Cyber Operations Engineering Team Leader
Would you like to kick start your career in a supportive,collaborativeand innovative company?
Do you enjoy working as part of an enthusiastic, passionate,and collaborative team?
Join our Cyber Operations Team!
The Softcat Cyber Operations teams provides our customers with cyber security monitoring, analysis, assessment and remediation. It is our job to design and deploy effective security monitoring and assessment tools into customer IT systems to provide monitoring and detection capabilities against cyber threats. Our Engineering team is responsible for ensuring these tools are properly configured, deployed and maintained to deliver the service effectively.
Success. The Softcat Way.
Passion. Intelligence. Fun. Responsible; these are the core values which define Softcat. We are one of the UK's leading IT infrastructure providers and a FTSE 250 listed company. The business is based on two key principles: outstanding customer service and employee satisfaction- both of which inspire our flexible, friendly approach to business. For more information about Softcat please visit: www.softcat.com .
Responsibilities
- Lead a team of SIEM/automation engineers to design, develop and operate security tooling, content and automation; embed best practice, efficiency and service resilience across the platforms in use.
- Manage day‑to‑day Cyber Operations Engineering activities, ensuring procedures, processes and working practices are followed.
- Implement organisational engineering standards across design, development, testing, deployment, maintenance and documentation; verify compliance via reviews and metrics production.
- Act as first point of technical escalation – including but not limited to, hierarchical, technical and customer escalations. Own escalation and resolution of service incidents impacting SIEM ingestion, parsing, transformation logic, configuration or automation.
- Identify and deliver continuous improvements to enrich, refine and optimise SIEM capabilities (detections, hunting content, automation and performance).
Qualifications
- Prior experience in a Managed Service Provider (MSP/MSSP) or enterprise SOC environment, leading SIEM engineering and automation initiatives.
- Strong experience with SIEM (e.g., Microsoft Sentinel) and SOAR platforms (e.g., Swimlane), including connector onboarding, content engineering, automation and integration with SOC tooling.
- Hands‑on ownership of SIEM data models, event normalisation and enrichment strategies; experience with related platforms (AlienVault, Elastic, EDR/MDR, vulnerability management).
- Organised, with strong communication skills both written and oral, and with the ability to translate and deliver technical information to a non-technical audience.
- Demonstrated ability to communicate clearly to technical and non‑technical stakeholders; collaborate effectively across engineering and monitoring teams.
- Preferred specialisation in one or more of: Microsoft Sentinel Administration; Microsoft Azure Architecture; AWS Architecture; Linux & Unix Architecture; Scripting (e.g., Python).
Flexible Working
- Hybrid working – 2 days in the office and 3 days working from home.
- Working flexible hours – flexing the times you start and finish during the day.
- Flexibility around school pick up and drop offs.
Benefits
We offer a competitive salary and benefits package and will provide you with opportunities to grow, flourish, and achieve great things. Our benefits include:
- Share incentive plan
- Life Assurance
- Holiday
- Trips
- Vouchers
- Partner/family Benefits
- Maternity, Paternity and Adoption support
- Pension
If you have a disability or neurodiversity, we can provide support or adjustments that you may need throughout our recruitment process or any mitigating circumstance you wish for us to consider. Any information you share on your application will be treated in confidence. You can find out more about life at Softcat and our commitments to diversity and inclusion at jobs.softcat.com/jobs/our-culture/.
