About

My reputable global client is seeking an experienced L3 SOC Analyst with expertise across Microsoft Security stack, including Microsoft XDR, Microsoft Defender, Sentinel, and the wider M365 security ecosystem. You'll be handling IR, threat detection, threat hunting, lead complex investigations and develop advanced detection content. What you'll do: Lead and manage high-severity security incidents from identification through containment, eradication, recovery, and post-incident reportingPerform advanced threat hunting using Microsoft Defender XDR, Sentinel, KQL, and other telemetry sources to identify emerging threats, anomalous behaviour, and undetected malicious activityDevelop, tune, and maintain Sentinel analytics rules, workbooks, playbooks (Logic Apps), and custom detection use cases to improve SOC detection capabilityAct as a subject matter expert for the Microsoft security ecosystem, including Defender for Endpoint, Office 365, Identity, Cloud Apps, Defender for Cloud, and Azure security controlsCreate and maintain Kusto Query Language (KQL) queries, automation workflows, and enrichment logic to enhance detections and investigation efficiencySupport purple-team activities, threat modelling, and attack-simulation scenarios aligned to MITRE ATT&CKProvide technical escalation support and mentorship to L1/L2 SOC analystsPerform root-cause analysis, identify systemic issues, and drive continuous improvement across SOC processes.Collaborate with engineering, cloud, and cybersecurity teams to enhance log ingestion, telemetry quality, and SIEM/SOAR architectureProduce clear, structured incident reports, threat briefs, and stakeholder updates What you'll bring: Extensive hands-on experience with Microsoft Sentinel (SIEM) and Microsoft Defender XDR (formerly M365 Defender)Strong proficiency in KQL