SOC Lead
6 months
Bath - hybrid x3 days onsite x2 remote
Active SC/DV clearance required
£700 per day outside IR35
The SOC Lead - Threat Hunting & Investigations is responsible for leading advanced threat detection, proactive threat hunting, and complex security investigations across the enterprise. This role focuses on identifying unknown threats, coordinating deep-dive investigations, and elevating the maturity of SOC investigative and hunting capabilities. The role combines technical leadership, hands-on expertise, and mentorship of analysts.
Key Responsibilities
Threat Hunting
Lead proactive, hypothesis-driven threat hunting activities across endpoint, network, cloud, identity, and SaaS environments
Develop and maintain threat hunting playbooks aligned to MITRE ATT&CK techniques
Identify stealthy, low-and-slow, and novel attack patterns not detected by automated controls
Translate threat intelligence into actionable hunt hypotheses
Continuously refine detection logic based on hunt outcomes and emerging threats
Investigations & Incident Response
Lead complex and high-severity security investigations from triage through containment and remediation
Act as the technical escalation point for advanced SOC investigations
Conduct root cause analysis and attacker kill-chain reconstruction
Produce clear, defensible investigation documentation suitable for executive, legal, and regulatory audiences
Coordinate incident response activities with IR, IT, Legal, Risk, and external partners as required
SOC Technical Leadership
Define investigation standards, workflows, and quality benchmarks
Mentor and upskill SOC analysts in hunting methodologies and investigative techniques
Review and improve alert fidelity, detection coverage, and response effectiveness
Provide technical oversight for tooling such as SIEM, EDR/XDR, NDR, SOAR, and cloud-native security platforms
Detection Engineering & Improvement
Collaborate with detection engineers to convert hunt findings into new or improved detections
Identify visibility gaps and recommend logging, telemetry, and tooling improvements
Validate detection performance through purple team activities and simulation
Threat Intelligence & Collaboration
Consume and operationalise internal and external threat intelligence
Maintain awareness of attacker tactics, tools, and campaigns relevant to the organisation
Act as a key interface between SOC, Threat Intel, Red Team, and Vulnerability Management
Reporting & Metrics
Track and report on hunt coverage, outcomes, dwell time, MTTR, and investigation quality
Provide regular insights to senior leadership on threat trends and risk posture
Required Skills & Experience
Technical Experience
7+ years in Security Operations, Threat Hunting, or Incident Response
Proven experience leading investigations involving advanced persistent threats, insider threats, or targeted attacks
Strong hands-on expertise with:
SIEM platforms (e.g. Sentinel, Splunk, Elastic)
EDR/XDR solutions (e.g. Defender, CrowdStrike, SentinelOne)
Network and cloud security telemetry
Strong understanding of:
MITRE ATT&CK
Windows, Linux, and cloud attack techniques
Malware behaviours, credential abuse, lateral movement, and persistence mechanisms
Leadership & Soft Skills
Demonstrated ability to lead and mentor technical teams
Strong investigative mindset with attention to detail
Excellent written and verbal communication skills
Ability to translate technical findings into business and risk context
Desirable Skills
Experience with detection engineering or SOAR automation
Purple team or red team collaboration experience
Forensic analysis experience (memory, disk, network)
Exposure to regulatory environments (e.g. ISO 27001, NIST, GDPR)
Apply now to be part of this impactful opportunity!
TPBN1_UKTJ