This isn’t a traditional SOC role. At Our Future Health, the “boring bits” of the SOC are outsourced, leaving you with the exciting, high‑impact work that shapes how we detect and respond to threats at scale. You’ll collaborate closely with our inhouse Threat team and our outsourced SOC partner, building unique detection capabilities that go beyond just SIEM detections, all to help us stay ahead of attackers across a cutting‑edge cloud environment.

If you’re excited by Microsoft security tools, and the idea of helping shape how a national‑scale programme detects threats, we’d love to hear from you.

At Our Future Health, our mission is to transform the prevention, detection and treatment of conditions such as dementia, cancer, diabetes, heart disease and stroke. If you want your work to contribute to something meaningful, this is the place to grow your career.

What you’ll be doing

• Developing and improving threat‑led detections using Microsoft Sentinel and KQL.
• Working with our threat team and outsourced SOC to tune and maintain our detection rules.
• Supporting the configuration and tuning of Microsoft Purview tools such as DLP and Insider Risk Management.
• Leveraging cloud‑native log sources (Azure, Kubernetes, SaaS apps) to spot suspicious activity.
• Helping create dashboards and reports using Sentinel workbooks.
• Documenting processes, detections, and configurations so our security operations stay consistent and high‑quality.
• Collaborating with engineers and analysts across the tech team to ensure our systems are monitored effectively.

What you won’t be doing

• Working in a siloed environment with no freedom to make decisions.
• Working in a place where you can’t see the impact your expertise makes.

At Our Future Health, we recognise the importance of having a diverse workforce and ensuring that all candidates, regardless of their background, have equitable access to our application process. We proactively encourage applicants who identify as having a disability, neurodiversity, or long-term health conditions to let us know if they require any reasonable adjustments as part of their application process. 

If you do require any reasonable adjustments, please email us at talent@ourfuturehealth.org.uk 

We’re open to applicants who are earlier in their careers or looking to re-specialise, you don’t need prior detection engineering experience to be considered. We require a basic understanding of cyber security and some entry‑level scripting or programming ability. You should also be comfortable exploring and making sense of complex datasets. Most importantly, you should be ready to learn quickly and build the skills needed for the role. Ideally, you will already be able to demonstrate some of the following skills and experience:

• Experience writing KQL (or writing other scripting/programming/query languages)
• Hands‑on exposure to Microsoft Sentinel or similar SIEM tools.
• Familiarity with Microsoft Defender products (Defender for Endpoint / O365).
• Understanding of Azure or other cloud platforms.
• Interest in attacker behaviours, TTPs, and frameworks like MITRE ATT&CK.
• Knowledge of statistics, data science and AI/ML, in particular when applied to cyber security, would be a bonus.
• A collaborative mindset and desire to grow in a fast‑paced security team.
• Relevant certifications (Security+, SC‑200, AZ‑500) are helpful but not essential.

Disclaimer: We will be interviewing for this role as suitable applications are received and may close this role before the closing date upon a successful candidate being appointed.