Job Description
This is a high-impact greenfield role ideal for a strategic and hands-on cybersecurity professional. As an individual contributor, you will be responsible for defining and implementing the end-to-end operating model for collaboration between the central Security Operations Centre (SOC) and supporting functions. You will formulate all core processes, define areas of handover with the core SOC, and establish the technology stack and deliverables necessary to enable scalable and effective security operations.
A key early responsibility will be contributing to the selection and onboarding of a new Managed Security Services Provider (MSSP). You will work closely with the chosen vendor to define operational procedures, service delivery models, key performance indicators (KPIs), and service level agreements (SLAs). Building a strong, collaborative relationship with the MSSP will be a critical short-term goal.
In the longer term, this role will take ownership of developing the business case for building and strengthening internal capabilities — laying the foundation for a future in-house team and transitioning key functions where strategically appropriate. You will also be expected to build trusted relationships with external stakeholders across operating companies to ensure SOC services are aligned with business risk and operational priorities
Automation of SOC Processes
Design and implement automation solutions to streamline repetitive tasks such as alert triaging, incident response, and reporting
- Tool Integration
Integrate various security tools (SIEM, SOAR, firewalls, etc.) to improve data flow and response coordination.
- Optimization of Workflows
Enhance and optimize SOC workflows for improved efficiency and reduced manual effort.
- Development of Playbooks
Create automated response playbooks for common security incidents, enabling faster and more consistent incident handling.
- Collaboration with Security Teams
Work closely with SOC analysts and engineers to identify areas for automation and provide technical solutions.
- Monitoring and Maintenance
Ensure the continuous operation and performance of automation tools, resolving issues as they arise.
- Continuous Improvement
Regularly review and update automation scripts and processes to adapt to evolving threats and technologies.
- Documentation
Maintain detailed documentation of automation workflows, playbooks, and configurations.
Qualifications
Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, or related field (or equivalent experience).
Industry certifications such as:
Certified Information Systems Security Professional (CISSP)
Certified Incident Handler (GCIH)
GIAC Security Automation Expert (GCSA)
Splunk Certified Automation Consultant, or relevant SOAR certifications.
Experience with automation tools (e.g., SOAR platforms, Ansible, Phantom or similar).
Proficiency in scripting languages (e.g., Python, PowerShell, Bash).
Strong understanding of SOC processes, including incident response and threat detection.
Experience with SIEM platforms (e.g., Splunk).
Knowledge of security frameworks (e.g., NIST, MITRE ATT&CK
Proficiency in automation tools (e.g., SOAR platforms, Ansible, Phantom).
Expertise in scripting languages (e.g., Python, PowerShell, Bash).
Strong knowledge of SOC processes (incident response, threat detection).
Experience with SIEM platforms (e.g., Splunk).
Ability to integrate and automate security tools.
Strong problem-solving and analytical skills.
Experience in developing automated workflows and playbooks.
Knowledge of security frameworks (e.g., MITRE ATT&CK, NIST).
Strong collaboration and communication skills.
Experience with log management and event correlation automation
3-5 years of experience in SOC or cybersecurity roles.
Hands-on experience with automation tools (e.g., SOAR, Ansible, Phantom, Demisto).
Experience with scripting languages (e.g., Python, PowerShell, Bash) for automation.
Experience integrating and automating security tools and processes.
Strong background in SOC operations, incident response, and threat detection.
Experience with SIEM platforms (e.g., Splunk, QRadar, ArcSight).
Experience developing and managing automated response workflows.
Familiarity with security frameworks like MITRE ATT&CK or NIST.
Experience working with security log management and event correlation tools.
Additional Information
Benefits
The chance to enjoy a challenging career in an exciting, fast-moving environment in a dynamic industry, working in a multi-cultural environment with great offices in many locations. We aim to provide all our people with a work/life balance, as well as the many benefits offered by a global organisation, including health insurance, pension, and performance bonuses
Diversity and Inclusion
IAG Tech is part of the IAG GBS organisation, and our people are at the heart of everything we do. We recognise that we can only deliver the required business outcomes if we have a thriving community of technology professionals. Together we strive to become the very best at what we do.
We focus on making Tech a great place to work, with a community that we feel proud to belong to. To help make this a reality, our people strategy focuses on six key domains: Engagement, Talent Management, Reward and Recognition, Performance Management, Learning and Development and Culture.
We understand the importance of Diversity and Inclusion in the workplace to deliver this strategy – everyone should feel part of our team. We want to foster an inclusive workplace, celebrate individuality and embrace differences so that everyone in IAG Tech can achieve their goals and ambitions, regardless of their personal circumstances or background.
As a Group, IAG has an ambition that 40% of senior management roles are held by women by 2025. IAG Tech fully supports that ambition, and we are working to help make it a reality. With this in mind, we have set ourselves the challenging target of recruiting 50% female colleagues by 2030.