Incident Response (CSIRT) / SOC Level 3 Analyst

Incident Response (CSIRT) / SOC Level 3 Analyst

Location: Crawley (Hybrid)
Department: Information Systems
Type: Contract | Full-time
Outside IR35
About the Role

My client is seeking an experienced Incident Response (CSIRT) / Security Operations Centre (SOC) Level 3 Analyst to join their Information Systems directorate, based in Crawley.

In this critical role, you'll respond to high-severity cyber incidents and escalated security events, leveraging your technical expertise, analytical mindset, and industry-standard tools to contain, eradicate, and recover from cyber threats. Your work will directly contribute to safeguarding my client's network systems, operational technology, and customer data from emerging and sophisticated cyber risks.

Key Responsibilities

• As a senior member of the Security Operations team, you will:
• Lead the response to escalated and high-severity cyber incidents, ensuring rapid containment and recovery.
• Conduct advanced threat hunting across IT and OT environments to identify and eliminate hidden threats.
• Develop and enhance SOC policies, playbooks, and incident response processes to align with industry best practices.
• Collaborate with the Managed Security Service Provider (MSSP) and internal teams to ensure complete log source integration and effective alert correlation across cloud and on-prem environments.
• Support and develop the organisation's SOAR platform, creating automated workflows and improving response efficiency.
• Perform digital forensics investigations, analysing logs, network data, and system artefacts to determine root causes.
• Participate in cyber crisis simulation exercises and continuous improvement initiatives to enhance resilience.
• Contribute to security audits and compliance efforts (e.g. ISO 27001, NCSC CAF, GDPR).
• Mentor Level 1 and Level 2 SOC Analysts, helping to build team capability and knowledge.

About You

• You'll bring a combination of technical expertise, analytical acumen, and a collaborative approach to problem-solving.

Essential Qualifications & Experience

• Proven experience in a SOC Level 2 or Level 3 role, with demonstrable expertise in incident response and advanced threat hunting.
• A degree in Computer Science, Cybersecurity, IT, or a related discipline, or equivalent professional experience.
• Industry-recognised certifications such as CISSP, GIAC/GCIA/GCIH, AZ-500, CEH, CASP+, or SIEM-specific training.
• Strong knowledge of SIEM, SOAR, EDR, IDS/IPS, NAC, DLP, and related security technologies.
• Familiarity with frameworks such as MITRE ATT&CK, NIST, CIS, and ISO/IEC 27001/27002.
• Hands-on experience with tools such as FortiSIEM, Q-Radar, Microsoft Defender, Darktrace, Microsoft Sentinel, or similar platforms.
• Experience in forensic analysis, red-team exercises, and crisis simulation activities.

Desirable

• Experience managing or supporting both IT and OT environments.
• In-depth understanding of adversarial TTPs and complex threat landscapes.