Security Engineer- SOC Operations

About the Role We are looking for an 7- 10 years expereicned Security Engineer to join our Information Security function, operating as a core contributor within the Security Operations Centre (SOC) and cloud security engineering practice. This is a technically deep, hands-on role centred on Palo Alto Cortex XSIAM/XSOAR as our primary SIEM and SOAR platform, alongside CrowdStrike Falcon endpoint protection, multi-cloud logging ingestion, and identity integration across our Microsoft estate The successful candidate will design, build and maintain the integrations that feed security telemetry into our detection and response capability—spanning AWS, GCP and Azure—while working collaboratively with IT to ensure the health and integrity of our Entra ID and Microsoft 365 connectors. You will operate within an environment that places equal weight on engineering rigour and security assurance, contributing to playbook development, alert tuning and the continuous improvement of our detection postur e. SIEM & SOAR Engineering (Palo Alto Corte x): • Design, deploy and maintain log source integrations into Palo Alto Cortex XSIAM / XSOAR, ensuring normalisation, parsing accuracy and data quality across all connected sour ces.• Develop, test and continuously improve SOAR playbooks for automated triage, enrichment and response across key incident ty pes.• Own SIEM content including detection rules, correlation policies, dashboards and alert thresholds; perform ongoing tuning to reduce false-positive volu mes.• Maintain platform health including connector status monitoring, API rate-limit management and capacity planning for log ingestion pipeli nes.• Produce and maintain engineering documentation including integration runbooks, playbook specifications and change records in accordance with CAB pol icy. Endpoint Security Engineering (CrowdStrike Fal con): • Administer and engineer the CrowdStrike Falcon platform, including sensor deployment management, policy configuration and response workflow alignment with SOC proce dures.• Configure and maintain Falcon data connectors into the SIEM, ensuring EDR telemetry is enriched and actionable within the detection pip eline.• Contribute to host-based detection content and work with the SOC team to validate alert fidelity from Falcon sourced e vents.• Support incident response activities requiring Falcon RTR (Real Time Response) capabilities where req uired. Cloud Security Logging & Integ ration: Engineer and maintain security log collection from multi-cloud environments into the SIEM, in cluding:◦ AWS — configure and operate GuardDuty, Security Hub, CloudTrail, VPC Flow Logs and S3 access logging; manage event forwarding via EventBridge and SQS/SNS pi pelines.◦ Azure — configure and maintain Microsoft Defender for Cloud, Azure Monitor Diagnostic Settings and Entra ID audit and sign-in log in gestion.◦ GCP — configure and maintain Cloud Audit Logs, Security Command Centre findings export and Pub/Sub-based log forwarding into t he SIEM. • Ensure cloud logging coverage aligns with the organisation’s detection requirements and regulatory obligations, and identify and remediate gaps in telemetry coverage.• Maintain cloud-side IAM roles and service principals used for log collection with least-privilege pr inciples. Microsoft Entra ID & Office 365 In tegration: • Work alongside the IT team to maintain and improve security-relevant integrations between Entra ID and the SIEM, including Conditional Access policy audit logging, risky sign-in alerting and identity-based detection use cases.• Support the health and configuration of Microsoft 365 Defender connectors, including Exchange Online, SharePoint and Teams audit log ingestion.• Assist in periodic reviews of Entra ID security configuration posture, including MFA policy coverage, guest account hygiene and privileged role assignments from a security monitoring p erspective.• Act as a technical liaison between Information Security and IT on identity-related security matters, escalating findings through appropriate governanc e channels. SOC Operations & Continuous Improvement: • Contribute to the SOC as a Tier 2/3 resource on complex investigations, providing engineering context to support an alyst triage.• Participate in threat-led detection engineering, translating threat intelligence and MITRE ATT&CK TTPs into actionable det ection logic.• Support vulnerability and configuration management activities where they relate to SIEM-conn ected assets.• Contribute to weekly and monthly SOC reporting by maintaining the accuracy and completeness of underlying data sources and metrics. Essential Requirements: • Demonstrable hands-on experience engineering and administering Palo Alto Cortex XSIAM or XSOAR as a primary SIEM/SOAR platform in a production S OC environment.• Proven experience building and maintaining CrowdStrike Falcon integrations, including sensor management, data connector configuration and policy administration.• Practical experience configuring AWS security logging services including GuardDuty, Security Hub, CloudTrail and VPC Flow Logs, and forwarding the se into a SIEM.• Demonstrable experience with Azure cloud security logging including Entra ID audit logs, Microsoft Defender for Cloud and Diagn ostic Settings.• Experience working with GCP security logging services including Cloud Audit Logs and Security Command Centre.• Solid working knowledge of Microsoft Entra ID (Azure AD) and Microsoft 365 security integrations, including Conditional Access, sign-in risk policies and M365 Defen der connectors.• Experience writing SIEM detection logic, correlation rules and SOAR playbooks in a produ ction capacity.• Strong understanding of log formats, parsing and normalisation (JSON, CEF, Syslog) across divers e source types.• Familiarity with MITRE ATT&CK as a framework for detection engineering and threat co verage mapping.• Ability to produce clear, accurate technical documentation aligned to change management and audi t requirements.

Desirab le Requirements: • Relevant vendor certifications: Palo Alto XSOAR/XSIAM Engineer, CrowdStrike CCFA/CCFH, AWS Security Specialty, Microsoft SC-200 (Security Ope rations Analyst).• Exposure to scripting for automation (Python, PowerShell) in a security eng ineering context.• Familiarity with SOC metrics, SLA reporting and KP I/KRI frameworks.• Experience operating within an ITSM environment (Jira, ServiceNow) including change management and incident tic keting workflows.• Knowledge of relevant compliance frameworks including ISO/IEC 27001, NIST C SF or equivalent.Security Engineer — SOC & Cloud Operations• Experience with SFIA-aligned role frameworks or working within organisations that use structured c ompetency models.