L3 SOC Analyst

L3 SOC Analyst (Cyber Security Consultancy) Glasgow (Hybrid) Full-time | 24/7 SOC Environment (includes occasional out-of-hours work) £55,000 – £70,000 + benefits (depending on experience) We’re working with a leading cybersecurity consultancy to recruit an experienced L3 SOC Analyst to join their growing Security Operations Centre team. This is a fantastic opportunity to play a key role in defending a diverse client base against advanced cyber threats, while also mentoring junior analysts and shaping SOC capabilities. The Role As an L3 SOC Analyst, you’ll act as a senior escalation point within a 24/7 SOC, leading complex investigations and driving incident response activities.

You’ll work closely with threat intelligence, engineering, and client teams to continuously improve detection and response capabilities. Key Responsibilities Act as the final escalation point for security incidents and alerts Lead and coordinate incident response for high-severity threats Perform advanced threat hunting and forensic investigations Analyse logs from SIEM, EDR, NDR, and cloud security tools Develop and refine detection rules and use cases Support SOC maturity improvements and playbook development Mentor and support L1/L2 analysts Produce detailed incident reports and client-facing communications Skills & Experience Required Proven experience in a SOC environment (L2/L3 level) Strong hands-on experience with SIEM platforms (e.g., Splunk, Sentinel, QRadar) Experience with EDR/XDR tools (e.g., CrowdStrike, Defender, Carbon Black) Solid understanding of threat detection, incident response, and MITRE ATT&CK Experience in threat hunting and log analysis Knowledge of network protocols, endpoints, and cloud environments Scripting skills (Python, PowerShell, or similar) are desirable Relevant certifications such as GCIA, GCIH, CySA+, or CISSP are a plus What’s on Offer Competitive salary (£55k–£70k depending on experience) Hybrid working model (Glasgow-based) Exposure to a wide range of clients and industries Opportunity to work with cutting-edge security technologies Clear progression into SOC Lead / Threat Hunting / Incident Response roles Ongoing training and certification support Additional Information This role operates within a 24/7 SOC , so some out-of-hours work and shift flexibility will be required Candidates must have the right to work in the UK