Back to jobs
Senior SOC Analyst
- Posted 10 December 2025
- Salary £55000 - £65000 per annum
- LocationLondon
- Job type Permanent
- Discipline Cyber and Information Security EU , Consulting
- ReferenceBH-226494
Job description
London
Because “fast-paced environment” doesn’t quite capture it…
If you’re the sort of person who needs a 50-page runbook before you take a breath, this probably isn’t for you.
If you like being the person who actually knows what’s going on during an incident — and everyone else quietly looks at you when things get spicy — read on.
What You’ll Actually Be Doing
You’ll be one of the senior operators in a SOC that’s growing, evolving, and occasionally making things up as it goes along (in a good way). That means:
Certs like SC-200, AZ-500, GCIA, GMON, OSCP, CISSP.
(If you don’t have them but know your stuff, no one’s crying about it.)
A Bit About the Culture
Self-starters only.
You’ll be trusted to get on with it — there aren’t guardrails every three feet. If you need structure, it might feel uncomfortable. If you create structure, you’ll thrive.
You’ll work with people who leave ego at the door, handle pressure without theatrics, and communicate like adults. If that sounds refreshing, you’ll fit in nicely.
Interested?
Apply. Worst case, you get a conversation that confirms you’re better than your current job. Best case, you join a SOC that actually lets you do the work you’re good at.
At Investigo, we make recruitment feel easy.
Let’s keep this simple. We’re all about your success, as your success is our business. We are part of The IN Group, a collection of six award-winning specialist brands that supply the globe with end-to-end talent solutions. With recruitment at the core of our business, we’ve been connecting people since 2003.
Data & Privacy
By applying, you consent to Investigo collecting and processing your data for the purpose of recruitment and placement, in accordance with applicable data protection laws. For more information, please refer to our Privacy Notice at investigo.co.uk.
Because “fast-paced environment” doesn’t quite capture it…
If you’re the sort of person who needs a 50-page runbook before you take a breath, this probably isn’t for you.
If you like being the person who actually knows what’s going on during an incident — and everyone else quietly looks at you when things get spicy — read on.
What You’ll Actually Be Doing
You’ll be one of the senior operators in a SOC that’s growing, evolving, and occasionally making things up as it goes along (in a good way). That means:
- Taking the lead on live incidents while keeping clients calm enough not to phone their Board.
- Running investigations end-to-end and explaining them to people who don’t speak KQL but pretend they do.
- Being the point of contact for all things SOC for your clients including reports, comms, escalations, the lot.
- Building and tuning detection content across tools like Sentinel, Datadog, and Elastic.
(If you get a kick out of reducing false positives, this is your Disneyland.) - Designing new queries, automations, and Logic Apps that make analysts’ lives easier and MTTR shorter.
- Onboarding new data sources, validating telemetry, mapping visibility to MITRE, and closing gaps that keep you awake at night.
- Owning documentation that people actually read, because you’ve made it good enough that they don’t dread opening it.
- Helping shape the SOC roadmap so the team evolves on purpose — not just by accident.
- Sitting in endless layers of approval chains.
- Asking permission to improve things.
- Being babysat.
- Working fully remote — sorry, but great teams actually work better when they see each other occasionally.
- A UK university degree in something relevant (computer science, infosec, etc.).
- Fluent business-level English — because clients need clarity, not jargon.
- Strong problem-solving skills and the ability to stay calm when everyone else is dramatically whispering “major incident”.
- Experience writing and tuning detections, building automations, and onboarding logs without breaking everything.
- The confidence to lead investigations, combined with the humility to know when you’ve missed something.
- The ability to mentor junior analysts without turning it into a TED Talk.
- Commercial awareness — not the soul-destroying kind, just enough to spot when a client needs more help than they’re asking for.
Certs like SC-200, AZ-500, GCIA, GMON, OSCP, CISSP.
(If you don’t have them but know your stuff, no one’s crying about it.)
A Bit About the Culture
Self-starters only.
You’ll be trusted to get on with it — there aren’t guardrails every three feet. If you need structure, it might feel uncomfortable. If you create structure, you’ll thrive.
You’ll work with people who leave ego at the door, handle pressure without theatrics, and communicate like adults. If that sounds refreshing, you’ll fit in nicely.
Interested?
Apply. Worst case, you get a conversation that confirms you’re better than your current job. Best case, you join a SOC that actually lets you do the work you’re good at.
At Investigo, we make recruitment feel easy.
Let’s keep this simple. We’re all about your success, as your success is our business. We are part of The IN Group, a collection of six award-winning specialist brands that supply the globe with end-to-end talent solutions. With recruitment at the core of our business, we’ve been connecting people since 2003.
Data & Privacy
By applying, you consent to Investigo collecting and processing your data for the purpose of recruitment and placement, in accordance with applicable data protection laws. For more information, please refer to our Privacy Notice at investigo.co.uk.
