Saviynt Logo

SOC Analyst III

🔒 Cybersecurity🟣 Senior

Job Description

Location: United Kingdom

Type: Full-time, permanent

Due to the nature of the UK Government projects this role supports, this position is classified as a Reserved Post. In accordance with the Civil Service Nationality Rules, paragraph 1 of Schedule 23 and paragraph 5 of Schedule 22 of the Equality Act 2010, we can only accept applications from persons with UK residency (at least five years).

Successful candidates must undergo National Security Vetting (NSV). This role requires Security Check SC level clearance as a minimum. Any offer of employment is strictly conditional upon the candidate successfully obtaining and maintaining this clearance.

To meet the vetting criteria, you will be required to have been resident in the UK for a minimum of 5 years immediately prior to your application. Failure to obtain clearance or a lapse in residency history may result in the withdrawal of the employment offer, and you will not be entitled to any compensation from Saviynt as a result.

In line with the Immigration, Asylum and Nationality Act 2006, all shortlisted candidates will be required to provide original documentation verifying their Right to Work in the UK and their British Citizenship during the initial interview stage. We conduct thorough Baseline Personnel Security Standard (BPSS) checks as a precursor to all higher-level clearances.

Role Overview:

We are establishing a modern Security Operations Centre designed to deliver proactive, intelligence-driven security outcomes. Moving beyond traditional reactive monitoring, our SOC emphasises AI, automation, detection engineering, and deep cloud security visibility to identify and neutralise sophisticated threats at scale.

The L3 SOC Analyst will act as the senior technical escalation point within the SOC, leading complex investigations, driving automation initiatives, and mentoring junior analysts. This role requires strong hands-on expertise across cloud security, threat hunting, incident response, and orchestration technologies.

WHAT YOU WILL DO:

  • Incident Response & Technical Escalation

  • Act as the final escalation point for complex incidents originating from L1/L2 analysis.

  • Lead investigations into high-severity security events, including those impacting AWS, Azure, Kubernetes clusters and hybrid environments.

  • Perform advanced forensic analysis across endpoints, cloud workloads, and network telemetry to determine root cause, impact, and remediation actions.

  • Correlate telemetry from SIEM, EDR, CSPM, and cloud-native sources to identify sophisticated attack chains.

  • Security Automation & SOAR Engineering

  • Design, develop, and maintain automated response playbooks within the SOAR platform to improve response efficiency.

  • Build and maintain automation scripts (Python, go, etc.) for alert enrichment, evidence collection, and containment.

  • Integrate security platforms via APIs to enable streamlined, automated detection and response workflows.

  • Identify opportunities to reduce Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR) through automation and process optimisation.

  • Threat Hunting & Detection Engineering

  • Conduct proactive threat hunting across enterprise and cloud environments using intelligence-driven and hypothesis-based methodologies.

  • Serve as an SME for cloud security monitoring leveraging tools such as AWS GuardDuty, CloudTrail, CrowdStrike, and Proofpoint.

  • Develop and tune SIEM detections, correlation rules, and EDR queries aligned to MITRE ATT&CK tactics and emerging threat intelligence.

  • Mentorship & Continuous Improvement

  • Provide technical mentoring and guidance to L1/L2 analysts to strengthen SOC capability.

  • Maintain and enhance SOC documentation including SOPs, runbooks, and response playbooks.

  • Analyse incident trends and operational metrics to recommend improvements in detection coverage, automation effectiveness, and security posture.

WHAT YOU BRING:

  • Bachelor’s degree in Computer Science, Cybersecurity, or related discipline (or equivalent industry experience).
  • Extensive experience in Security Operations with demonstrable time in a senior analyst, threat hunter, or L3 role.
  • Strong hands-on experience in cloud security monitoring and incident response across AWS, Azure, or GCP.
  • Proven scripting and automation capability using Python, Go, PowerShell,Bash,etc.
  • Practical experience with SOAR platforms (e.g., CrowdStrike Fusion SOAR) and SIEM technologies (e.g., CrowdStrike Falcon, Splunk, QRadar, Microsoft Sentinel).
  • Deep understanding of EDR tooling, host/network forensics, and detection engineering practices.
  • Strong working knowledge of the MITRE ATT&CK framework and its application in threat detection and hunting.
Share this job:
Please let Saviynt know you found this job on Remote First Jobs 🙏

6 similar remote jobs

Explore latest remote opportunities and join a team that values work flexibility.

View all jobs
ExtraHop logo

Software Engineer III Middleware

ExtraHop

$145k-$160k 3 Days ago
ExtraHop logo

Software Engineer III

ExtraHop

$125k-$149k Week ago
Agile Defense logo

Incident Response Team Lead

Agile Defense

2 Weeks ago
CoreWeave logo

Vulnerability Remediation Engineer II

CoreWeave

$173k-$181k Month ago
CoreWeave logo

Senior Supply Chain Compliance Analyst (SOX)

CoreWeave

$143k-$210k 2 Months ago

Remote companies like Saviynt

Find your next opportunity with companies that specialize in Continuous Controls Monitoring, Rbac / Abac Policy Management, Infrastructure Access Security, and Identity Analytics & Intelligence. Explore remote-first companies like Saviynt that prioritize flexible work and home-office freedom.

All companies
Britive Logo

Britive

11-50 www.britive.com

An agent-less, proxy-less, cloud-native Privileged Access Management (CPAM) platform for multi-cloud and hybrid environments.

View company profile →
StrongDM Logo

StrongDM

51-200 www.strongdm.com

A Zero Trust Privileged Access Management platform for secure infrastructure access.

View company profile →
Simeio Logo

Simeio

501-1000 simeio.com

Provides Identity and Access Management (IAM) managed services and Identity as a Service (IDaaS) globally.

View company profile →
GuidePoint Security Logo

GuidePoint Security

1001-5000 www.guidepointsecurity.com

Provides trusted cybersecurity expertise, solutions, and services to minimize risk for organizations.

View company profile →
Symmetry Systems Logo

Symmetry Systems

11-50 www.symmetry-systems.com

A Data+AI Security platform for data protection, threat detection, compliance, and AI risk reduction.

View company profile →
Xage Security Logo

Xage Security

51-200 www.xage.com

Provides zero trust access and protection for IT, OT, and cloud environments with the Xage Fabric Platform.

View company profile →

Project: Career Search

Rev. 2026.3

[ Remote Jobs ]
Direct Access

We source jobs directly from 21,000+ company career pages. No intermediaries.

Search Jobs Post a Job
01

Discover Hidden Jobs

Unique jobs you won't find on other job boards.

02

Advanced Filters

Filter by category, benefits, seniority, and more.

03

Priority Job Alerts

Get timely alerts for new job openings every day.

04

Manage Your Job Hunt

Save jobs you like and keep a simple list of your applications.

21,000+ SOURCES UPDATED 24/7
Apply