Senior SOC Analyst (24/7 Shift) – Public Sector

Company: IBM
Apply for the Senior SOC Analyst (24/7 Shift) – Public Sector
Location: Winchester
Job Description:

Introduction

At IBM Consulting UK FutureNow, you’ll build a career at the forefront of hybrid cloud and AI, working with leading clients across the public and private sectors. You’ll collaborate with top industry professionals, gain hands‑on experience with cutting‑edge technologies, and deliver solutions that create real business impact. From day one, you’ll work on meaningful, high‑profile programmes that stretch your skills and accelerate your growth. We invest heavily in you—supporting continuous learning, in‑demand skills development, and long‑term career progression. You’ll thrive in a flexible, inclusive environment that values curiosity, encourages reinvention, and recognises what makes you unique.

Benefits

  • Tools and policies to support your work‑life balance from flexible working approaches, sabbatical programmes, paid paternity leave, maternity leave and an innovative maternity returners scheme
  • More traditional benefits, such as 25 days holiday (in addition to public holidays), private medical, dental & optical cover, online shopping discounts, an Employee Assistance Programme, life assurance and a group pension plan through salary sacrifice.

In this role, you’ll work in one of our IBM Consulting Client Innovation Centres (Delivery Centres), where we deliver deep technical and industry expertise to a wide range of public and private sector clients around the world. Our delivery centres offer our clients locally based skills and technical expertise to drive innovation and adoption of new technology.

Key Responsibilities

  • Monitor, triage, and investigate security alerts and incidents across a range of SIEM and security platforms
  • Lead or support incident response activities, including
    • Initial investigation
    • Containment coordination
    • Escalation to relevant teams
  • Act as a senior presence on shift, supporting Tier 1/2 analysts and ensuring smooth SOC operations
  • Drive incident quality and consistency, ensuring playbooks and procedures are followed
  • Support major incident initiation and coordination, including communication across technical and non‑technical stakeholders
  • Analyse security events and identify
    • Patterns
    • Threat behaviours
    • Opportunities for improvement
  • Contribute to playbook development and refinement, improving SOC efficiency and response capability
  • Work with detection and engineering teams to
    • Improve alert quality
    • Reduce false positives
    • Support operational effectiveness
  • Produce clear and structured incident reports and handovers
  • Participate in shift handovers, retrospectives, and continuous improvement activities
  • Support client interactions where required, providing updates and operational insights

Required Education

  • None

Preferred Education

  • Bachelor’s Degree

Required Technical and Professional Expertise

  • Proven experience working in a SOC environment (L2 / L3 level) within a 247 operational setting
  • Strong experience with SIEM platforms, such as Microsoft Sentinel, QRadar, Splunk, Elastic or similar
  • Practical experience in
    • Incident triage and investigation
    • Security event analysis
    • Alert validation and escalation
  • Understanding of
    • Incident response processes and workflows
    • Threat detection methodologies
  • Exposure to security tooling, such as
    • EDR/XDR platforms
    • Network security technologies
    • Identity and access systems
  • Ability to interpret logs and identify suspicious behaviour across
    • Endpoints
    • Networks
    • Cloud environments
  • Strong communication skills, with the ability to clearly articulate incidents and risks
  • Experience working in client‑facing or service‑based environments

Preferred Technical and Professional Experience

  • Experience acting as a shift lead or senior escalation point within a SOC
  • Exposure to threat hunting or detection improvement activities
  • Experience working with MITRE ATT&CK
  • Threat intelligence integration
  • Familiarity with SOAR platforms and automated response workflows
  • Relevant certifications such as SC-200, GCIH / GIAC, vendor SIEM certifications
  • Experience working in regulated or public sector environments
  • Understanding of SOC performance metrics and continuous improvement approaches

This role is subject to pre‑employment screening in line with the UK Government’s Baseline Personnel Security Standard (BPSS). An additional range of Personal Security Controls referred to as National Security Vetting (NVS) may apply, which could include meeting the eligibility requirements for the Security Check (SC) or Developed Vetting (DV).

IBM is proud to be an equal‑opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, genetics, pregnancy, disability, neurodivergence, age, or other characteristics protected by the applicable law. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.

#J-18808-Ljbffr…

Posted: July 7th, 2026