L2 SOC Incident Responder

Hiring an experienced L2 SOC Incident Responder to strengthen a growing cyber defence function. This role is ideal for someone who enjoys deep-dive investigations, owns incidents end-to-end, and wants real influence over detection and response maturity.

What you’ll be doing

• Investigate and validate security incidents escalated from L1, performing in-depth log, packet and endpoint analysis to determine impact and scope.
• Lead containment and eradication actions across endpoints, network, cloud and identities, working closely with IT and security engineering teams.
• Tune SIEM rules, use-cases and security tooling to reduce false positives and improve detection quality over time.
• Contribute to playbooks and incident response procedures, and support post-incident reviews and reporting.
• Stay current on emerging threats, TTPs and vulnerabilities, applying relevant threat intelligence to ongoing investigations.

What we’re looking for

• 2–4 years’ hands-on experience in a SOC / incident response role (L2 or strong L1 ready to step up).
• Solid experience with SIEM platforms and EDR tools, plus comfort working with logs from firewalls, proxies, servers and cloud environments.
• Good understanding of core security concepts such as incident handling, malware, lateral movement, phishing, and common attack techniques (MITRE ATT&CK familiarity a plus).
• Strong analytical mindset, clear communication skills, and the ability to remain calm and structured during live incidents.

Nice to have

• Experience contributing to or running incident response playbooks and table-top exercises.
• Relevant certifications such as GCIA, GCIH, GCED, CySA+, or equivalent practical experience.

How to apply

If this sounds like your next step, please apply with your CV or reach out directly for a confidential discussion. Shortlisted candidates will be contacted to discuss the environment, team setup and progression path in more detail.