Jobs in London, United Kingdom

Nomios' mission is to build a ‘secure and connected’ future. Organisations across Europe depend on us to help secure and connect their digital infrastructures. In support of our continued UK growth, we are seeking a SOC Analyst to join our 24/7 Security Operations Centre. This is an excellent opportunity for someone early in their SOC career, or for an individual with a strong infrastructure and networking background looking to transition into cyber security operations.

You will be working across a diverse set of customer environments as part of our Security Operations Centre, focusing on investigation, understanding attacker behaviour and contributing to the continual improvement of SOC capabilities.

As a 24/7 SOC Analyst, you will be on the frontline of our Security Operations Centre - monitoring, investigating and escalating security events across multiple customer environments. You will work closely with Senior and Lead Analysts for guidance, development and collaborative investigation. You will use platforms such as Microsoft Sentinel, Google SecOps, Defender XDR, CrowdStrike Falcon, SentinelOne and Cortex XSOAR/XSIAM to understand what has happened, how activity progressed and what actions need to be taken. You will be supported through structured training, cyber ranges, hands‑on exposure to modern SOC technologies and real investigation experience to help you grow quickly.

You will join a modern, continuously evolving SOC run by people who are technical at heart and understand what analysts need to succeed. Career development is a core focus, with clear pathways into Threat Intelligence, SOC Engineering, SOC Professional Services, senior SOC roles and Incident Response for those who want to specialise. You’ll be part of a collaborative, agile team that values curiosity, humour and a genuine interest in technology. The environment is built around continuous improvement, with everyone having a voice in shaping how the department evolves. Regular team events and knowledge‑sharing sessions create a supportive, engaging place to work.

• Monitor and triage alerts across SIEM, EDR or XDR, email and web security platforms.
• Investigate suspicious activity and determine whether escalation is required.
• Follow SOC runbooks and investigation workflows.
• Build clear timelines of activity and maintain accurate investigation notes.
• Escalate complex cases to Senior and Lead Analysts with appropriate context.
• Review vulnerability management output and provide basic prioritisation insight.

• Take part in directed threat hunting activities.
• Suggest improvements to detections, dashboards and runbooks.
• Support testing of new use cases and detection logic.

• Provide clear written updates for customers and internal stakeholders.
• Participate in shift handovers to maintain continuity.
• Work closely with Senior and Lead Analysts to develop your skills and technical depth.

We hire result‑orientated, smart, and high‑energy individuals who bring a can‑do attitude and a willingness to go the extra mile and deliver exceptional outcomes. You should be organised and rigorous, with excellent analytical skills. Good communication with internal stakeholders is vital, as is the ability to work as part of a dynamic team.

• Minimum 1 year in a Security Operations Centre (SOC), or
• Minimum 3 years in infrastructure or networking roles with demonstrable security exposure.
• Experience triaging and investigating security alerts.
• Understanding of attacker behaviours, TTPs, and common malware execution chains (e.g., phishing leading to script or binary execution).
• Ability to recognise indicators of compromise such as unusual processes, network connections, irregular logon activity or file changes.
• Hands‑on experience with at least one major security platform (SIEM, EDR or XDR).
• Familiarity with ticketing tools such as ServiceNow, Salesforce, or JIRA.
• Familiarity with Windows event logs, authentication logs, basic process trees, and command‑line tools (Windows & Unix‑like systems).
• Understanding of core network protocols: DNS, HTTP, SMB, LDAP.
• Operational knowledge of Windows, macOS and Linux.
• Ability to read and interpret logs from multiple sources.
• Awareness of MITRE ATT&CK and differentiating legitimate admin activity vs suspicious behaviour.

• Experience with Microsoft Sentinel, Google SecOps or other SIEM platforms.
• Experience with Defender, CrowdStrike, SentinelOne or other XDR solutions.
• Ability to query in KQL, CQL, S1QL, XQL or similar languages.
• Awareness of threat intelligence concepts and application to investigations.
• Awareness of coding or scripting, with proficiency in at least one language preferred (but not required).

• Location: This role is home‑based with occasional visits to the office in Basingstoke.
• Hours: 12‑hour shifts: 2 days, 2 nights; 4 days/nights off. Flexibility with hours will be required in the event of a major incident.
• Security clearance: Eligibility for SC clearance (lived in the UK for five years consecutively) required. DV clearance eligibility is advantageous.

We invest in our people. You will get to work in a dynamic, fast‑paced environment where you are free to use your initiative in support of our strategic objectives. You will work alongside high calibre sales, technical, and operational experts as part of a supportive, tight‑knit team, within which every individual has an important part to play and makes a real difference. Nomios offers a highly competitive salary and commission scheme along with industry‑leading benefits.

Apply now!

Nomios is an equal opportunity employer and is committed to creating and sustaining an environment in which everyone is provided with an equal opportunity to grow and develop, and no individual will be unjustly discriminated against. This includes, but is not limited to, discrimination because of age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion and belief, sex and sexual orientation.