Security Operations Engineer

📋 Description

• • Be the first line of cyber-defence for the UK’s fastest-growing fintech. As a Security Operations Engineer at Allica Bank you will sit at the heart of a cloud-native bank that protects over a third of the UK economy—established SMEs who have been overlooked by traditional banks and flashy start-ups alike. Every alert you triage, every playbook you refine and every threat you neutralise keeps local businesses trading, communities thriving and Allica’s reputation intact.
• • Own real-time monitoring and triage across our full security stack. You will ingest and interpret thousands of events per day from CrowdStrike Falcon, Microsoft Sentinel SIEM, Abnormal Security, Netskope, Varonis and more. Your judgement decides what is noise and what needs immediate containment—often within minutes. You will build and tune detection rules in KQL, YARA and Sigma to cut false positives by double-digit percentages and ensure the SOC only escalates genuine risk.
• • Lead end-to-end incident response. When an endpoint starts beaconing or an Entra ID sign-in looks suspicious, you will be the engineer who pivots from log to host to identity in minutes. You will coordinate with IT, Engineering and Customer Success to isolate hosts, revoke tokens, reset MFA and communicate clearly to non-technical stakeholders. After action, you will run blameless post-mortems, feed lessons back into detection logic and update run-books so the next response is even faster.
• • Automate everything that can be automated. Repetitive tasks are your enemy. You will write PowerShell, Python or Bash scripts that auto-enrich alerts, open Jira tickets and trigger SOAR playbooks. You will integrate Qualys scan data with Sentinel to auto-create vulnerability tickets and use Logic Apps to auto-remediate risky OAuth grants. Your code will be peer-reviewed, version-controlled and celebrated when it saves hours of analyst time.
• • Shape the future of Allica’s security architecture. You will not just operate tools—you will influence which ones we buy next. You will pilot new EDR features in our dev tenant, run purple-team exercises with our OffSec squad and present findings to the CISO. If you believe a new MITRE ATT&CK technique deserves its own detection analytic, you will prototype it, test it and push it to production within days.
• • Drive compliance without slowing delivery. You will map daily SOC activities to ISO 27001 controls, NIST CSF categories and Bank of England regulations. You will maintain evidence packs that make auditors smile and help product teams understand how “secure by design” actually speeds up releases. When a new regulatory requirement drops, you will translate it into actionable detection rules and policy-as-code.
• • Champion a culture of security across the bank. You will create short, punchy threat briefings for Slack, run phishing simulation campaigns that people actually learn from and mentor junior analysts. Your voice will be heard in our weekly “Security & Scones” sessions where engineers demo new tools over pastries.
• • Work in a truly flexible, human-first environment. Whether you prefer early-bird shifts or deep-work afternoons, we will build a rota that fits your life. You can work fully remote from Bangalore or drop into our co-working hub when you need whiteboard space. Either way, you will stay connected through our modern stack of Teams, Notion and Miro.