How to become a SOC Analyst (Security Operations Centre) in the UK — from £28k Tier 1 in an MSSP to £75k Detection Engineer in scale-up tech.
Monitor SIEM, triage low-severity alerts against playbooks, escalate to Tier 2.
Investigate complex incidents, write detection rules (KQL, Sigma, Splunk SPL), own threat hunts.
Build detection content, tune SIEM, run purple-team exercises, mentor Tier 1/2.
Own the SOC operating model, vendor relationships, SOC shift rotation, IR runbooks.
No. UK MSSPs (NTT, BT, Orange, Quorum Cyber) hire on Security+, home lab, and a coherent CV story. Apprenticeship routes also strong.
Build a home SIEM (free Sentinel tenant + Atomic Red Team), publish 3–5 detection write-ups on Medium/GitHub, and apply to MSSP graduate schemes. Conversion rate from MSSP > in-house is high.
Most 24/7 SOCs (MSSP, banks) yes — typical 4-on-4-off rotations. Smaller in-house SOCs often run 9-6 with on-call.
Roughly 18–30 months of consistent detection authoring. Most detection engineers came from Tier 2/3 SOC.
Get a personal gap report, AI Career Twin and practice keyed to your target band.