A skilled SOC Engineer is required to support the design, configuration, and optimisation of a mature security operations capability within a critical public sector environment. The successful candidate will be responsible for the deployment, tuning, and continual improvement of advanced detection and response tooling, with a focus on the Microsoft Security Stack and Azure-native technologies. This is a hands-on engineering role with cross-functional engagement across detection teams, infrastructure, and threat response. Key ResponsibilitiesEngineer and maintain security tooling, including:Microsoft Sentinel - connector management, rule tuning, data enrichmentMicrosoft Defender solutions (Endpoint, Identity, Cloud Apps)Develop and refine detection logic using KQL, and implement SOAR playbooks via Logic Apps.Integrate data sources from hybrid environments (cloud/on-premise) into the SIEM.Optimise alert fidelity and reduce false positives through rule refinement and log tuning.Support the SOC function by identifying and addressing detection gaps.Collaborate with infrastructure and operations teams to ensure telemetry quality and visibility.Contribute to engineering playbooks, architectural documentation, and automation pipelines.Support threat hunting, red/blue team simulation readiness, and post-incident forensic analysis.