Overview

The Information and Cyber Security team is responsible for identifying and mitigating cyber security risks for the firm and ensuring continued compliance against regulatory and best practice standards. The SOC Analyst will own advanced threat detection, investigation, and response activities, leveraging scripting and automation to enhance SOC capabilities and streamline operations.

Responsibilities

• Monitor and triage security alerts using SIEM platforms, applying advanced correlation rules and custom KQL queries to identify suspicious activity.
• Investigate and respond to security incidents, performing root cause analysis, impact assessment, and containment actions across endpoints, networks, and cloud environments.
• Develop and maintain detection rules and use cases, leveraging threat intelligence and MITRE ATT&CK mappings to improve detection fidelity.
• Automate repetitive tasks and enhance detection/response workflows using scripting languages such as Python, PowerShell, Logic Apps, workflows and KQL.
• Create and maintain incident response playbooks, ensuring alignment with evolving threat landscapes and operational requirements.
• Perform threat hunting activities, proactively searching for indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) across the environment.
• Contribute to continuous improvement of SOC processes, including documentation updates, tuning of alert thresholds, and enrichment of log sources.
• Collaborate with infrastructure, cloud, and application teams to support remediation efforts and improve overall security posture.
• Participate in a 24/7 on-call rotation to provide out-of-hours support.

Qualifications

• 3+ years of experience as a SOC Analyst or in a related security operations role.
• Hands-on experience operating, tuning, and configuring SIEM platforms (e.g., Microsoft Sentinel, Defender for Endpoint, Defender for Cloud).
• Experience in writing and optimising detection queries using KQL.
• Proven ability to investigate and respond to security incidents across endpoints, networks, and cloud environments.
• Experience reviewing and analysing firewall logs and configurations.
• Scripting in Python and PowerShell to automate detection and response workflows.
• Managing and enhancing email and web filtering policies.
• Implementing and reviewing Data Loss Prevention (DLP) controls.
• Conducting threat hunting and leveraging threat intelligence to improve detection capabilities.

Certifications

• CompTIA CySA+ (Cybersecurity Analyst)
• EC-Council Certified SOC Analyst (CSA)
• GIAC Certified Incident Handler (GCIH)
• Microsoft SC-200
• Microsoft Certified: Cybersecurity Expert (SC-100)
• SANS SEC511
• SANS SEC504

About the team and benefits

Fast paced, fast growing and forward thinking, TLT is the law firm that helps clients stay one step ahead, and we do the same for our people. We work with high profile clients in innovative sectors. With local, national and international reach, we have over 1,800 people in offices across the UK and a network of partner firms across Europe, India and the US. TLT was named Law Firm of the Year at the Legal Business Awards 2023. This marks the third year in a row the firm has taken away this accolade. Our purpose is to protect, prepare and progress our clients for what comes next and it's essential that we do the same for our people, our planet and our communities too. In our open and collaborative culture, we encourage everyone to be their whole self, to have a voice and to contribute.

We value our employees highly and we want you to feel valued. You'll receive a competitive salary with an annual pay review. You will also have access to an extensive range of benefits via our flexible benefits scheme including 25 days holiday (which will increase to 30 days based on length of service) and private medical insurance. At TLT we have a progressive fully flexible working approach. We empower our people to work in a place and at a time that meets their needs, those of their clients and of the wider team and firm. Part of this agile approach is a focus on hybrid working and supporting the work/life balance of our people. We’re happy to talk about how flexible working can work for you and this role.