Lead the day-to-day operation of the Security Operations Centre, ensuring high-quality security monitoring, incident response and threat detection services.
Provide technical leadership, mentoring and coaching to SOC Analysts, supporting their development and driving consistent investigation standards.
Act as the senior escalation point for complex or high-priority security incidents, providing technical oversight and coordinating response activities.
Oversee incident investigations using Microsoft Sentinel, Microsoft Defender XDR and Microsoft Entra ID, ensuring incidents are accurately prioritised, investigated and resolved.
Drive continuous improvement across SOC processes, detection engineering, automation, playbooks and operational procedures to enhance service quality and efficiency.
Monitor SOC performance against KPIs and SLAs, producing operational reporting and identifying opportunities to improve service delivery.
Build strong relationships with customers and internal stakeholders, providing technical guidance and contributing to service reviews and operational governance.
Support onboarding of new security technologies, telemetry sources and Microsoft security capabilities, ensuring they are effectively integrated into SOC operations.
Promote operational excellence by identifying gaps in tooling, processes or detection coverage and implementing practical improvements.
Contribute to the ongoing maturity of the SOC, ensuring services remain proactive, resilient and aligned with evolving cyber threats.
Requirements
Experience leading, mentoring or supervising analysts within a Security Operations Centre.
Strong hands-on experience with Microsoft Sentinel, Microsoft Defender XDR and Microsoft Entra ID.
Proven experience managing complex cyber security incidents through investigation, containment and resolution.
Strong understanding of security operations, threat detection, incident response and Microsoft security technologies.
Experience improving SOC processes, detection capability, automation and operational maturity.
Ability to lead technical discussions and communicate effectively with customers, stakeholders and internal teams.
Experience producing operational metrics, reporting and service performance insights.
Understanding and operating with ITIL Incident Management processes
Familiarity with SIEM, SOAR, XDR, MITRE ATT&CK and ITIL-based service environments.
Tech Stack
Cyber Security
Benefits
Autonomy to develop and grow your skills and experience
Be part of exciting project work that is making a difference in society
Strong, inspiring and thought-provoking leadership
A supportive and collaborative environment
Development – access to LinkedIn Learning, a management development programme, and training