SOC Engineer - 6 Month FTC

SOC Engineer - SIEM, Exabeam, SOAR, EDR, IDS/IPS, MITRE, Azure, SC-200, SC-100,

Our leading global law firm client are currently looking to take on a new SOC Engineer (SIEM, Exabeam, SOAR, EDR, IDS/IPS, MITRE, Azure, SC-200, SC-100) to join their team on a contractual basis. The firm are an extremely modern law firm which offer a healthy hybrid working solution 2-3 days per week in London and offer a great deal of autonomy and technical exposure.

This SOC Engineer (SIEM, Exabeam, SOAR, EDR, IDS/IPS, MITRE, Azure, SC-200, SC-100) role, will be responsible for the enhancement of existing SIEM platform and improve performance, coverage and fidelity by conducting regular assessments of the SIEM architecture.

To be considered for this SOC Engineer (SIEM, Exabeam, SOAR, EDR, IDS/IPS, MITRE, Azure, SC-200, SC-100)Defender) role, it's ideal you have:

  • 3 + years within a similar role
  • Ideal but not required law firm experience
  • Security qualifications such as CISSP, CISM, CEH, CompTIA Sec+ or others

SIEM Engineering & Maturity

  • Enhance and optimise the existing SIEM platform to improve performance, coverage, and fidelity.
  • Conduct regular assessments of SIEM architecture and propose improvements to ingestion pipelines, parsing rules, correlation logic, and storage management.
  • Implement automation and orchestration components (SOAR) to streamline incident response activities.

Log Source Onboarding & Integration

  • Identify, prioritise, and onboard new log sources from cloud, on-prem, network, endpoint, identity, and application platforms.
  • Develop and maintain custom parsers, connectors, and ingestion playbooks.
  • Work with internal teams and vendors to ensure high-quality, reliable telemetry and error-free ingestion.

Use Case & Detection Content Development

  • Design, implement, test, and tune detection use cases based on attacker techniques (MITRE ATT&CK), threat intelligence, and risk appetite.
  • Build correlation rules, anomaly-based detections, dashboards, and alerting workflows.
  • Regularly review detection efficacy and reduce false positives through tuning and logic refinement.

SOC Support & Incident Response

  • Work closely with SOC analysts to validate and refine detection logic.
  • Support incident investigations through SIEM searches, enrichment, and data modelling.
  • Provide technical SME support for complex incidents that require deep SIEM or log knowledge.

Documentation & Governance

  • Maintain high-quality documentation covering data models, feed onboarding, use cases, correlation logic, and architecture.
  • Ensure alignment with internal controls, compliance requirements, and industry standards.

Education, Skills & Experience

Technical Expertise

  • Hands-on experience with leading SIEM platforms (e.g., Exabeam, LogRhythm, ArcSight, Microsoft Sentinel, Splunk, QRadar, Elastic).
  • Strong understanding of log formats (JSON, syslog, XML, CEF, etc.) and ingestion technologies (Syslog, API, Event Hubs, Kafka, Agents).
  • Practical knowledge of detection engineering, threat modelling, and attacker behaviour analysis.
  • Experience building and tuning correlation rules, searches, and dashboards.
  • Familiarity with SOAR platforms and automation workflows.

Security Knowledge

  • Strong understanding of networking, Windows/Linux systems, Cloud platforms (Azure/AWS/GCP), identity systems, and endpoint protection technologies (e.g. SentinelOne and Microsoft Defender)
  • Knowledge of MITRE ATT&CK, cyber kill chain, and threat hunting methodologies.

Must Have

  • Level 4 or higher qualification in a computing subject, or equivalent experience
  • IT experience including both IT Infrastructure and Information Security roles
  • Relevant professional certifications that validate the fundamental skills required to perform the role, e.g. GIAC (GCIA,GCDA,GMON) Microsoft SC-200/SC-100, CompTIA Secure Infrastructure Specialist (CSIS), SSCP/CISSP etc
  • Strong skill level in scripting technologies, including Python, MS PowerShell and PowerApps
  • Ability to conduct research into Infrastructure issues and products as required
  • Self-starting with strong interpersonal, written, and oral communication skills.
  • Ability to engage colleagues at all levels and project a solid, professional attitude consistently.

Nice to have

  • Data Loss Prevention
  • Secure Remote Access solutions
  • Network Security solutions
  • Open Source and Cyber Threat Intelligence
  • Suitable experience working with the market leading technology vendor product suites
  • Experience in software-defined and cloud services such as SaaS, IaaS, PaaS and DaaS
  • Experience in Disaster Recovery Management and Business Continuity
  • Knowledge of applicable data privacy practices and laws
Apply Now
Apply Now

Job Details

Company
Precise Placements
Location
London, South East, England, United Kingdom
Hybrid / Remote Options
Employment Type
Contractor
Salary
£65,000 - £80,000 per annum
Posted