CrawlJobs Logo

SOC Solutions Engineer - QRadar and Splunk

United Kingdom, Birmingham · Job Posted January 26, 2026
Apply Position
Job Link Share

Job Description

Join a leading Managed Service Provider as a SOC Solutions Engineer specializing in QRadar and Splunk. Enhance security operations, develop incident response playbooks, and collaborate with teams to optimize threat detection strategies. Bring your expertise in SIEM platforms and a strong understanding of cybersecurity frameworks to make a significant impact.

Job Responsibility

  • Deploy, configure, and maintain SIEM platforms (Splunk, QRadar, Sentinel, Defender, Chronicle)
  • Onboard and normalize log sources across cloud and on-prem environments
  • Develop and optimize analytical rules for threat detection, anomaly detection, and behavioural analysis
  • Design and implement incident response playbooks for various threat scenarios (e.g., phishing, lateral movement, data exfiltration)
  • Integrate playbooks with SOAR platforms (e.g., Microsoft Logic Apps, XSOAR) to automate triage and response
  • Continuously refine playbooks based on threat intelligence and incident feedback
  • Monitor and analyse security alerts and events to identify potential threats
  • Perform in-depth investigations and coordinate incident response activities
  • Collaborate with threat intelligence teams to enrich detection logic
  • Conduct threat modelling exercises using frameworks like MITRE ATT&CK, STRIDE, or Kill Chain
  • Translate threat models into actionable detection use cases and SIEM rules
  • Prioritize detection engineering efforts based on risk and business impact
  • Generate reports and dashboards for stakeholders on security posture and incident trends
  • Work closely with IT, DevOps, and compliance teams to ensure secure system configurations
  • Provide mentorship and guidance to junior analysts and engineers
  • Maintain accurate and up-to-date documentation of security procedures, incident response plans, and analysis reports
  • Support the creation of monthly reporting packs as per contractual requirements
  • Create and document robust event and incident management processes, Runbooks & Playbooks
  • Involvement in scoping and standing up new solutions for new opportunities
  • Assisting Pre-Sales team with requirements on new opportunities
  • Demonstrations of SOC tools to clients
  • Continual Service Improvement - Recommendations for change to address incidents or persistent events

Requirements

  • Must be able to obtain SC Clearance or already hold SC clearance
  • Hands-on experience of IBM QRadar
  • Strong knowledge of log formats, parsing, and normalization
  • Experience with KQL, SPL, AQL, or other SIEM query languages
  • Familiarity with scripting (Python, PowerShell) for automation and enrichment
  • Deep understanding of threat detection, incident response, and cyber kill chain
  • Familiarity with MITRE ATT&CK, NIST, and CIS frameworks
  • Strong verbal and written English communication
  • Strong interpersonal and presentation skills
  • Strong analytical skills
  • Good understanding on network traffic flows and able to understand normal and suspicious activities
  • Good understanding of Vulnerability Scanning and management as well as Ethical Hacking (Penetration Testing)
  • Knowledge of ITIL disciplines such as Incident, Problem and Change Management
  • Ability to work with minimal levels of supervision
  • Willingness to work in a job that involves 24/7 on call
  • Minimum of 3 to 5 years of experience in the IT security industry, preferably working in a SOC/NOC environment
  • Preferably holds Cyber Security Certification e.g. ISC2 CISSP, GIAC, SC-200, Splunk Certified Admin/Power User, IBM QRadar Certified Specialist, Google Chronicle Security Engineer etc
  • Experience with Service Now Security suite
  • Experience with Cloud platforms (AWS and/or Microsoft Azure)
  • Excellent knowledge of Microsoft Office products, especially Excel and Word

What we offer

  • Range of tailored benefits that support your physical, emotional, and financial wellbeing
  • Continuous growth and development opportunities
  • Flexible work options
  • Inclusive work environment
  • Range of Inclusion Networks such as: the Women’s Business Network, Cultural and Ethnicity Network, LGBTQ+ & Allies Network, Neurodiversity Network and the Parent Network

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

SOC Solutions Engineer - QRadar and Splunk

8 matching positions

SOC Cyber Threat Expert

At Vodafone, we’re not just shaping the future of connectivity for our customers...
Location
Location
Türkiye , Ankara
Salary
Salary:
Not provided
vodafone.com Logo
Vodafone
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s Degree in engineering departments (preferably Electronics or Computer Engineering)
  • 5+ years of experience in performing hands-on security engineering, consulting, team management, penetration testing, and/or adversary simulation, red teaming exercises, vulnerability assessments in complex operational ICT environments
  • Familiarity with industry standards like OWASP TOP10, CVSS, CIS, NIST etc.
  • CISSP, CISM, OSCP, CEH level is expected
  • Experienced in SIEM products (QRadar, FortiSIEM Splunk, Logsign etc.) and SOAR products
  • Experience working with Threat modeling (e.g., STRIDE, PASTA, FAIR, Security Cards), operational threat intelligence, and attack framework standards (e.g., MITRE ATT&CK) with a good understanding of the Cyber Kill Chain and pervasive threat attack methods and remediation
  • Experience working in an industry standard Security Operations Center or similar environment providing incident handling and response, intrusion detection, analysis, cyber threat intelligence, threat determination, and mitigations processing and tracking, working with several network and system security technologies to include Elasticsearch, data analytics platforms, endpoint tools, network technologies, and SIEMs
  • Experience developing detection logic for enterprise SIEM systems and with exploitation techniques and use case development
  • Experience in the detection and response to malicious activity using log data and alerts from cybersecurity solutions, systems, and network devices
  • Experience extracting and analyzing forensic artifacts across Windows, Mac, and Linux operating systems
Job Responsibility
Job Responsibility
  • Coding Experience in Scripting & programming languages (such as Java, Bash, Python, PowerShell, etc.) to use these skills to aid in responding to incidents involving Windows, Linux, and Mac hosts, as well as automate common analytical processes to reduce analyst time and avoid repetitive incident response tasks
  • Making assessments on Information Security processes and taking responsibility of implementing improvements on related systems
  • Deploy, configure, and maintain security technologies, including, EDR, XDR, SOAR, SIEM, solutions to assess each of the cybersecurity technology’s responses
  • Develop open-source and vendor based threat detection scenarios
  • Develop tooling for Detection Development Life-Cycle
  • Research on new threat hunting methodologies, tools, and technologies
  • Onboard and maintain detection and hunting products (SIEM, EDR, etc.)
  • Manage and maintain internal SOC technologies and processes
  • Effectively use threat intelligence services and malware sandboxes for hunting new malware threats
  • Excellent written skills with demonstrated ability to write reports
What we offer
What we offer
  • Vflexy: Flexible Benefits Program
  • Hybrid working kit
  • Ergonomic kit allowance
  • Digital meal voucher
  • Flexible transportation allowance
  • Employee assistance hotline & counselling
  • Comprehensive and flexible private health insurance
  • Discounted price deals for wide range of products & services
  • Fulltime
Read More
Arrow Right

L3 SOC Analyst

Managed Services Security team are made up of teams that provide remote (offsite...
Location
Location
Ireland , Galway
Salary
Salary:
Not provided
https://www.hpe.com/ Logo
Hewlett Packard Enterprise
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field or equivalent experience desired
  • Generally, 5+ years in SOC, Incident Response, or Threat Analysis roles
  • Strong knowledge & understanding of common attack vectors and threat actor tactics, techniques, and procedures
  • Knowledge of Elastic SIEM is preferred. If not experience on any of the other SIEM tools like Sentinel, Splunk, QRadar, LogRhythm
  • Relevant industry qualification where applicable
  • Excellent verbal and written communication skills in language to be supported
  • Advanced troubleshooting skills in a technical environment
  • Excellent analytical and problem solving skills
  • Advanced Software and hardware knowledge of computing, storage and peripheral devices
  • Specific knowledge and training with the company's products. Knowledge of multiple product lines (for example, proactive, reactive, storage, enterprise systems, tier 2 or 3 support, etc.)
Job Responsibility
Job Responsibility
  • Monitor work queues for new escalations from the L1/L2 team
  • Triage cases when there are multiple escalations in the queue
  • Perform deep-dive analysis on escalated cases
  • Uses Threat intelligence and IOA/IOC data to identify source and impact of attack
  • Clearly document your investigations as they progress and regularly add case notes to the case to maintain situational awareness
  • Complete the investigations and recommend remediations for low and medium severity security incidents
  • Initiate a war room for confirmed or suspected critical security incidents and follow the documented incident response plan
  • Complete Post Incident Review (PIR) documentation for all medium and higher severity security incidents
  • Monitor work queues for new cases requiring review
  • Triage case reviews as required
What we offer
What we offer
  • Health & Wellbeing
  • Personal & Professional Development
  • Unconditional Inclusion
  • Fulltime
Read More
Arrow Right

Senior SOC Analyst

In Cyclad we work with top international IT companies in order to boost their po...
Location
Location
Salary
Salary:
Not provided
cyclad.pl Logo
Cyclad Sp. z o.o.
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in a SOC or cybersecurity operations role
  • Strong experience with SIEM platforms (e.g., Splunk, IBM QRadar, Microsoft Sentinel)
  • Hands-on experience with EDR/XDR solutions (e.g., CrowdStrike, Microsoft Defender, SentinelOne)
  • Solid understanding of network protocols, system logs, and security event analysis
  • Experience with threat intelligence platforms and frameworks (e.g., MITRE ATT&CK)
  • Proficiency in analyzing logs from Windows, Linux, and cloud environments
  • Familiarity with scripting (e.g., Python, PowerShell) for automation and analysis
  • Strong analytical, problem-solving, and decision-making skills
  • Fluent English, both written and spoken
Job Responsibility
Job Responsibility
  • Monitor, analyze, and respond to security events and incidents using SIEM and other security tools
  • Lead incident response activities, including investigation, containment, eradication, and recovery
  • Perform advanced threat hunting and detection engineering
  • Develop and tune detection rules and use cases to improve SOC effectiveness
  • Analyze malware, phishing campaigns, and emerging threats
  • Coordinate with IT, engineering, and external stakeholders during security incidents
  • Mentor and support junior SOC analysts
  • Create and maintain incident response playbooks and documentation
  • Participate in on-call rotation and handle escalated security alerts
  • Ensure compliance with internal policies and industry standards
What we offer
What we offer
  • Private medical care with dental care (covering 70% of costs)
  • Family package option possible
  • Multisport card (also for an accompanying person)
  • Life insurance
  • Work with talented engineers on large-scale, technically challenging projects
  • Fulltime
Read More
Arrow Right

Senior Email Security Administrator

Reporting to the Global Head of Security under Platform Security, the Senior Ema...
Location
Location
Lithuania , Vilnius
Salary
Salary:
3000.00 - 4583.00 EUR / Month
alterdomus.com Logo
Alter Domus
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in computer science, Information Security, or related professional experience
  • 7+ years of experience in Cybersecurity, with a strong focus on Email and Messaging Security
  • Extensive, hands-on experience administering Mimecast, Proofpoint Tessian Secure Email Gateways as an enterprise email security administrator
  • Proven experience securing Microsoft 365 and Exchange Online environments with a solid understanding of Entra ID for users and group management
  • Experience in Microsoft Purview with Data Loss Prevention (DLP) and user behavior analytics is a big plus
  • Strong knowledge of phishing, social engineering, and BEC threats, along with email authentication protocols (SPF, DKIM, DMARC) and encryption standards (TLS)
  • Familiarity with SIEM/SOAR integrations (e.g., Splunk, Sentinel, QRadar)
  • Relevant security certifications such as CISSP, Security+ with certifications specific to administering Secure Email Gateways (e.g., Ironport, Mimecast, Proofpoint)
  • Experience supporting regulated organizations ensuring compliance with industry standards. (e.g. GDPR)
  • Ability to collaborate with colleagues across the enterprise and to work effectively in matrixed, geographically distributed teams around the globe
Job Responsibility
Job Responsibility
  • Act as the organization’s de facto Email Security Administrator who owns the design, deployment, and ongoing operations for the organization’s Secure Email Gateways (Mimecast, Proofpoint Tessian)
  • Design and own the email security architecture across Mimecast, Tessian, and Microsoft 365 and Exchange Online, ensuring robust protection against threats
  • Drive and own policy tuning, balancing security with favorable user experience, and work towards reducing false positives in email security systems and end-user alerts
  • Serve as the primary point of contact for email and messaging security initiatives, ensuring effective communication and collaboration with Global Cyber Fusion Center Incident Response and IT Messaging/Ops teams and other stakeholders
  • Regularly generate security posture and KPIs to senior management to ensure accountability
  • Document runbooks and technical SOPs for process alignment and to describe technical specifications for email security infrastructure and related policies
  • Assist with investigations and responses for high-severity email threats, including phishing, impersonation, and business email compromise (BEC)
  • Work with Global Cyber Fusion Centre Security Operations Center (SOC), IT and Compliance teams to align processes and escalation protocol
  • Support audits, risk assessments, and security reviews to maintain compliance and enhance security measures
  • Evaluate next generation cyber solutions related to Email and DLP
What we offer
What we offer
  • Support for professional accreditations
  • Flexible arrangements, generous holidays, plus an additional day off for your birthday
  • Continuous mentoring along your career progression
  • Active sports, events and social committees across our offices
  • 24/7 support available from our Employee Assistance Program
  • The opportunity to invest in our growth and success through our Employee Share Plan
  • Fulltime
Read More
Arrow Right

Senior Email Security Administrator

Reporting to the Global Head of Security under Platform Security, the Senior Ema...
Location
Location
Ireland , Cork; Dublin
Salary
Salary:
Not provided
alterdomus.com Logo
Alter Domus
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree in computer science, Information Security, or related professional experience
  • 7+ years of experience in Cybersecurity, with a strong focus on Email and Messaging Security
  • Extensive, hands-on experience administering Mimecast, Proofpoint Tessian Secure Email Gateways as an enterprise email security administrator
  • Proven experience securing Microsoft 365 and Exchange Online environments with a solid understanding of Entra ID for users and group management
  • Strong knowledge of phishing, social engineering, and BEC threats, along with email authentication protocols (SPF, DKIM, DMARC) and encryption standards (TLS)
  • Familiarity with SIEM/SOAR integrations (e.g., Splunk, Sentinel, QRadar)
  • Relevant security certifications such as CISSP, Security+ with certifications specific to administering Secure Email Gateways (e.g., Ironport, Mimecast, Proofpoint)
  • Experience supporting regulated organizations ensuring compliance with industry standards. (e.g. GDPR)
  • Ability to collaborate with colleagues across the enterprise and to work effectively in matrixed, geographically distributed teams around the globe
  • Structured mindset, strong attention to detail, and organized
Job Responsibility
Job Responsibility
  • Act as the organization’s de facto Email Security Administrator who owns the design, deployment, and ongoing operations for the organization’s Secure Email Gateways (Mimecast, Proofpoint Tessian)
  • Design and own the email security architecture across Mimecast, Tessian, and Microsoft 365 and Exchange Online, ensuring robust protection against threats
  • Drive and own policy tuning, balancing security with favorable user experience, and work towards reducing false positives in email security systems and end-user alerts
  • Serve as the primary point of contact for email and messaging security initiatives, ensuring effective communication and collaboration with Global Cyber Fusion Center Incident Response and IT Messaging/Ops teams and other stakeholders
  • Regularly generate security posture and KPIs to senior management to ensure accountability
  • Document runbooks and technical SOPs for process alignment and to describe technical specifications for email security infrastructure and related policies
  • Assist with investigations and responses for high-severity email threats, including phishing, impersonation, and business email compromise (BEC)
  • Work with Global Cyber Fusion Centre Security Operations Center (SOC), IT and Compliance teams to align processes and escalation protocol
  • Support audits, risk assessments, and security reviews to maintain compliance and enhance security measures
  • Evaluate next generation cyber solutions related to Email and DLP
What we offer
What we offer
  • Support for professional accreditations
  • Flexible arrangements, generous holidays, plus an additional day off for your birthday
  • Continuous mentoring along your career progression
  • Active sports, events and social committees across our offices
  • 24/7 support available from our Employee Assistance Program
  • The opportunity to invest in our growth and success through our Employee Share Plan
  • Plus additional local benefits depending on your location
  • Fulltime
Read More
Arrow Right

Professional Services Principal Consultant

As a Principal Consultant for SOC Transformation & XSIAM Deployment, you will be...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
paloaltonetworks.it Logo
Palo Alto Networks Italia
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • A proven track record in modernizing Security Operations Centers (SOCs) to achieve automation, AI-driven detection, and measurable improvements in MTTD/MTTR
  • Exceptional executive presence, with strong verbal and written communication skills to engage with stakeholders from the SOC analyst to the CISO
  • Experience acting as a trusted advisor to senior security leaders, with the ability to diagnose challenges and deliver strategic recommendations
  • 10+ years of hands-on experience in deploying and integrating SIEM/security analytics solutions within large enterprise environments
  • 8+ years of experience with Security Operations Center (SOC) tooling, processes, and workflows
  • Hands-on technical mastery across SIEM, SOAR, EDR, cloud security, and threat intelligence
  • Ability to conceive, architect, and develop effective correlation and detection rules
  • Familiarity with a range of SIEM technologies, such as Splunk and IBM QRadar, is a plus
  • Strong expertise in Regular Expressions (Regex)
  • Relevant bachelor's degree or industry-recognized qualifications (CISSP, GIAC, etc.), is a plus
Job Responsibility
Job Responsibility
  • Serve as the lead strategic advisor and subject matter expert for customers undertaking a full-scale SOC modernization with XSIAM
  • Lead multi-national SOC transformation programs, consolidating fragmented detection and response processes into a unified, AI-driven platform
  • Direct enterprise-scale XSIAM deployments, guiding customers from initial strategy to full operationalization
  • Devise and oversee comprehensive log ingestion strategies to ensure high-quality data fuels the XSIAM platform
  • Architect and implement sophisticated detection strategies and correlation rules to fortify customer defenses against advanced threats
  • Fine-tune and optimize log sources and correlation rules to maximize system performance and detection efficacy
  • Identify opportunities to enhance analyst alert handling and response through automation
  • Transform ambiguity into structured action plans, driving accountability at every level of a customer engagement
  • Build and mentor high-performing professional services teams that blend consulting, engineering, and change management expertise
  • Partner with Product and R&D teams to incorporate field insights into roadmap priorities
Read More
Arrow Right

Professional Services Staff Consultant

As a Senior Consultant for SOC Transformation & XSIAM / XSOAR Deployment, you wi...
Location
Location
Spain , Madrid
Salary
Salary:
Not provided
paloaltonetworks.it Logo
Palo Alto Networks Italia
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • A proven track record in modernizing and transforming Security Operations Centers (SOCs) to achieve automation, AI-driven detection, and measurable improvements in MTTD/MTTR
  • Exceptional executive presence, with strong verbal and written communication skills to engage with stakeholders from the SOC analyst to the CISO
  • Experience acting as a trusted advisor to senior security leaders
  • Ability to diagnose challenges and deliver strategic recommendations
  • 10+ years of hands-on experience in deploying and integrating SIEM/security analytics solutions within large enterprise environments
  • 8+ years of experience with Security Operations Center (SOC) tooling, processes, and workflows
  • Hands-on technical mastery across SIEM, SOAR, EDR, cloud security, and threat intelligence
  • Ability to conceive, architect, and develop effective correlation and detection rules
  • Familiarity with a range of SIEM technologies, such as Splunk and IBM QRadar, is a plus
  • Strong expertise in Regular Expressions (Regex)
Job Responsibility
Job Responsibility
  • Serve as the lead strategic advisor and subject matter expert for customers undertaking a full-scale SOC modernization with XSIAM
  • Lead multi-national SOC transformation programs, consolidating fragmented detection and response processes into a unified, AI-driven platform
  • Direct enterprise-scale XSIAM deployments, guiding customers from initial strategy to full operationalization
  • Devise and oversee comprehensive log ingestion strategies to ensure high-quality data fuels the XSIAM platform
  • Architect and implement sophisticated detection strategies and correlation rules to fortify customer defenses against advanced threats
  • Fine-tune and optimize log sources and correlation rules to maximize system performance and detection efficacy
  • Identify opportunities to enhance analyst alert handling and response through automation
  • Transform ambiguity into structured action plans, driving accountability at every level of a customer engagement
  • Build and mentor high-performing professional services teams that blend consulting, engineering, and change management expertise
  • Partner with Product and R&D teams to incorporate field insights into roadmap priorities
  • Fulltime
Read More
Arrow Right

Professional Services Senior Consultant

As a Senior Consultant for SOC Transformation & XSIAM Deployment, you will be a ...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
paloaltonetworks.it Logo
Palo Alto Networks Italia
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • A proven track record in modernizing Security Operations Centers (SOCs) to achieve automation, AI-driven detection, and measurable improvements in MTTD/MTTR
  • Exceptional executive presence, with strong verbal and written communication skills to engage with stakeholders from the SOC analyst to the CISO
  • Experience acting as a trusted advisor to senior security leaders, with the ability to diagnose challenges and deliver strategic recommendations
  • 8+ years of hands-on experience in deploying and integrating SIEM/security analytics solutions within large enterprise environments
  • 6+ years of experience with Security Operations Center (SOC) tooling, processes, and workflows
  • Hands-on technical mastery across SIEM, SOAR, EDR, cloud security, and threat intelligence
  • Ability to conceive, architect, and develop effective correlation and detection rules
  • Familiarity with a range of SIEM technologies, such as Splunk and IBM QRadar, is a plus
  • Strong expertise in Regular Expressions (Regex)
  • Relevant bachelor's degree or industry-recognized qualifications (CISSP, GIAC, etc.), is a plus
Job Responsibility
Job Responsibility
  • Serve as the lead strategic advisor and subject matter expert for customers undertaking a full-scale SOC modernization with XSIAM
  • Lead multi-national SOC transformation programs, consolidating fragmented detection and response processes into a unified, AI-driven platform
  • Direct enterprise-scale XSIAM deployments, guiding customers from initial strategy to full operationalization
  • Devise and oversee comprehensive log ingestion strategies to ensure high-quality data fuels the XSIAM platform
  • Architect and implement sophisticated detection strategies and correlation rules to fortify customer defenses against advanced threats
  • Fine-tune and optimize log sources and correlation rules to maximize system performance and detection efficacy
  • Identify opportunities to enhance analyst alert handling and response through automation
  • Transform ambiguity into structured action plans, driving accountability at every level of a customer engagement
  • Build and mentor high-performing professional services teams that blend consulting, engineering, and change management expertise
  • Partner with Product and R&D teams to incorporate field insights into roadmap priorities
Read More
Arrow Right