SOC Engineer - 6 Month FTC

<p><strong>SOC Engineer - SIEM, Exabeam, SOAR, EDR, IDS/IPS, MITRE, Azure, SC-200, SC-100, </strong></p><p>Our leading global law firm client are currently looking to take on a new SOC Engineer (SIEM, Exabeam, SOAR, EDR, IDS/IPS, MITRE, Azure, SC-200, SC-100) to join their team on a contractual basis. The firm are an extremely modern law firm which offer a healthy hybrid working solution 2-3 days per week in London and offer a great deal of autonomy and technical exposure.</p><p>This SOC Engineer (SIEM, Exabeam, SOAR, EDR, IDS/IPS, MITRE, Azure, SC-200, SC-100) role, will be responsible for the enhancement of existing SIEM platform and improve performance, coverage and fidelity by conducting regular assessments of the SIEM architecture. </p><p>To be considered for this SOC Engineer (SIEM, Exabeam, SOAR, EDR, IDS/IPS, MITRE, Azure, SC-200, SC-100)Defender) role, it's ideal you have:</p><ul><li>3 + years within a similar role</li><li>Ideal but not required law firm experience</li><li>Security qualifications such as CISSP, CISM, CEH, CompTIA Sec+ or others</li></ul><p><strong>SIEM Engineering & Maturity</strong></p><ul><li>Enhance and optimise the existing SIEM platform to improve performance, coverage, and fidelity.</li><li>Conduct regular assessments of SIEM architecture and propose improvements to ingestion pipelines, parsing rules, correlation logic, and storage management.</li><li>Implement automation and orchestration components (SOAR) to streamline incident response activities.</li></ul><p><strong>Log Source Onboarding & Integration</strong></p><ul><li>Identify, prioritise, and onboard new log sources from cloud, on-prem, network, endpoint, identity, and application platforms.</li><li>Develop and maintain custom parsers, connectors, and ingestion playbooks.</li><li>Work with internal teams and vendors to ensure high-quality, reliable telemetry and error-free ingestion.</li></ul><p><strong>Use Case & Detection Content Development</strong></p><ul><li>Design, implement, test, and tune detection use cases based on attacker techniques (MITRE ATT&CK), threat intelligence, and risk appetite.</li><li>Build correlation rules, anomaly-based detections, dashboards, and alerting workflows.</li><li>Regularly review detection efficacy and reduce false positives through tuning and logic refinement.</li></ul><p><strong>SOC Support & Incident Response</strong></p><ul><li>Work closely with SOC analysts to validate and refine detection logic.</li><li>Support incident investigations through SIEM searches, enrichment, and data modelling.</li><li>Provide technical SME support for complex incidents that require deep SIEM or log knowledge.</li></ul><p><strong>Documentation & Governance</strong></p><ul><li>Maintain high-quality documentation covering data models, feed onboarding, use cases, correlation logic, and architecture.</li><li>Ensure alignment with internal controls, compliance requirements, and industry standards.</li></ul><p><strong>Education, Skills & Experience</strong></p><p><strong>Technical Expertise</strong></p><ul><li>Hands-on experience with leading SIEM platforms (e.g., Exabeam, LogRhythm, ArcSight, Microsoft Sentinel, Splunk, QRadar, Elastic).</li><li>Strong understanding of log formats (JSON, syslog, XML, CEF, etc.) and ingestion technologies (Syslog, API, Event Hubs, Kafka, Agents).</li><li>Practical knowledge of detection engineering, threat modelling, and attacker behaviour analysis.</li><li>Experience building and tuning correlation rules, searches, and dashboards.</li><li>Familiarity with SOAR platforms and automation workflows.</li></ul><p><strong>Security Knowledge</strong></p><ul><li>Strong understanding of networking, Windows/Linux systems, Cloud platforms (Azure/AWS/GCP), identity systems, and endpoint protection technologies (e.g. SentinelOne and Microsoft Defender)</li><li>Knowledge of MITRE ATT&CK, cyber kill chain, and threat hunting methodologies.</li></ul><p><strong>Must Have</strong></p><ul><li>Level 4 or higher qualification in a computing subject, or equivalent experience</li><li>IT experience including both IT Infrastructure and Information Security roles</li><li>Relevant professional certifications that validate the fundamental skills required to perform the role, e.g. GIAC (GCIA,GCDA,GMON) Microsoft SC-200/SC-100, CompTIA Secure Infrastructure Specialist (CSIS), SSCP/CISSP etc</li><li>Strong skill level in scripting technologies, including Python, MS PowerShell and PowerApps</li><li>Ability to conduct research into Infrastructure issues and products as required</li><li>Self-starting with strong interpersonal, written, and oral communication skills.</li><li>Ability to engage colleagues at all levels and project a solid, professional attitude consistently.</li></ul><p><strong>Nice to have</strong></p><ul><li>Data Loss Prevention</li><li>Secure Remote Access solutions</li><li>Network Security solutions</li><li>Open Source and Cyber Threat Intelligence</li><li>Suitable experience working with the market leading technology vendor product suites</li><li>Experience in software-defined and cloud services such as SaaS, IaaS, PaaS and DaaS</li><li>Experience in Disaster Recovery Management and Business Continuity</li><li>Knowledge of applicable data privacy practices and laws</li></ul><p></p><img src="https://www.jobg8.com/Tracking.aspx?mvZ2aGq5iQVpz7s2C6atZxHTb25DxhK7f" width="0" height="0" />