Motorway is the UK's fastest-growing used car marketplace and is looking for a Senior SOC Analyst to assist in the development, enhancement, and execution of their Security Operations capability. The successful candidate will develop SOC processes, procedures, and workflows for systems security monitoring and security incident response. The role will involve triage and analysis, end-to-end IR, vulnerability and threat hunting, runbook development, tooling and alarms, coverage and noise reduction, platform and software engineering, tabletops and war games, audit and metrics.
Requirements
- Secure by Design: Act as a security champion for Software and Platform Engineering teams to ensure 'Security-as-Code' is integrated into CI/CD pipelines.
- Advanced Threat Hunting: Proven ability to proactively hunt for threats using the MITRE ATT&CK framework, rather than solely relying on automated alerts.
- Cloud Security Operations: Hands-on experience securing AWS and GCP environments. You must be comfortable with cloud-native logging and security tooling (Chronicle).
- Forensics & Investigation: Mastery of deep-dive systems forensics on both Windows and macOS. You should be able to reconstruct a timeline of events from memory dumps and filesystem artefacts.
- Automation & Scripting: Proficiency in Python or Go for automating SOC workflows (SOAR) and creating custom detection logic via SQL or Sigma rules.
- Modern Observability: Experience with developer-centric observability tools (e.g., Logfire, OpenTelemetry) to monitor LLM interactions and API security.
- Audit & Reporting: Ability to develop and maintain automated dashboards for MTTR (Mean Time to Respond) and MTTD (Mean Time to Detect) for executive reporting.
- Incident Commander: Ability to lead high-severity incidents end-to-end, managing technical workstreams while providing clear, non-technical updates to senior stakeholders.
- Detection Engineering: Expertise in tuning SIEM/EDR (e.g.,Wiz, CrowdStrike, NetSkope) to reduce noise and maintain 'data freshness.'
- Playbook Development: Proven experience designing and implementing executable runbooks that standardise response for ransomware, phishing, and cloud-account takeovers.
- Infrastructure Knowledge: Strong understanding of network protocols (TLS 1.3), API security (OAuth/OIDC), and container security (Kubernetes/Docker).
- Readiness Exercises: Experience organising and running Tabletop Exercises and 'War Games' to test organisational resilience.
- Mentorship: A commitment to up-skilling junior analysts and fostering a culture of continuous learning and technical excellence.
- Standards: Good working knowledge of ISO27001, NIST CSF, and PCI DSS v4.0 (specifically 3rd-party compliance).
Benefits
- A competitive salary
- BUPA health insurance
- Discounted gym membership through BUPA
- OnHand volunteering membership and one paid volunteering day per year
- Hybrid working
- Pension scheme
- Motorway car leasing scheme - lease a zero-emissions electric vehicle at a significant discount
- Enhanced parental leave - We offer enhanced maternity pay (26 weeks of full pay) and enhanced paternity pay (4 weeks of full pay) to eligible employees.
- Workplace nursery scheme
- Regular social events
- Cycle to work scheme
