Microsoft Security Operations Centre (SOC) Analyst – T2 & T3
(Security Clearance Required)
Preferred Location - Newcastle
Job Description
The SOC Analyst Team operates as a next‑generation, intelligence‑led Security Operations function, designed to deliver high‑quality, scalable 24×7 security monitoring and response.
All SOC analysts participate in a 24×7 shift model, ensuring uninterrupted service coverage, while also contributing to detection improvement, automation feedback, and service optimisation when operational demand allows.
Tier 2 – SOC Analyst
Technology Primary – Microsoft Sentinel & Service Now.
Role Purpose
Tier 2 SOC Analysts represent the primary human analysis function, responsible for investigating escalated alerts and incidents that require human judgement, contextual understanding, and analytical depth.
Key Responsibilities
Perform deep investigation of escalated alerts and incidents from automated Tier 1 workflows
Validate threats, scope impact, and determine severity using contextual analysis
Investigate across multiple data sources, including:
Coordinate and execute response actions in line with:
Maintain clear, high‑quality investigation documentation and handover notes
Operational Expectations
Operate as part of a 24×7 shift rota
Maintain accountability for investigation accuracy and quality
Escalate complex or ambiguous cases to Tier 3 appropriately
Provide structured feedback into:
Continuous Improvement Contributions
When operational demand allows, Tier 2 analysts are expected to contribute insight time to platform improvement activities, supporting the Platform Automation Lead through:
Identification of repeatable investigation patterns
Feedback on automation opportunities
Playbook refinement and improvement
Detection logic tuning recommendations
Tier 3 – Senior SOC Analyst / Incident Specialist
Role Purpose
Tier 3 analysts provide advanced security expertise and escalation handling, focusing on complex, high‑risk, or ambiguous security incidents and ensuring consistent investigation quality across the SOC.
Key Responsibilities
Handle escalations involving:
High‑impact or business‑critical incidents
Advanced or evasive attacker techniques
Ambiguous or novel threat behaviour
Conduct advanced threat analysis, including:
Attacker behaviour and intent assessment
Cross‑incident correlation
Campaign and intrusion analysis
Provide oversight and quality assurance of Tier 2 investigations
Lead complex incident response coordination where required
Leadership & Mentorship
Participate in 24×7 escalation coverage, via on‑call or senior shift roles
Act as a technical mentor to Tier 2 analysts
Support analyst development through coaching and investigative guidance
Set investigation and response quality standards across the SOC
Platform & Automation Feedback
Like Tier 2, Tier 3 analysts are expected to provide structured feedback into platform and automation initiatives, working indirectly with the Platform Automation Lead to:
Improve detection fidelity
Reduce repeat incident patterns
Increase automation coverage over time
Ensure complex incidents inform long‑term service improvement
