Microsoft Security Operations Centre (SOC) Analyst – T2 & T3

Microsoft Security Operations Centre (SOC) Analyst – T2 & T3

(Security Clearance Required)

Preferred Location - Newcastle

Job Description

The SOC Analyst Team operates as a next‑generation, intelligence‑led Security Operations function, designed to deliver high‑quality, scalable 24×7 security monitoring and response.

All SOC analysts participate in a 24×7 shift model, ensuring uninterrupted service coverage, while also contributing to detection improvement, automation feedback, and service optimisation when operational demand allows.

Tier 2 – SOC Analyst

Technology Primary – Microsoft Sentinel & Service Now.

Role Purpose

Tier 2 SOC Analysts represent the primary human analysis function, responsible for investigating escalated alerts and incidents that require human judgement, contextual understanding, and analytical depth.

Key Responsibilities

• Perform deep investigation of escalated alerts and incidents from automated Tier 1 workflows

• Validate threats, scope impact, and determine severity using contextual analysis

• Investigate across multiple data sources, including:

  • SIEM

  • EDR / XDR

  • Identity and authentication telemetry

  • Cloud and SaaS platforms

• Coordinate and execute response actions in line with:

  • Defined playbooks

  • Client‑specific requirements

  • Incident response procedures

• Maintain clear, high‑quality investigation documentation and handover notes

Operational Expectations

• Operate as part of a 24×7 shift rota

• Maintain accountability for investigation accuracy and quality

• Escalate complex or ambiguous cases to Tier 3 appropriately

• Provide structured feedback into:

  • Detection tuning

  • Alert quality improvements

  • Automation optimisation

Continuous Improvement Contributions

When operational demand allows, Tier 2 analysts are expected to contribute insight time to platform improvement activities, supporting the Platform Automation Lead through:

• Identification of repeatable investigation patterns

• Feedback on automation opportunities

• Playbook refinement and improvement

• Detection logic tuning recommendations

.

Tier 3 – Senior SOC Analyst / Incident Specialist

Role Purpose

Tier 3 analysts provide advanced security expertise and escalation handling, focusing on complex, high‑risk, or ambiguous security incidents and ensuring consistent investigation quality across the SOC.

Key Responsibilities

• Handle escalations involving:

  • High‑impact or business‑critical incidents

  • Advanced or evasive attacker techniques

  • Ambiguous or novel threat behaviour

• Conduct advanced threat analysis, including:

  • Attacker behaviour and intent assessment

  • Cross‑incident correlation

  • Campaign and intrusion analysis

• Provide oversight and quality assurance of Tier 2 investigations

• Lead complex incident response coordination where required

Leadership & Mentorship

• Participate in 24×7 escalation coverage, via on‑call or senior shift roles

• Act as a technical mentor to Tier 2 analysts

• Support analyst development through coaching and investigative guidance

• Set investigation and response quality standards across the SOC

Platform & Automation Feedback

Like Tier 2, Tier 3 analysts are expected to provide structured feedback into platform and automation initiatives, working indirectly with the Platform Automation Lead to:

• Improve detection fidelity

• Reduce repeat incident patterns

• Increase automation coverage over time

• Ensure complex incidents inform long‑term service improvement

.