, able to translate technical findings for any audience
- Collaborative mindset with willingness to work closely across teams
- Ability to mentor junior analysts and support skill development
- Comfortable working in fast‑paced, high‑pressure environments
- Proactive approach to improving SOC processes, playbooks, and detection capabilities
Key Skills:
- Advanced SIEM expertise (ideally Microsoft Sentinel & Defender XDR)
- Strong DFIR/SOC/incident response experience
- High‑level KQL capability
- Python/PowerShell for automation
- Core digital forensics skills
- Experience with Velociraptor, KAPE & sandbox tools
- Solid detection engineering understanding
- Strong technical reporting and documentation skills
Why you should apply?
At Phoenix, our philosophy is simple – we aim to be the UK’s leading IT solution and managed service provider and that means we recognise that it’s our people who are the heart of everything we do.
We do this by providing the encouragement, support and skill development that you need to be the very best you can be at work. We are proud of our culture, so much so that we have developed our Culture Blueprint which you can read here.
Practical stuff
Where is the role based?
This role can be fully remote apart from an initial onboarding week on-site in Pocklington.
What are the shift patterns?
9:00am until 5:00pm (Flexible start & finish) with on call responsibilities
What about security clearance?
You will need to have lived in the UK continuously for at least 5 years and have no criminal record to achieve the clearance you need for this role. You must also already have/have the ability to obtain NPPV3.
What are the benefits?
You can read about the benefits on offer here 😊
Have you made it this far?
If you’re still reading, we think there’s a strong chance you might be our kind of person.
Here’s the thing, though — research suggests that 60% of women and underrepresented people might have already talked themselves out of applying. Even if you don’t check every box above, we want to encourage you to introduce yourself.
We believe a diversity of perspectives and experiences makes a team stronger — and the stronger our team, the more successful we will be.
