Role / Job Title: SOC Manager Work Location: Leamington / Gaydon Mode of Working: Hybrid ( 3days) Hybrid Office Days: As per business need Special Working Conditions: Occasional client site travel The Role As SOC Manager, you will: Establish goals and priorities with your team, focusing on: Improving incident response times
Reducing false positives and extraneous alerts
Enhancing threat detection capabilities
Oversee staff activities to ensure focus on the right priorities
Review team performance metrics, incident reports, and other key indicators
Lead incident response efforts with clear procedures and protocols
Analyse incident reports to understand the organization's security posture
Serve as primary point of contact for security incidents, liaising with internal stakeholders and external parties
Conduct information security investigations and manage end-to-end security incident resolution
Report to the customer, keeping the CISO and Head of Security Operations informed, preparing clear and concise reports
Key Responsibilities Manage SOC service and process improvements, auditing incidents, identifying new use cases and automations
Act as POC for SOC engineering, threat intelligence, and threat exposure management
Provide guidance to Level-2 SOC security analysts during investigations and incident resolution
Lead coordination of individual information security incidents
Mentor security analysts on risk management, security controls, incident analysis, SIEM monitoring, and operational tasks
Document incidents from detection to resolution
Ensure threat management, threat modelling, and identification of threat vectors
Develop use cases for security monitoring
Create reports, dashboards, and metrics for SOC operations; present to senior management
Act as focal point for security investigations, preparing reports and follow-up actions
Participate as Incident Manager during incidents and emergencies
Keep business recovery/contingency plans and security procedures up to date
Coordinate with IT teams on escalations, performance issues, and outages
Your Profile Essential Skills / Knowledge / Experience: Strong knowledge in Authentication, Endpoint Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), PKI, DLP, IAM, and SOC technologies such as EDR and SOAR
Good knowledge of SIEM tools like Google Chronicle, Splunk ES, or QRadar
In-depth familiarity with security policies based on industry standards and best practices
Experienced in security operations, incident management, intrusion analysis, device installation, configuration, and troubleshooting
Experience with log source integration, developing correlation rules, and parser writing
Experienced in SOC automation, cloud operations (e.g., AWS), SOC design, and regulatory compliance
Ability to lead and communicate efficiently in a team environment
Solid understanding of IT and information security
Excellent communication and presentation skills for varied audiences, including executives
Ability to work well under pressure with different management levels
Desirable Skills / Knowledge / Experience: Experience of Agile ways of working
TPBN1_UKTJ