Evalian is a UK based consultancy specialising in cyber security, penetration testing, data protection and ISO compliance. We are excited to be expanding our cyber security offering to encompass managed security services, specialising in security monitoring, threat detection, and response. As we expand, we are looking for a motivated and enthusiastic SOC Analyst to join our team and help protect our customers from cyber threats. This is an entry-level role, perfect for someone passionate about cybersecurity who wants to build a career in security operations.
We are seeking a Level 2 SOC Analyst to join our growing team, someone who brings hands-on security experience, sharp analytical thinking, and a passion for proactive defence.
The Role
As an L2 SOC Analyst, you’ll play a key role in the ongoing protection of Evalian’s customers. Acting as an escalation point for L1 analysts, you’ll perform advanced triage, investigation, containment, and remediation of security incidents across multiple environments.
You’ll work with modern security tooling including Microsoft Sentinel, Defender XDR, EDR platforms, and cloud-native threat detection systems. You’ll also contribute to improving detection logic, playbooks, and operational processes as part of a collaborative and continuously improving SOC team.
This role includes participation in an on-call rotation to provide out-of-hours escalation support for high-severity incidents. On-call duties are shared evenly across the SOC team and are compensated in addition to base salary.
Responsibilities
- Act as the primary escalation point for L1 SOC analysts, validating and investigating escalated alerts.
- Perform detailed analysis of SIEM, EDR, and threat intelligence data to determine root cause, scope, and impact of incidents.
- Lead incident response and containment actions under guidance from senior SOC engineers or the SOC Lead.
- Create, test, and tune detection rules, correlation queries, and automated playbooks in SIEM and SOAR platforms.
- Collaborate with customers to provide context, remediation recommendations, and post-incident summaries.
- Identify and document emerging threats and adversary techniques relevant to customer environments.
- Participate in threat hunting and continuous improvement of detection coverage and workflows.
- Maintain detailed and accurate records of investigations and actions in the SOC ticketing system.
- Mentor and support L1 analysts by sharing knowledge and improving triage procedures.
Skills and qualifications
Essential
- 1-4 years of experience in a SOC, MDR, or incident response environment.
- Strong analytical and problem-solving skills with attention to detail.
- Great understanding of attack techniques (MITRE ATT&CK), threat actor behaviour, and defensive controls.
- Hands-on experience with SIEM platforms (preferably Microsoft Sentinel or similar).
- Familiarity with EDR/XDR solutions such as Defender for Endpoint, CrowdStrike, or SentinelOne.
- Working knowledge of network security fundamentals, including TCP/IP, firewalls, and intrusion detection.
- Understanding of Windows, Linux, and cloud environments (Azure, AWS, or GCP).
- Excellent written and verbal communication skills, particularly for incident reporting.
- Ability to work independently and collaboratively in a fast-paced environment.
Desirable (Not required but a plus)
- Scripting or automation skills (Python, PowerShell, etc.).
- Industry certifications such as CompTIA Security+, Microsoft SC-200, or GIAC (GCIH, GCIA).
- Exposure to threat intelligence analysis or incident response frameworks.
What we offer
- Guided internal training and industry standard certifications
- Exposure to real-world cybersecurity incidents and hand-on experience
- Opportunities for career growth within our SOC team.
- Flexible work environment
- BBQ Thursdays
The package
The salary will depend on your experience and qualifications but will be in the range of £35,000 - £45,000 plus benefits.
Employees get 25 days of annual leave per year plus your birthday day off and access to our pension scheme. Benefits include private medical insurance, dental cashback, optical cashback and life insurance cover.
Hours: Monday to Friday, 9:00–17:30
Location and minimum requirements
This role is in-office based near Winchester in Colden Common to support training and focus on team-relationship building and fostering a strong team culture. After probation and training period, you will have the option to transition to a hybrid working arrangement.
From time to time, you may be asked to attend client sites, or we may request you attend our offices or events for various purposes, but we’ll always provide you with advance notice. Travel expenses will be reimbursed.
When home-based, you'll need to have a dedicated, secure, working area and reliable internet connection.
We are committed to encouraging equality, diversity and inclusion among our workforce, and eliminating unlawful discrimination
Agencies
We are not working with agencies at this time. Thank you.