Overview
At ProtekCyber, SOC Engineers are the enablers of our frontline defence. You’ll design, build, and optimise the tooling that powers our security operations — from detection engineering and automation to integrations across Microsoft Sentinel, Defender XDR, and our broader security stack. If you enjoy blending scripting with security and want your work to directly enhance analyst efficiency and threat response, this is your role.
24/7
Security Operations
1-5+
Years Experience
Hybrid
Work Model
Join the Frontline of Cyber Defense
Help businesses bounce back stronger by delivering fast, decisive, and intelligent incident response
Client Interaction & Communication
- Act as a technical lead during high-pressure client engagements, providing clear updates, calm direction, and confidence throughout.
- Translate technical threat data into plain-English insights and recommendations.
- Provide structured situation reports and final incident reports tailored to stakeholder needs.
Innovation & Improvement
- Contribute to the development of in-house tooling, detection logic (YARA, Sigma, Snort), and response playbooks.
- Share insights with the wider team to inform detection tuning and threat intelligence development.
- Continuously refine our incident response methodology to reflect evolving threats and client needs.
Knowledge Sharing & Collaboration
- Actively mentor junior team members through shadowing, feedback, and knowledge transfer during live engagements.
- Deliver internal training sessions and workshops to uplift team capabilities in digital forensics, threat hunting, and incident containment.
- Contribute to cross-functional retrospectives post-incident to capture lessons learned and drive process improvements.
What You’ll Be Doing
- Build and maintain automation playbooks using Azure Logic Apps and Microsoft Sentinel to accelerate incident detection and response.
- Develop API integrations across Sentinel, Microsoft 365 Defender, Entra ID, and external systems for enriched context and response orchestration.
- Tune detection logic in KQL, reducing noise while maintaining high-fidelity alerting.
- Collaborate with SOC analysts to improve tooling usability, automate manual tasks, and support threat investigations.
- Ensure automation workflows (e.g. enrichment, notifications, containment actions) run reliably and adapt to evolving use cases.
- Help drive continuous improvement of our SIEM/SOAR platform, including health monitoring, error handling, and logic refinement.
Bonus Skills
- Experience supporting Tier 1–3 SOC operations in a live security environment.
- Familiarity with threat hunting methodologies using MITRE ATT&CK.
- Exposure to Splunk, CrowdStrike, or third-party integrations within Microsoft Sentinel.
What We’re Looking For
- Hands-on experience with Microsoft Sentinel, including playbook design and alert rule creation.
- Working knowledge of Azure Logic Apps, KQL, PowerShell, and JSON.
- Familiarity with Microsoft 365 Defender, Entra ID (Azure AD), and cloud-native security tools.
- Strong understanding of API integration for security automation.
- Ability to document and explain technical processes to cross-functional teams.
- A proactive mindset, always looking for ways to reduce manual load and improve detection outcomes.
Why ProtekCyber?
- Work with cutting-edge Microsoft security tools in real-world threat environments.
- Shape the foundation of SOC automation, detection logic, and platform health.
- Access ongoing training and certification support (Microsoft SC series, SANS, etc.).
- Be part of a tight-knit consultancy that values input, impact, and innovation.
- Enjoy hybrid working, private medical cover, performance bonuses, and team retreats.
Apply Now
Ready to join our team? Fill out the application form below and we'll get in touch with you.