SecOps Engineer Lead (UK)
Summary/Objective
We are seeking a skilled and proactive SecOps Engineer Senior to serve as the backbone of our security operations technology infrastructure and to provide SOC leadership and technical guidance to the engineering and analyst teams. This role is critical to ensuring the reliability, scalability, and performance of our core systems (including SIEM platforms, data pipelines, deployed security tools, and our custom scripting base) while driving operational excellence across the SOC.
The ideal candidate will be responsible for onboarding new customer technologies, maintaining infrastructure health, mentoring other engineers and SOC analysts, and supporting both internal and external stakeholders in troubleshooting, incident management, and operational continuity.
This position will serve as a key partner in the day-to-day leadership of the
Security Operations Center, co-leading technical initiatives and team enablement
in close coordination with the SOC Lead and SOC Manager.
This position will report to the SOC Lead.
Core Philosophy
* Technical Leadership: Setting standards for excellence and innovation.
* Scalable Architecture: Designing for future growth and complexity.
* Operational Resilience: Building self-healing and robust systems.
* Mentorship & SOC Excellence: Elevating the technical and operational capabilities of the SOC team through guidance, coaching, and best practices.
SOC Leadership Responsibilities
* Contributing to the technical direction of SOC operations in close collaboration with the SOC Lead, ensuring tools, pipelines, and processes effectively support 24/7 monitoring, detection, and response.
* Act as primary technical escalation point for high-severity incidents and complex infrastructure issues, coordinating actions, communication, and prioritization with the SOC Lead during major events.
* Own and refine SOC runbooks, playbooks, and standard operating procedures (SOPs) together with the SOC Lead, ensuring processes are consistent with the overall SOC strategy and operating model.
* Helping the SOC Lead mentor and coach SOC analysts and engineers through case reviews, paired troubleshooting, and structured feedback, promoting continuous improvement in investigation quality and documentation.
* Collaborate with the SOC Lead and SOC Manager to define and track SOC KPIs (MTTD, MTTR, containment time, etc) and drive initiatives that improve these metrics through automation and process optimization.
* Contribute to capacity and staffing planning by providing input on skills gaps, training needs, and tooling requirements to maintain SOC readiness and resilience.
* Represent SecOps in cross-functional forums, aligning SOC capabilities and priorities with business and risk objectives, always in coordination with the SOC Lead.
Essential Functions
1. Deployment & Architecture Liaison
* Oversee implementation and configuration of systems for complex new customers based on defined SOW.
* Collaborate with customer teams to ensure smooth integration into our monitoring and SecOps infrastructure.
* Define and validate architectural standards for new deployments, balancing performance, cost, and operational supportability.
2. Infrastructure Strategy & Health
Strategic Infrastructure Management
* Continuously monitor the health and performance of our infrastructure (SIEM, data pipelines, SOAR, scripts, etc.).
* Proactively identify and resolve systemic issues to maintain system uptime and reliability.
* Design roadmaps for infrastructure upgrades and capacity planning in alignment with SOC needs and growth.
3. Advanced Data Pipeline Engineering
Pipeline Architecture & Optimization
* Maintain, optimize, and deploy complex data pipelines used for security operations and analytics.
* Ensure data integrity, scalability, and performance across all pipeline components.
* Lead the design of parsing logic and normalization standards (CEF, Syslog, JSON, etc.).
4. Incident Response, Escalation & Mentorship (SOC-focused)
Escalation Management & SOC Enablement
* Act as the primary point of contact for escalations regarding infrastructure or tooling failures impacting SOC operations.
* Investigate and resolve infrastructure-related issues that other engineers or analysts cannot solve, ensuring minimal disruption to monitoring and response.
* Assist customers when their security tools experience failures, providing clear technical guidance and timely communication.
* Mentor team members (engineers and SOC analysts) on troubleshooting
* techniques, incident handling, and best practices for documentation and
* communication, in coordination with the SOC Lead.
Primary Outcomes
* Resilient & Scalable Security Architecture supporting SOC operations.
* Optimized Data Ingestion Costs & Performance, aligned with monitoring
* and detection needs.
* Improved SOC efficiency and incident handling through robust tooling, automation, and clear playbooks. KPIs
* Infrastructure Availability
* Project Delivery: On-time completion of architectural upgrades andcomplex onboardings.
* SOC Maturity: Measurable improvements in process adherence and incident quality (case completeness, response consistency).
Required Skills and Experience
* 10+ years of proven experience in infrastructure engineering, data engineering, or security operations (SOC environment preferred).
* Proven experience working with data pipelines (Graylog, Kafka, Fluentd, Logstash, etc.).
* Advanced proficiency in scripting and automation (Python, Bash, etc.).
* Familiarity with cloud platforms (Azure, AWS, GCP) and containerization (Docker, Kubernetes).
* Excellent troubleshooting and communication skills, including the ability to guide others under pressure.
* Ability to work independently, manage multiple priorities, and lead
* technical initiatives within a SOC context in partnership with the SOC Lead.
Preferred Skills
* Experience with onboarding processes and customer-facing technical support.
* Knowledge of security data formats (CEF, Syslog, JSON).
* Demonstrated experience mentoring or leading technical/SOC
* Exposure to SIEM/SOAR platforms and SOC workflows.
* Exposure to AI Platforms.
Job Type
Full-time
Location
100% Remote
Cyberclan is committed to equal pay for equal work in its compensation practices. Applicants selected to move forward in the hiring process are subject to background checks, including but not limited to criminal record, credit, and/or reference checks.,
Additional Information
This role may require a flexible working pattern, including shifts, weekends, and evenings. We are committed to fair and transparent scheduling practices and fostering a collaborative working environment.