Morson Edge logo

L3 SOC Analyst

Morson Edge
38 minutes ago
Contract
Sussex
United Kingdom
£800 - £800 GBP daily
Job Title: Senior SOC Analyst (L3)/Incident Response Lead

Location: Crawley (Hybrid - 2 days onsite: Monday & Tuesday)
Contract: 6 months (likely extension)
Day Rate: ~£800/day (Outside IR35 likely)

Overview

My client is seeking an experienced Senior SOC Analyst (L3) with strong incident management and leadership capability to join a high-performing cyber security team supporting critical national infrastructure.

This role is focused on leading and managing cyber security incidents, acting as an Incident Commander during high-severity events, while also contributing to BAU SOC activities and continuous improvement initiatives.

Key Responsibilities Incident Management & Leadership

  • Act as Incident Lead/Commander during major cyber incidents

  • Assign tasks clearly across analysts (eg investigations in SIEM, EDR, Firewalls)

  • Manage escalation, stakeholder communication, and decision-making under pressure

  • Take ownership of incidents from identification through to resolution

SOC & Technical Delivery

  • Operate at L3 level across SOC functions, including:

    • Threat hunting

    • Phishing investigations

    • SIEM analysis (eg QRadar or similar)

    • Endpoint security (eg Microsoft Defender)

    • Firewall and network investigations

  • Support and collaborate with MSSPs and internal teams

  • Handle a mix of low-level and high-severity incidents

Continuous Improvement

  • Lead and contribute to post-incident reviews (lessons learned)

  • Identify trends and recurring issues, driving preventative improvements

  • Enhance processes, playbooks, and response procedures

  • Support the organisation's goal of maturing toward a "Gold Standard" incident response capability

Key Requirements Essential Experience

  • Proven experience as a Senior SOC Analyst (L3) or similar

  • Strong track record of leading cyber security incidents end-to-end

  • Experience acting as an Incident Manager/Incident Commander

  • Ability to coordinate teams and direct technical resources during incidents

  • Hands-on experience with:

    • SIEM platforms (eg QRadar, Splunk, Sentinel)

    • Endpoint security tools (eg Microsoft Defender)

    • Network/Firewall analysis

Desirable Experience

  • Exposure to Operational Technology (OT) environments (not essential)

  • Understanding of Critical National Infrastructure (CNI) environments

  • Familiarity with incident response frameworks and maturity models

Key Skills & Attributes

  • Strong leadership and decision-making under pressure

  • Ability to "direct traffic" rather than purely technical execution

  • Proactive mindset - focused on preventing incidents, not just reacting

  • Excellent communication skills, particularly during high-pressure scenarios

Team & Environment

  • Part of a ~12-person L3 cyber security team

  • Works closely with senior leadership and escalation points

  • Hybrid working model with collaboration days in Crawley

  • Fast-paced environment supporting critical infrastructure operations

Additional Information

  • Immediate interview availability for suitable candidates

  • Fast-moving process (subject to internal approvals)

  • Opportunity to play a key role in evolving and maturing cyber defence capabilities