Job Specifications
Job Description
Nomios' mission is to build a ‘secure and connected’ future. Organisations across Europe depend on us to help secure and connect their digital infrastructures. In support of our continued UK growth, we are seeking a SOC Analyst to join our 24/7 Security Operations Centre. This is an excellent opportunity for someone early in their SOC career, or for an individual with a strong infrastructure and networking background looking to transition into cyber security operations.
You will be working across a diverse set of customer environments as part of our Security Operations Centre, focusing on investigation, understanding attacker behaviour and contributing to the continual improvement of SOC capabilities.
Your role as Security Operations Centre (SOC) Analyst
As a 24/7 SOC Analyst, you will be on the frontline of our Security Operations Centre - monitoring, investigating and escalating security events across multiple customer environments. You will work closely with Senior and Lead Analysts for guidance, development and collaborative investigation. You will use platforms such as Microsoft Sentinel, Google SecOps, Defender XDR, CrowdStrike Falcon, SentinelOne and Cortex XSOAR/XSIAM to understand what has happened, how activity progressed and what actions need to be taken. You will be supported through structured training, cyber ranges, hands-on exposure to modern SOC technologies and real investigation experience to help you grow quickly.
You will join a modern, continuously evolving SOC run by people who are technical at heart and understand what analysts need to succeed. Career development is a core focus, with clear pathways into Threat Intelligence, SOC Engineering, SOC Professional Services, senior SOC roles and Incident Response for those who want to specialise. You’ll be part of a collaborative, agile team that values curiosity, humour and a genuine interest in technology. The environment is built around continuous improvement, with everyone having a voice in shaping how the department evolves. Regular team events and knowledge-sharing sessions create a supportive, engaging place to work.
Key Responsibilities
Detect and investigate
Monitor and triage alerts across SIEM, EDR or XDR, email and web security platforms.
Investigate suspicious activity and determine whether escalation is required.
Follow SOC runbooks and investigation workflows.
Build clear timelines of activity and maintain accurate investigation notes.
Escalate complex cases to Senior and Lead Analysts with appropriate context.
Review vulnerability management output and provide basic prioritisation insight.
Hunt and improve
Take part in directed threat hunting activities.
Suggest improvements to detections, dashboards and runbooks.
Support testing of new use cases and detection logic.
Collaborate and communicate
Provide clear written updates for customers and internal stakeholders.
Participate in shift handovers to maintain continuity.
Work closely with Senior and Lead Analysts to develop your skills and technical depth.
Job requirements
We hire result-orientated, smart, and high-energy individuals who bring a can-do attitude and a willingness to go the extra mile and deliver exceptional outcomes. You should be organised and rigorous, with excellent analytical skills. Good communication with internal stakeholders is vital, as is the ability to work as part of a dynamic team.
Required skills:
Minimum 1 year in a Security Operations Centre (SOC), or
Minimum 3 years in infrastructure or networking roles with demonstrable security exposure.
Experience triaging and investigating security alerts.
Understanding of attacker behaviours, TTPs, and common malware execution chains (e.g., phishing leading to script or binary execution).
Ability to recognise indicators of compromise such as unusual processes, network connections, irregular logon activity or file changes.
Hands-on experience with at least one major security platform (SIEM, EDR or XDR).
Familiarity with ticketing tools such as ServiceNow, Salesforce, or JIRA.
Familiarity with Windows event logs, authentication logs, basic process trees, and command-line tools(Windows & Unix-like systems).
Understanding of core network protocols: DNS, HTTP, SMB, LDAP.
Operational knowledge of Windows, macOS and Linux.
Ability to read and interpret logs from multiple sources.
Awareness of MITRE ATT&CK and differentiating legitimate admin activity vs suspicious behaviour.
Desirable skills:
Experience with Microsoft Sentinel, Google SecOps or other SIEM platforms.
Experience with Defender, CrowdStrike, SentinelOne or other XDR solutions.
Ability to query in KQL, CQL, S1QL, XQL or similar languages.
Awareness of threat intelligence concepts and application to investigations.
Awareness of coding or scripting, with proficiency in at least one language preferred (but not required).
Job Specifics
Location: This role is home-based with occasional visits to the office in Basingstoke
H
About the Company
Nomios is a leading European cybersecurity and networking company We design, secure, and manage digital infrastructures for organisations of all sizes, across a wide range of industries. Our experts develop innovative solutions to tackle complex cybersecurity and networking challenges, ensuring you stay secure and connected in an evolving digital landscape. By combining cutting-edge technology with consulting, managed services, and professional services, we create strategic value for our customers and partners--building the ...
Know more