Job Title: Staff Security Engineer

Reports To: SOC Engineering Manager
Skip-Level Manager: Senior Director Security Operations

Role Summary:

Pearsons Security Operations Centre is seeking a technically skilled and operationally mature Senior SOC Engineer to lead the design implementation and optimisation of security tooling and infrastructure. This role will be instrumental in advancing Pearsons detection capabilities automation workflows and integration of security platforms across the enterprise.

The successful candidate will serve as a technical authority within the SOC driving engineering excellence supporting incident response and collaborating across teams to ensure Pearsons security posture remains robust and adaptive to emerging threats.

Key Responsibilities:

Security Engineering & Tooling

• Design deploy and maintain SIEM SOAR EDR UEBA and other SOC tooling.
• Develop and optimise detection content including correlation rules playbooks and alert logic.
• Build automation workflows for incident response enrichment and case management.

Platform Integration & Data Engineering

• Integrate security platforms with enterprise systems to ensure seamless data flow and actionability.
• Establish onboarding pipelines for new log sources and data feeds.
• Maintain and enhance the detection stack ensuring high fidelity and low false positives.

Operational Support & Incident Response

• Support SOC analysts during investigations and incident response.
• Tune detection logic based on threat intelligence and operational feedback.
• Lead technical escalations and provide guidance on remediation strategies.

Collaboration & Enablement

• Work closely with CTI IRM and compliance teams to operationalise threat intelligence.
• Mentor junior engineers and analysts fostering a culture of continuous improvement.
• Contribute to SOC maturity initiatives and roadmap development.

Required Skills & Experience:

• 5 years of experience in SOC engineering detection content development or security platform integration.
• Strong understanding of SIEM/SOAR architecture and incident response workflows.
• Hands-on experience with platforms such as Splunk Siemplify Sentinel or similar.
• Proficiency in scripting languages (Python preferred) for automation and enrichment.
• Familiarity with MITRE ATT&CK threat modelling and detection engineering best practices.
• Excellent documentation and communication skills.

Preferred Qualifications:

• Experience in regulated environments or government-aligned SOC operations.
• Exposure to cloud security (AWS Azure GCP) and hybrid infrastructure.
• Certifications such as GCIA GCIH OSCP or equivalent.
• Experience with AI-driven detection and emerging security technologies.