£46,000 - £84,000 GBP 25% Shift Allowance Hybrid WORKING Location: Central London, Greater London - United Kingdom Type: Permanent SOC Shift Lead - London Salary: £46,000 - £84,000 25% Shift Allowance Location: London (On-site) Security Requirement: DV-clearable (does not need to hold DV at application stage) Work Pattern: 24/7 shift rota - 14 shifts per 28-day cycle, 12-hour shifts, rotating nights/days Career Level: Associate Manager About the Role We are seeking an experienced SOC Shift Lead to join a highly secure, high-performance operations environment supporting sensitive UK-based compute infrastructure. This role is central to real-time defensive security operations and requires a decisive leader capable of managing escalations, guiding analysts, and maintaining a strong security posture across mission-critical systems. You will operate within a 24/7 Security Operations Centre, leading your assigned shift, coordinating incident response activities, and ensuring operational continuity in the absence of senior management. Key Responsibilities Lead investigations into escalated security incidents, assessing attack vectors, scope, and business impact. Correlate telemetry across SIEM, EDR, network, and cloud data sources to form complete incident narratives. Direct containment, eradication, and recovery actions in partnership with IT/OT stakeholders. Own medium- and high-severity incident response activities, producing detailed investigation documentation. Tune and optimise detection content in collaboration with engineering and content-development teams. Identify detection gaps and recommend improvements to playbooks, workflows, and overall SOC maturity. Mentor L1 Analysts, providing technical guidance and quality assurance on triage work. Participate in SOC exercises, simulations, and continuous readiness activities. Act as shift authority, managing escalations and ensuring operational stability during your rotation. Role Requirements Education: Bachelor's degree in Cybersecurity, Computer Science, or related discipline. Experience: 7-10 years in SOC operations, incident response, threat analysis, or similar defensive security roles. Preferred Certifications: GCIA, GCIH, CompTIA CySA, Microsoft SC-200, Splunk Power User (or equivalent). Technical Expertise: Strong analytical mindset with deep knowledge of SIEM/EDR tooling. Understanding of adversary behaviour, malware characteristics, and incident-handling methodologies. Shift Structure & Security Conditions 14 shifts every 28 days, each 12 hours, rotating 3 nights → 4 days off → 3 days. Includes a 25% shift premium based on base salary. Must be British-born and eligible for DV clearance. Employment requires passing BPSS checks and meeting strict security-history requirements.