Senior SOC Analyst

Motorway is the UK’s fastest-growing used car marketplace - our online-only platform connects private car sellers with thousands of verified dealers nationwide, ensuring everyone gets the best deal. Founded in 2017, our award-winning, technology-led approach has redefined the experience of selling a car. Motorway is backed by some of the world’s leading technology investors, having raised £143 million in Series C funding.

This is a unique opportunity to join a fast-growing scale-up at a crucial phase of growth and help change an industry for the better.

We’re looking for an experienced Senior SOC Analyst to assist in the development, enhancement and execution of our Security Operations capability. The successful candidate will develop SOC processes, procedures and workflows for systems security monitoring and security incident response. This role will work collaboratively with other business technical and non-technical teams.

• Triage & Analysis: This is the bread and butter. The focus here should be on MTTD (Mean Time to Detect).

• End-to-End IR: Leading incidents requires not just technical skill, but "Incident Commander"

• Vulnerability & Threat Hunting: This is proactive. Instead of waiting for an alarm, the lead should be searching for "indicators of compromise" (IoCs) based on recent threat intelligence.

• Runbook Development: If a process is done more than twice, it should be in a runbook. In 2026, these are often "Executable Runbooks" (Python/Bash) rather than just PDFs.

• Tooling & Alarms: This involves the maintenance of your SIEM/SOAR.

• Coverage & Noise Reduction: This is critical for preventing "SOC Fatigue." A lead must ruthlessly tune out "false positives" so the team only sees high-fidelity alerts.

• Platform & Software Engineering: This is the "Shift Left" approach.

  • Platform: Ensuring Kubernetes/Cloud environments are hardened.

  • Software: Implementing Secure by Design (e.g., automated SAST/DAST in the CI/CD pipeline).

• Tabletops & War Games: You don't want the first time a team handles a ransomware attack to be during a real one. Regular exercises are the NCSC-recommended way to build "muscle memory."

• Audit & Metrics: Developing dashboards that show MTTR (Mean Time to Respond) and Vulnerability Burn-down rates for the Head of Sec.

• Secure by Design: Act as a security champion for Software and Platform Engineering teams to ensure "Security-as-Code" is integrated into CI/CD pipelines.

• Advanced Threat Hunting: Proven ability to proactively hunt for threats using the MITRE ATT&CK framework, rather than solely relying on automated alerts.

• Cloud Security Operations: Hands-on experience securing AWS and GCP environments. You must be comfortable with cloud-native logging and security tooling ( Chronicle).

• Forensics & Investigation: Mastery of deep-dive systems forensics on both Windows and macOS. You should be able to reconstruct a timeline of events from memory dumps and filesystem artefacts.

• Automation & Scripting: Proficiency in Python or Go for automating SOC workflows (SOAR) and creating custom detection logic via SQL or Sigma rules.

• Modern Observability: Experience with developer-centric observability tools (e.g., Logfire, OpenTelemetry) to monitor LLM interactions and API security.

• Audit & Reporting: Ability to develop and maintain automated dashboards for MTTR (Mean Time to Respond) and MTTD (Mean Time to Detect) for executive reporting.

• Incident Commander: Ability to lead high-severity incidents end-to-end, managing technical workstreams while providing clear, non-technical updates to senior stakeholders.

• Detection Engineering: Expertise in tuning SIEM/EDR (e.g.,Wiz, CrowdStrike, NetSkope) to reduce noise and maintain "data freshness."

• Playbook Development: Proven experience designing and implementing executable runbooks that standardise response for ransomware, phishing, and cloud-account takeovers.

• Infrastructure Knowledge: Strong understanding of network protocols (TLS 1.3), API security (OAuth/OIDC), and container security (Kubernetes/Docker).

• Readiness Exercises: Experience organising and running Tabletop Exercises and "War Games" to test organisational resilience.

• Mentorship: A commitment to up-skilling junior analysts and fostering a culture of continuous learning and technical excellence.

• Standards: Good working knowledge of ISO27001, NIST CSF, and PCI DSS v4.0 (specifically 3rd-party compliance).

• A competitive salary

• BUPA health insurance

• Discounted gym membership through BUPA

• OnHand volunteering membership and one paid volunteering day per year

• Hybrid working

• Pension scheme

• Motorway car leasing scheme - lease a zero-emissions electric vehicle at a significant discount

• Enhanced parental leave - We offer enhanced maternity pay (26 weeks of full pay) and enhanced paternity pay (4 weeks of full pay) to eligible employees.

• Workplace nursery scheme

• Regular social events

• Cycle to work scheme

We are committed to equality of opportunity for all employees. We work to provide a supportive and inclusive environment where people can maximise their full potential. We believe our workforce should reflect a variety of backgrounds, talents, perspectives and experiences. Our strong commitment to a culture of inclusion is evident through our constant focus on recruiting, developing and advancing individuals based on their skills and talents.

We welcome applications from all individuals regardless of age, disability, sex, gender reassignment, sexual orientation, pregnancy and maternity, race, religion or belief and marriage and civil partnerships.