This isn’t your average SOC role. At Our Future Health, the “boring bits” of the SOC are outsourced, leaving you with the exciting, high‑impact work that shapes how we detect and respond to threats at scale. You’ll collaborate closely with our inhouse Threat team and our outsourced SOC partner, building unique detection capabilities that go beyond just SIEM detections. Think KQL scripting, Microsoft Sentinel, Azure, Kubernetes, and cloud‑native log sources, all while applying MITRE frameworks and helping to configure and tune other core security controls like DLP to keep us ahead of the threat landscape.

If you want to design detections that matter, and be part of something unique that is the first of it's kind at this scale, then this is the role for you.

At Our Future Health, our mission is to transform the prevention, detection and treatment of conditions such as dementia, cancer, diabetes, heart disease and stroke.  We’re looking for people to join us on our journey. If you’re looking for a new challenge where you can contribute to helping future generations live in good health for longer, then we’re keen to speak with you.

What you’ll be doing

• Developing new threat-led detections in collaboration with our threat team based on both threat intelligence and the results of threat hunts.
• Creating novel analytic methods and techniques for incident detection.
• Working with our MSP provided SOC to maintain our detection catalogue and tune existing rules.
• Developing and tuning Data Loss Prevention, Insider Risk Management and other types of security rules within Microsoft Purview and other key security monitoring tools.
• Alongside our Head of Cyber Defence, supervising the MSP SOC to ensure a high-quality service is provided, detections and other types of engineering work are delivered to the appropriate standard and that the maturity (inc. efficiency) of our security monitoring is continually improving.
• Supporting the development of automated custom reports on security operational performance and broader security topics (using Sentinel workbooks).
• Collaborating with wider tech and security teams on the appropriate security monitoring for our various systems, including cloud platforms, SaaS applications and inhouse developed systems. 
• Documenting security processes and security tool low-level design/configuration.
• Contributing to the development of security service delivery and operation documentation.
• Supporting the security engineers, threat analysts and wider security team with their various responsibilities, including achieving and maintaining ISO 27001 certification and anything that involves KQL.

What you won’t be doing

• Working in a siloed environment with no freedom to make decisions.
• Working in a place where you can’t see the impact your expertise makes.

At Our Future Health, we recognise the importance of having a diverse workforce and ensuring that all candidates, regardless of their background, have equitable access to our application process. We proactively encourage applicants who identify as having a disability, neurodiversity, or long-term health conditions to let us know if they require any reasonable adjustments as part of their application process. 

If you do require any reasonable adjustments, please email us at talent@ourfuturehealth.org.uk 

To succeed in this role you will be able to demonstrate some of the following skills and experience:

• Highly proficient in writing KQL and ideally some level of proficiency in Python and Terraform.
• Significant hands-on experience with Microsoft Sentinel.
• Experience with Microsoft’s Defender suite, in particular Defender for Endpoints and Defender for O365.
• Experience with Microsoft Entra ID (previously AAD), including the Identity Governance capabilities.
• Experience with Microsoft Purview tooling, in particular MPIP and Purview Data Loss Prevention.
• Experience with cloud-native logging (in particular Azure and Kubernetes).
• Experience of an ‘everything-as-code’, or at least a ‘detection-as-code’ approach, including CI/CD pipelines.
• Exposure to working with/inside an MSP SOC.
• Exposure to Agile working.
• Knowledge of attacker Tactics, Techniques and Procedures (TTPs).
• Knowledge of statistics, data science and AI/ML, in particular when applied to cyber security.
• Knowledge of ISO 27001.
• Desire to be part of a small fast-paced team.
• Relevant certifications, such as: Microsoft certifications (MS-500, AZ-500, SC-200, SC-300, SC-400), CompTIA Security+, GIAC Security Operations Certified (GSOC), Cloud Security Alliance CCSK.

Disclaimer: We will be interviewing for this role as suitable applications are received and may close this role before the closing date upon a successful candidate being appointed.