About DigitalXRAID The DigitalXRAID Security Operations Centre provides around-the-clock protective monitoring solutions to a diverse client base spanning multiple industry verticals. Utilising industry-leading detection technology, our team of experienced SOC professionals deliver comprehensive assurance detection and incident response capabilities to organisations of all sizes. Position Overview DigitalXRAID is seeking an experienced Lead SOC Engineer, to lead the technical implementation and engineering functions. DigitalXRAID’s CREST-certified Security Operations Centre is located in Doncaster, United Kingdom. This technical leadership role operates during UK office hours (Monday - Friday, 9:00 AM - 5:30 PM) with a hybrid working model requiring a minimum of two days per week in the office, with provisions for not working from home when on-call. As the Security Operations Centre provides 24x7x365 coverage, the Lead SOC Engineer role includes on-call responsibilities for critical engineering escalations. The Lead SOC Engineer role is influential in helping set the direction and focus for the practice and will provide increased exposure to other areas of DigitalXRAID. The Lead SOC Engineering will be responsible for directing technical strategy and implementation of our security operations infrastructure, including. Security Information & Event Management (SIEM) Intrusion Detection Systems (IDS) Cyber Threat Intelligence (CTI) Endpoint Protection & Detection (EDR) Key Responsibilities Technical Leadership Lead the design and implementation of SOC engineering solutions and security tooling Develop, engineer and maintain technical architectures for detection and response capabilities Drive continuous improvement in detection engineering, focusing on reducing false positives and enhancing detection coverage Oversee development of custom detection rules, correlation logic, and automation workflows Guide the technical aspects of incident response procedures and playbooks Engineering Operations Lead the SOC engineering team in implementing and maintaining security monitoring solutions Oversee the technical aspects of client onboarding, including SIEM, EDR, and security tool deployment Establish engineering best practices and standard operating procedures Manage technical debt and drive system improvements Lead evaluation and implementation of new security methodologies, practices, tools and technologies Detection Engineering Direct the development and tuning of detection use cases Oversee threat hunting initiatives and the implementation of findings into detection rules Guide the integration of threat intelligence into detection capabilities Lead malware analysis efforts and the extraction of indicators of compromise Develop and maintain automation frameworks for routine engineering tasks Technical Guidance Provide technical mentorship to SOC Engineers on tooling and detection engineering Collaborate with SOC Management on technical requirements and capabilities Advise on technical aspects of client engagements and solution design Support technical pre-sales activities with architecture expertise Document technical procedures and engineering standards Management Manage and resolve escalations. Manage absence & annual leave within the SOC Engineering team. Setting training and development plans team members. Support Engineers in progressing their goals and career aspirations. Work on upskilling and maintaining capabilities with the SOC Engineering team. Recruitment, retention and development of SOC Engineering talent Willingness to get involved in change initiatives outside of the normal role and to contribute ideas and options Required Qualifications Experience & Skills Strong background in detection engineering and security tool implementation Proven experience leading technical teams and engineering projects Deep expertise in SIEM deployment, configuration, and optimization Strong scripting and automation capabilities Technical Expertise Advanced knowledge of SIEM platforms (MS Sentinel, USM Anywhere) Extensive experience with EDR solutions (MS Defender, SentinelOne) Strong understanding of log sources and log management Expertise in detection engineering and rule development Proficiency in security automation and orchestration Experience with cloud security monitoring Certifications Technical certifications are desired include: Microsoft SC-300 Microsoft SC-400 Microsoft AZ-500 Microsoft SC-100 AlienVault AVSE Personal Attributes A strong desire towards coaching and developing the team, supporting personal growth as well as aligning this growth to business objectives. Strong technical problem-solving abilities Excellence in technical communication and documentation Ability to mentor and develop engineering skills in others Detail-oriented with strong analytical capabilities Commitment to continuous technical learning Additional Information Location: Doncaster, United Kingdom Schedule: Monday - Friday, 9:00 AM - 5:30 PM Work Model: Hybrid (minimum 2 days per week in office) On-call responsibilities for critical engineering escalations