Senior SOC Engineer

Build the detections that stop threats in their tracks.

We’re looking for a Senior SOC Engineer (Detection) to join our growing Cyber Security team. This is a hands-on engineering role where you’ll design and deliver high-quality detections across Microsoft Sentinel and Splunk, helping protect critical systems and clients in real time.

If you thrive on turning threat intelligence into actionable detection logic—and enjoy working at the heart of a live SOC—this is your opportunity to make a real impact.

This role is Hybrid: 2 days in the Farnborough office, 3 days from home.

You do need to be eligible for SC Clearance.

What you’ll be doing:

• Develop, test and deploy detection content across Microsoft Sentinel and Splunk SIEM.
• Write and optimise detection logic using KQL and SPL.
• Turn monitoring requirements and use cases into effective, actionable detections.
• Tune alerts to reduce false positives and improve SOC efficiency.
• Validate detections against telemetry and ensure accuracy.
• Support onboarding of log sources across cloud, infrastructure, identity and network.
• Collaborate with SOC, Threat Intelligence and Security Architecture teams.
• Investigate detection issues and improve performance and reliability.
• Drive continuous improvement using automation, scripting and best practice.
• Ensure detections are clearly documented and operationally usable.

What you’ll bring:

• Experience in SOC engineering, detection engineering or SIEM engineering.
• Strong hands-on experience with Microsoft Sentinel and Splunk.
• Solid knowledge of KQL and SPL.
• Experience building, testing and maintaining detection rules.
• Good understanding of SIEM lifecycle management and security telemetry.
• Knowledge of cloud environments and IT infrastructure.
• Familiarity with frameworks such as MITRE ATT&CK.
• Ability to analyse threats and translate them into detection capability.

Nice to have:

• Experience with SOAR (Logic Apps / Splunk SOAR).
• Detection-as-code or CI/CD pipeline experience.
• Scripting in PowerShell, Python or similar.
• Experience with Git-based workflows.
• Relevant certifications (Microsoft, Splunk, Cyber Security).

Employment Type: Permanent

Location: Hybrid: 2 days Farnborough Office. 3 days home.

Security Clearance Level: Eligible for SC Clearance.

Internal Recruiter: Jane

Salary: To £80K

Benefits: 25 days annual leave with the choice to buy additional days,4 x life Insurance, matched contributory pension to 6%, 3% flex benefit, single private medical cover, £5400.00 car allowance.

Loved reading about this job and want to know more about us?

Sopra Steria’s Aerospace, Defence and Security business designs, develops and deploys digital solutions to Central Government clients. The work we do makes a real difference to the client’s goal of National Security, and we operate in a unique and privileged environment.

We are given time for professional development activities, and we coach and mentor our colleagues, sharing knowledge and learning from each other. We foster a culture in which employees feel valued and supported and have pride in their work for the customer, delivering outstanding rates of customer satisfaction in the UK’s most complex safety- and security-critical markets.