SOC lead required for innovative MSP. You will lead the strategic direction, performance, and day-to-day operations of their Security Operations Centre (SOC). As a central figure in security services, you'll ensure the efficient detection, analysis, and response to cyber threats across a diverse client portfolio. This leadership role involves mentoring your team, enhancing our security processes, and driving ongoing improvements in threat detection and incident response capabilities.
Key Responsibilities
Team Leadership & Development
* Lead and mentor a team of SOC analysts, fostering a collaborative, high-performing environment.
* Manage team scheduling, conduct performance reviews, and support professional growth and development.
SOC Operations Oversight
* Supervise 24/7/365 monitoring of client environments, ensuring consistent adherence to SLAs for threat detection and incident response.
* Drive operational efficiency and ensure timely escalation and resolution of security incidents.
Incident Response Management
* Serve as the main escalation point for significant security incidents.
* Coordinate response efforts and ensure clear communication with both internal teams and external clients.
Process & Workflow Optimization
* Continuously review, update, and document SOC processes, playbooks, and standard operating procedures (SOPs) to improve operational effectiveness.
Technology Oversight
* Ensure the reliability and performance of security tools, including SIEM and EDR platforms.
* Lead the evaluation, selection, and implementation of new security technologies and enhancements.
Reporting & Analytics
* Develop and maintain KPIs and metrics to assess SOC performance.
* Deliver regular reports and insights to senior leadership and clients on security trends and incident management.
Client Relationship Management
* Act as a trusted advisor to clients, contributing to service reviews and providing expert security guidance.
Required Experience & Skills
* Proven experience working in a Security Operations Centre (SOC) or related cybersecurity environment.
* Industry-recognised certifications (preferred), such as a cybersecurity degree, Network+, Security+, or equivalent technical qualifications.
* Strong hands-on knowledge of SIEM and EDR platforms, including experience configuring and writing queries (eg, SQL, KQL).
* Familiarity with cloud platforms (AWS, Azure, etc.) and securing hybrid IT environments.
* Excellent communication skills, both verbal and written, with the ability to translate technical information for non-technical audiences.
* Previous experience in an incident response role and a solid understanding of IR processes.
* Demonstrated experience leading or managing a security-focused team.
* Understanding of key security frameworks and standards, such as ISO 27001, NIST, and CREST.