Job description
We are seeking a dedicated L1 Cyber Engineer to join our team on a 4-on, 4-off shift rotation, working 6:00 AM – 6:00 PM. This hybrid role offers flexibility, allowing remote work on weekends and office attendance only when shifts fall on Tuesdays, Wednesdays, or Thursdays.
The L1 Cyber Engineer is a junior level position. Working as part of a team the SOC Engineer’s primary role is to work on helpdesk tickets for our Managed Security Services (MSS) department.
The position is dual rolled, combining a Cyber Security Analyst and a Network Security Engineer at a junior level. This role will build a foundation across all aspects of MSS technologies, allowing for the candidate to develop their own career path within VirtualArmour.
We are seeking an L1 Cyber Engineer to join our MSS team in a Managed Security Service Provider (MSSP) environment. This role is focused on high-volume alert and ticket triage, customer-facing escalations, and first-level security investigations. The ideal candidate has strong foundational knowledge of SIEM, XDR, and EDR concepts, excellent communication skills, and the ability to follow playbooks while thinking critically under pressure.
Key Responsibilities
- Monitor and triage security and network alerts from network monitoring, EDR/XDR, SIEM, and related security tooling; prioritize incidents based on risk and business impact.
- Investigate endpoint threats (malware, ransomware, credential theft, persistence, lateral movement) using Microsoft Defender for Endpoint (MDE), CrowdStrike EDR, SentinelOne EDR, and Stellar Cyber XDR.
- Identify common attack patterns (phishing, malware execution, credential abuse, lateral movement, persistence indicators) and recommend next steps.
- Escalate complex or high-severity incidents to Tier 2/IR with high-quality handoffs (evidence, hypotheses, affected entities, attempted actions).
- Support ongoing investigations by collecting additional artifacts/logs, re-checking endpoints, and monitoring for recurrence.
- Document findings clearly in the ticketing system, ensuring complete timelines, evidence, and actions taken.
- Follow SOC runbooks, playbooks, and standard operating procedures (SOPs) consistently.
- Participate in shift handovers and maintain accurate case notes to ensure continuity of operations.
- Identify recurring false positives, detection gaps, and tuning opportunities; propose improvements to content/rules and playbooks.
- Stay up to date on information technology trends and security standards.
- Adhere to company-wide best practices for IT security.
Experience
Required
- A strong desire to work in either Cyber security or Network security fields
- Strong understanding of SIEM, XDR, and EDR fundamentals (telemetry types, detection logic, correlation, and response workflows).
- Understanding of attack lifecycle concepts (MITRE ATT&CK basics, NIST, Lockhead Martin etc.).
- Ability to analyze endpoint and security logs (Windows Event Logs concepts, process/parent-child relationships, network indicators).
- Ability to demonstrate an understanding of IP protocols like DHCP, FTP/SFTP, HTTPS/HTTPS, TCP/UDP, SSH etc.
- Strong written communication and ticket hygiene (clear summaries, evidence-based conclusions).
- Comfort working in a 24x7 SOC environment and meeting SLA-driven targets.
- Team player with strong collaboration skills and a flexible approach to problem solving.
Qualifications
- 6 months - 2 years in a SOC, MSSP, or IT security operations role (internship/coop considered).
- A bachelor's degree in cyber security or related field, or equivalent level of experience within IT.
- Certifications (nice to have): CompTIA Security+, SC-200, CCNA, or vendor-specific endpoint/SIEM training.
Work Schedule & Hybrid Working:
- 4 on, 4 off shift rotation.
- If your shift falls on a weekend, you can work from home.
- If your shift falls on a Tuesday, Wednesday, or Thursday, office attendance is required (Middlesborough).
- If your shift falls on Monday or Friday, work location is flexible.
Job Types: Full-time, Permanent
Pay: £26,000.00 per year
Benefits:
- Casual dress
- Company pension
- On-site parking
- Private medical insurance
Ability to commute/relocate:
- Middlesbrough TS2 1AE: reliably commute or plan to relocate before starting work (required)
Application question(s):
- Do you currently have the unrestricted right to work in the UK without the need for visa or sponsorship?
Education:
Licence/Certification:
- CompTIA Security+ (preferred)
- Cisco CCNA (preferred)
Work authorisation:
- United Kingdom (required)
Location:
- Middlesbrough TS2 1AE (preferred)
Work Location: Hybrid remote in Middlesbrough TS2 1AE
