Role / Job Title: SOC Manager Work Location: Leamington / Gaydon Mode of Working: Hybrid ( 3days) Hybrid Office Days: As per business need Special Working Conditions: Occasional client site travel The Role As SOC Manager, you will: Establish goals and priorities with your team, focusing on: Improving incident response times Reducing false positives and extraneous alerts Enhancing threat detection capabilities Oversee staff activities to ensure focus on the right priorities Review team performance metrics, incident reports, and other key indicators Lead incident response efforts with clear procedures and protocols Analyse incident reports to understand the organization's security posture Serve as primary point of contact for security incidents, liaising with internal stakeholders and external parties Conduct information security investigations and manage end-to-end security incident resolution Report to the customer, keeping the CISO and Head of Security Operations informed, preparing clear and concise reports Key Responsibilities Manage SOC service and process improvements, auditing incidents, identifying new use cases and automations Act as POC for SOC engineering, threat intelligence, and threat exposure management Provide guidance to Level-2 SOC security analysts during investigations and incident resolution Lead coordination of individual information security incidents Mentor security analysts on risk management, security controls, incident analysis, SIEM monitoring, and operational tasks Document incidents from detection to resolution Ensure threat management, threat modelling, and identification of threat vectors Develop use cases for security monitoring Create reports, dashboards, and metrics for SOC operations; present to senior management Act as focal point for security investigations, preparing reports and follow-up actions Participate as Incident Manager during incidents and emergencies Keep business recovery/contingency plans and security procedures up to date Coordinate with IT teams on escalations, performance issues, and outages Your Profile Essential Skills / Knowledge / Experience: Strong knowledge in Authentication, Endpoint Security, Internet Policy Enforcement, Firewalls, Web Content Filtering, Database Activity Monitoring (DAM), PKI, DLP, IAM, and SOC technologies such as EDR and SOAR Good knowledge of SIEM tools like Google Chronicle, Splunk ES, or QRadar In-depth familiarity with security policies based on industry standards and best practices Experienced in security operations, incident management, intrusion analysis, device installation, configuration, and troubleshooting Experience with log source integration, developing correlation rules, and parser writing Experienced in SOC automation, cloud operations (e.g., AWS), SOC design, and regulatory compliance Ability to lead and communicate efficiently in a team environment Solid understanding of IT and information security Excellent communication and presentation skills for varied audiences, including executives Ability to work well under pressure with different management levels Desirable Skills / Knowledge / Experience: Experience of Agile ways of working