Principal Security Analyst

Insight Enterprises is a Fortune 500 Solutions Integrator helping organizations accelerate transformation by unlocking the power of people and technology.\n\nWith a 35-year foundation in hardware and software supply chain augmenting our deep expertise in cloud, data, AI, cybersecurity, and intelligent edge, we guide organizations through complex digital decisions to achieve extraordinary results.\n\nJob Title: Principal Security Analyst \nLocation: UK \u2013 Uxbridge, Manchester, or Sheffield. \nOn\u2011call: Yes \u2013 7\u2011day on\u2011call rota every other week.\n\nWe are looking for a Principal Security Analyst to play a key leadership role in our multi\u2011client SOC. This is a senior, day\u2011shift position where you will take ownership of complex security incidents, lead our security engineering function, and work closely with clients across onboarding, BAU and occasional pre\u2011sales activities.\n\nYou will join a growing SOC team supporting 3\u20134 key clients, working primarily with the Microsoft Defender and Sentinel ecosystem, Tenable for vulnerability management, and ServiceNow for ticketing and workflows.\n\nSo, if this is of interest to you then we would be keen to hear from you!\n\n***This role we are offering is a Hybrid position; you will be expected to come into the office three times a week as part of your responsibilities. *** \n\nKey responsibilities:\n\n * Lead and support the SOC team:\n * Provide day-to-day leadership and technical guidance to Security \u0026 Senior Security Analysts.\n * Function as an escalation point for complex incidents and investigations.\n * Coach, mentor, and develop teammates to continually raise the bar.\n * Own incident investigation \u0026 response:\n * Respond to complex security incidents, performing deep-dive investigations and root-cause analysis.\n * Ensure accurate, high-quality incident documentation and post-incident review.\n * Collaborate with other security and operations teams to drive timely resolution and clear stakeholder updates.\n * Optimise our security platforms \u0026 processes:\n * Tune and maintain security platforms (e.g., SIEM, IDS/IPS, firewalls) to improve detection, triage, and response.\n * Develop and maintain security tools and technologies to enhance SOC capabilities.\n * Create and refine security procedures, playbooks, and guidelines for consistent, effective response.\n * Drive continuous improvement \u0026 new services:\n * Continuously monitor and review our security posture and recommend improvements.\n * Function as a key contributor to new SOC service offers, such as Threat \u0026 Vulnerability Management.\n * Work closely with the Senior Security Operations Manager and Senior Analysts to shape the SOC technology roadmap and align with Insight\u2019s growth strategy.\n * Partner with clients \u0026 Service Delivery Managers:\n * Collaborate directly with clients to understand their unique security needs and tailor services accordingly.\n * Support client-specific rule sets and mitigation advice.\n * Be a key technical advisor to Service Delivery Managers, contributing to strong, long-term client relationships.\n\n\n * Function as a senior point of escalation for SOC analysts on complex or high\u2011severity incidents.\n * Monitor, investigate, and respond to security alerts across:\n * Microsoft Sentinel, Microsoft Defender suite (Defender for Endpoint, Defender for Cloud, etc.)\n * Tune and optimise detection rules, playbooks and use cases to reduce noise and improve detection quality.\n * Support and mentor junior SOC analysts \u2013 reviewing cases, coaching on investigation techniques, and helping them grow.\n * Work tickets and workflows in ServiceNow as part of incident and request handling.\n * Engage directly with clients to explain findings, remediation steps, and risk in clear, non\u2011jargon language.\n\n\n * Lead / contribute to weekly incident review and threat review meetings.\n * Collaborate with clients and internal teams on onboarding activities (new log sources, new use cases, new environments).\n * Collaborate with security engineering and platform teams on improvements to the SOC toolset and processes.\n * Participate in the on\u2011call rota every other week, providing out\u2011of\u2011hours escalation support.\n\n\n * Own and drive continuous improvement initiatives for the SOC (use\u2011case roadmap, automation, reporting).\n * Support vulnerability management cycles using Tenable \u2013 reviewing scan results, prioritising vulnerabilities, and advising on remediation.\n * Contribute to client\u2011facing reports, service reviews, and improvements to KPIs and SLAs.\n * Provide input into pre\u2011sales / solution design for prospective SOC clients (e.g., explaining service capabilities, toolsets, and onboarding approach).\n * Help shape wider SOC strategy, standards, and best practice.\n * \n\n\nKey skills and experience required:\n\n * Strong client\u2011facing and communication skills \u2013 able to translate technical detail into business\u2011relevant language.\n * Comfortable operating as a senior / principal figure in the SOC, influencing direction and standards.\n * Collaborative, initiative-taking, and able to work effectively in a small, growing team.\n * Experience in cyber security, with a strong background in a SOC environment.\n * Experience working in a multi\u2011client SOC / MSSP or large consultancy is highly desirable.\n * Proven experience handling and leading high\u2011severity incidents end\u2011to\u2011end\n * Solid understanding of common attack techniques, incident response, and threat detection.\n * Ability to quickly become productive with minimal hand\u2011holding in a Microsoft\u2011centric SOC stack.\n * Strong hands\u2011on experience with:\n\n\n\nMicrosoft Sentinel, Microsoft Defender (e.g., Defender for Endpoint, Defender for Cloud), ServiceNow (or similar ITSM platform), Vulnerability Management tools, ideally Tenable.\n\n * Nice to have:\n * Microsoft SC\u2011200 (Security Operations Analyst).\n * Microsoft SC\u2011300 (Identity and Access Administrator).\n * CompTIA Security+.\n\n\n\nMust be eligible for UK Security Clearance (SC).\n\nAbout Insight: \n\nWe believe that by giving you the freedom to think big and empower you to reach your full potential, together we will achieve the best outcomes. Along with excellent benefits and a compelling reward package, we offer the opportunity to work in a supportive environment with a high level of autonomy and creativity - there\u2019s a reason our average employee tenure is over 6 years. \n\nWe strive to display our three core values of Hunger, Heart and Harmony every day. They represent and drive who we are here at Insight and by doing so we are doing amazing things. Insight started in a garage in 1988 and it is through harnessing our three core values that two brothers, Eric and Tim Crown, steered Insight to the Fortune 500 company it is today. We are now a Global IT Services and Solutions business, passionate about helping customers and the real people who sit behind them. \n\nApplication Details: \n\nInsight is an equal opportunity employer, and we are committed to achieving diversity and equality within our organisation. We seek out people from diverse backgrounds and encourage you to apply. \n\nWe will endeavour to contact you within five business days, should we feel your profile is a good match for this role. If you do not hear from us within this timeframe, please presume that on this occasion, your application was not successful. \n\nA full job description will be provided upon application. \n\nInsight is committed to providing equal opportunities for all applicants and recognizes and values the unique talents and perspectives which individuals with disabilities bring to our workplace and we encourage them to apply. Any information provided regarding changes or adjustments will be kept confidential and used solely for the purpose of ensuring all our candidates can perform at their very best during the recruitment process.\n