Job Description

Deliver expert engineering, optimisation and lifecycle management of SOC platforms, ensuring high availability, security and scalability to enable robust, proactive threat detection and response in alignment with business and regulatory requirements.

Job Context and Challenges

The role operates within a large, complex, and highly regulated hybrid estate, requiring rapid adaptation to evolving threats, new technologies, and business requirements. This role must balance deep technical delivery with standards governance, complex stakeholder management, and the ongoing professional development of less experienced team members. The role tackles sophisticated engineering challenges requiring critical thinking and innovative problem-solving for high resilience, performant, and cost-effective SOC delivery.

Principal Accountabilities

• Engineer, optimise, and maintain SOC platforms (e.g., SIEM/SOAR such as Microsoft Sentinel, Defender suite, Log Analytics) to maximise security operations effectiveness.
• Onboard, validate, and document new log sources in line with operational detection requirements.
• Deploy, configure, and monitor platform agents and sensors across on-prem, cloud, and hybrid environments.
• Implement and tune analytics rules, detection logic and KQL queries, collaborating with threat detection and response teams.
• Develop, maintain, and improve automation workflows (e.g., SOAR playbooks, Logic Apps, scripts) to streamline detection and response.
• Produce and review reports on platform health, coverage gaps, and ingestion volumes to inform operational improvements and cost optimisation.
• Provide guidance and mentorship to SOC engineering colleagues and contribute to skills development across the team.
• Collaborate with ICT and business stakeholders to prioritise engineering work based on risk/business value.
• Ensure robust documentation, adherence to standards, and maintenance of secure engineering practices in line with frameworks such as NCSC CAF, MITRE ATT&CK, and NIST CSF.
• Monitor and manage performance and cost of cloud native security services (e.g., Azure security tooling), supporting optimisation efforts.
• Lead telemetry engineering, including designing parsers, data schemas, onboarding runbooks, retention and normalisation to support detection and forensics.
• Participate in incident response activities as the technical SME on SOC engineering and tooling.

Authorities & Dimensions

• No direct budget authority but responsible for influencing spend optimisation on managed platforms.
• May deputise for SOC Engineering Team Lead as required.
• No direct line management, but mentor/technical lead for more engineers.

Essential Skills

• Significant experience in SOC platform engineering, SIEM/SOAR technologies, and security operations environments.
• Expertise with Microsoft Azure security services (Sentinel, Defender suite, Log Analytics), including analytics and automation.
• Proficient in scripting and automation (PowerShell, KQL, Python, Logic Apps, etc).
• Strong understanding of cyber security frameworks (MITRE ATT&CK, NCSC CAF, NIST CSF).
• Strong stakeholder engagement skills and the ability to communicate complex technical concepts clearly.
• Degree or equivalent qualification in computer science, cyber security, or related field.

Desirable Skills

• Relevant Microsoft and/or security certifications (e.g. SC-200, AZ-500).
• Knowledge and experience in using ServiceNow SecOps.
• Experience in regulated environments (nuclear, defence, critical infrastructure).
• Membership of a cyber security professional body (CIISec, BCS, etc).

Additional Information

• Open VN
• Number of Vacancies: 3
• Contact/s: Stephen Pye

The interviews for this vacancy are to be confirmed.

ASW’s may have the right to apply for internal Sellafield Ltd vacancies. Please note if you are an Agency Supplied Worker you are required to attach evidence of all qualifications obtained to support your application. We require a minimum of A*-C (9-4) GCSE in English Language, Maths & Science/IT or equivalent / higher qualification.

If you choose to apply for this role and your application is shortlisted by the hiring manager, you will be invited to a competency based interview.

Competencies will be provided if you are invited to interview.

Please see link to the competency framework for further information:
https://slportal.ssa-intra.net/pub/SC001/00027/Competency%20Framework/Forms/AllItems.aspx

If your technical competency is not in the above framework, please refer to the profession’s share point page for further information.

Sellafield Ltd are recognised as a Disability Confident Employer (Level 3). Disability Confident employers offer an interview to disabled applicants that meet the minimum criteria for a vacancy. Sellafield Ltd define the minimum criteria as the ‘essential skills’ which are listed on the vacancy notice. Whilst completing your application form, you will be able to indicate if you wish to be considered under the disability confident scheme. If you would prefer to discuss this directly with us, please contact the GBS Recruitment team on recruitment@sellafieldcloud.co.uk

Please ensure that you save a copy of this advert for future reference if you make an application for this role.

The closing date for this vacancy is 5th July 2026.