Softcat Cyber Operations teams provide customers with cyber security monitoring, analysis, assessment and remediation. The Engineering team ensures these tools are properly configured, deployed and maintained to deliver the service effectively.
Team Leader Responsibilities
- Lead a team of SIEM/automation engineers to design, develop and operate security tooling, content and automation, embedding best practice, efficiency and service resilience across the platforms in use.
- Manage day‑to‑day Cyber Operations Engineering activities, ensuring procedures, processes and working practices are followed.
- Implement organisational engineering standards across design, development, testing, deployment, maintenance and documentation; verify compliance via reviews and metrics production.
- Act as first point of technical escalation, owning escalation and resolution of service incidents impacting SIEM ingestion, parsing, transformation logic, configuration or automation.
- Identify and deliver continuous improvements to enrich, refine and optimise SIEM capabilities (detections, hunting content, automation and performance).
Qualifications
- Prior experience in a Managed Service Provider (MSP/MSSP) or enterprise SOC environment, leading SIEM engineering and automation initiatives.
- Strong experience with SIEM (e.g., Microsoft Sentinel) and SOAR platforms (e.g., Swimlane), including connector onboarding, content engineering, automation and integration with SOC tooling.
- Hands‑on ownership of SIEM data models, event normalisation and enrichment strategies; experience with related platforms (AlienVault, Elastic, EDR/MDR, vulnerability management).
- Organised, with strong communication skills both written and oral, and the ability to translate and deliver technical information to a non‑technical audience.
- Demonstrated ability to communicate clearly to technical and non‑technical stakeholders and collaborate effectively across engineering and monitoring teams.
- Preferred specialisation in one or more of: Microsoft Sentinel Administration; Microsoft Azure Architecture; AWS Architecture; Linux & Unix Architecture; scripting (e.g., Python).
Flexible Working
- Hybrid working – 2 days in the office and 3 days working from home.
- Flexible hours – flex your start and finish times during the day.
- Support for school pick‑up and drop‑offs.
EEO Statement
If you have a disability or neurodiversity, we can provide support or adjustments that you may need throughout our recruitment process or any mitigating circumstances you wish us to consider. Any information you share on your application will be treated in confidence.
