Job Title: Staff Security Engineer

Reports To: SOC Engineering Manager
Skip-Level Manager: Senior Director, Security Operations

Role Summary:

Pearson’s Security Operations Centre is seeking a technically skilled and operationally mature Senior SOC Engineer to lead the design, implementation, and optimisation of security tooling and infrastructure. This role will be instrumental in advancing Pearson’s detection capabilities, automation workflows, and integration of security platforms across the enterprise.

The successful candidate will serve as a technical authority within the SOC, driving engineering excellence, supporting incident response, and collaborating across teams to ensure Pearson’s security posture remains robust and adaptive to emerging threats.

Key Responsibilities:

Security Engineering & Tooling

• Design, deploy, and maintain SIEM, SOAR, EDR, UEBA, and other SOC tooling.
• Develop and optimise detection content, including correlation rules, playbooks, and alert logic.
• Build automation workflows for incident response, enrichment, and case management.

Platform Integration & Data Engineering

• Integrate security platforms with enterprise systems to ensure seamless data flow and actionability.
• Establish onboarding pipelines for new log sources and data feeds.
• Maintain and enhance the detection stack, ensuring high fidelity and low false positives.

Operational Support & Incident Response

• Support SOC analysts during investigations and incident response.
• Tune detection logic based on threat intelligence and operational feedback.
• Lead technical escalations and provide guidance on remediation strategies.

Collaboration & Enablement

• Work closely with CTI, IRM, and compliance teams to operationalise threat intelligence.
• Mentor junior engineers and analysts, fostering a culture of continuous improvement.
• Contribute to SOC maturity initiatives and roadmap development.

Required Skills & Experience:

• 5+ years of experience in SOC engineering, detection content development, or security platform integration.
• Strong understanding of SIEM/SOAR architecture and incident response workflows.
• Hands-on experience with platforms such as Splunk, Siemplify, Sentinel, or similar.
• Proficiency in scripting languages (Python preferred) for automation and enrichment.
• Familiarity with MITRE ATT&CK, threat modelling, and detection engineering best practices.
• Excellent documentation and communication skills.

Preferred Qualifications:

• Experience in regulated environments or government-aligned SOC operations.
• Exposure to cloud security (AWS, Azure, GCP) and hybrid infrastructure.
• Certifications such as GCIA, GCIH, OSCP, or equivalent.
• Experience with AI-driven detection and emerging security technologies.