and drive continuous improvement across detection, response, and automation. This pivotal role requires deep expertise in IBM QRadar, with a strong focus on playbook development, analytical rule creation, and threat modelling. The Senior SOC Engineer will play a key role in building and optimising detection and response strategies, ensuring robust protection against evolving threats. Key Responsibilities SIEM Engineering & Management … Deploy, configure, and maintain the QRadar SIEM platform. Onboard and normalise log sources across on-premises and cloud environments. Develop and optimise analytical rules for threat detection, anomaly detection, and behavioural analysis. Playbook Development & Automation Design and implement incident response playbooks for scenarios such as phishing, lateral movement, and data exfiltration. Integrate playbooks with SOAR platforms (e.g., Microsoft Logic … Apps, XSOAR) to streamline triage and automate response. Refine playbooks based on threatintelligence and incident insights. Threat Detection & Response Monitor and analyse security alerts and events to identify potential threats. Conduct investigations and coordinate incident response activities. Collaborate with threatintelligence teams to enhance detection logic. Threat Modelling & Use Case Development Lead threatMore ❯
Glasgow, Scotland, United Kingdom Hybrid / WFH Options
Anson McCade
What you’ll be doing Leading investigations into escalated security events and incidents Driving containment, remediation, and root-cause analysis for major incidents Performing malware analysis, reverse engineering, and threat hunting Developing and optimising SIEM use cases (Splunk, QRadar) Shaping SOC runbooks, playbooks, and incident response procedures Supporting client stakeholders with incident reporting and recommendations Staying ahead of emerging … threats and integrating threatintelligence Acting as an escalation point and guiding L1/L2 analysts What we’re looking for 2–5 years in cyber security, ideally SOC or incident response Strong experience with Splunk and/or QRadar (other SIEMs considered) Good understanding of incident response, DFIR, malware analysis Knowledge of network traffic flows, vulnerability management More ❯
Glasgow, Scotland, United Kingdom Hybrid / WFH Options
Anson McCade
develop detection signatures. Provide incident response leadership, from containment and eradication to recovery. Collaborate with cross-functional teams and external parties (forensics, law enforcement, clients). Stay current on threatintelligence and integrate insights into monitoring processes. Contribute to the creation and refinement of runbooks, playbooks, and incident response documentation. Support pre-sales activities, solution scoping, and client More ❯
milton, central scotland, united kingdom Hybrid / WFH Options
Anson McCade
develop detection signatures. Provide incident response leadership, from containment and eradication to recovery. Collaborate with cross-functional teams and external parties (forensics, law enforcement, clients). Stay current on threatintelligence and integrate insights into monitoring processes. Contribute to the creation and refinement of runbooks, playbooks, and incident response documentation. Support pre-sales activities, solution scoping, and client More ❯
paisley, central scotland, united kingdom Hybrid / WFH Options
Anson McCade
develop detection signatures. Provide incident response leadership, from containment and eradication to recovery. Collaborate with cross-functional teams and external parties (forensics, law enforcement, clients). Stay current on threatintelligence and integrate insights into monitoring processes. Contribute to the creation and refinement of runbooks, playbooks, and incident response documentation. Support pre-sales activities, solution scoping, and client More ❯
develop detection signatures. Provide incident response leadership, from containment and eradication to recovery. Collaborate with cross-functional teams and external parties (forensics, law enforcement, clients). Stay current on threatintelligence and integrate insights into monitoring processes. Contribute to the creation and refinement of runbooks, playbooks, and incident response documentation. Support pre-sales activities, solution scoping, and client More ❯
clients (weekly/monthly). Oversee vulnerability management efforts including scanning, prioritisation, risk communication, and remediation coordination. Ensure IDS/IPS systems are maintained and aligned with the latest threat intelligence. Work closely with the Senior Service Delivery Manager to identify process improvements and implement best practices. What You'll Bring 10+ years of experience in technical support for More ❯