Job Description

Posted 1 week ago

SOC Architect (Detection Engineering & Technical Lead)

London (onsite 4 days/week)

3 months – with extensions

Inside IR35 – Umbrella only

Active SC cleared or eligible candidates will be considered

Purpose: Technical owner of SIEM/XDR architecture, responsible for migrating LogRhythm to Sentinel, migrating AV to MDE, building detections, integrations, and automation, and shaping the SOC technology roadmap.

Key Requirements:

Deep hands-on expertise with Microsoft Sentinel (KQL, analytic rules, UEBA, SOAR).
Proven experience migrating from LogRhythm or another legacy SIEM to Sentinel.
Strong experience building and tuning detections mapped to MITRE ATT&CK.
Experience migrating Trend Micro → Microsoft Defender for Endpoint.
Knowledge of integrating Trellix/McAfee, CyberArk, identity logs, cloud logs, and endpoint telemetry.
Ability to design ingestion pipelines, schemas, normalisation and enrichment.
Strong threat hunting and detection engineering background.
SC clearance desirable.Profile needed: Senior SIEM/XDR engineer capable of architecting, building, and optimising a modern Microsoft-led SOC stack