Location: Bath Job Type: Contract Industry: Cyber Security Job reference: BBBH438018_1777624762 Posted: about 7 hours ago
SOC Lead
6 months
Bath - hybrid x3 days onsite x2 remote
Active SC/DV clearance required
£700 per day outside IR35
The SOC Lead - Threat Hunting & Investigations is responsible for leading advanced threat detection, proactive threat hunting, and complex security investigations across the enterprise. This role focuses on identifying unknown threats, coordinating deep-dive investigations, and elevating the maturity of SOC investigative and hunting capabilities. The role combines technical leadership, hands-on expertise, and mentorship of analysts.
Key Responsibilities
Threat Hunting
1. Lead proactive, hypothesis-driven threat hunting activities across endpoint, network, cloud, identity, and SaaS environments
2. Develop and maintain threat hunting playbooks aligned to MITRE ATT&CK techniques
3. Identify stealthy, low-and-slow, and novel attack patterns not detected by automated controls
4. Translate threat intelligence into actionable hunt hypotheses
5. Continuously refine detection logic based on hunt outcomes and emerging threats
Investigations & Incident Response
6. Lead complex and high-severity security investigations from triage through containment and remediation
7. Act as the technical escalation point for advanced SOC investigations
8. Conduct root cause analysis and attacker kill-chain reconstruction
9. Produce clear, defensible investigation documentation suitable for executive, legal, and regulatory audiences
10. Coordinate incident response activities with IR, IT, Legal, Risk, and external partners as required
SOC Technical Leadership
11. Define investigation standards, workflows, and quality benchmarks
12. Mentor and upskill SOC analysts in hunting methodologies and investigative techniques
13. Review and improve alert fidelity, detection coverage, and response effectiveness
14. Provide technical oversight for tooling such as SIEM, EDR/XDR, NDR, SOAR, and cloud-native security platforms
Detection Engineering & Improvement
15. Collaborate with detection engineers to convert hunt findings into new or improved detections
16. Identify visibility gaps and recommend logging, telemetry, and tooling improvements
17. Validate detection performance through purple team activities and simulation
Threat Intelligence & Collaboration
18. Consume and operationalise internal and external threat intelligence
19. Maintain awareness of attacker tactics, tools, and campaigns relevant to the organisation
20. Act as a key interface between SOC, Threat Intel, Red Team, and Vulnerability Management
Reporting & Metrics
21. Track and report on hunt coverage, outcomes, dwell time, MTTR, and investigation quality
22. Provide regular insights to senior leadership on threat trends and risk posture
Required Skills & Experience
Technical Experience
23. 7+ years in Security Operations, Threat Hunting, or Incident Response
24. Proven experience leading investigations involving advanced persistent threats, insider threats, or targeted attacks
25. Strong hands-on expertise with:
26. SIEM platforms (e.g. Sentinel, Splunk, Elastic)
27. EDR/XDR solutions (e.g. Defender, CrowdStrike, SentinelOne)
28. Network and cloud security telemetry
29. Strong understanding of:
30. MITRE ATT&CK
31. Windows, Linux, and cloud attack techniques
32. Malware behaviours, credential abuse, lateral movement, and persistence mechanisms
Leadership & Soft Skills
33. Demonstrated ability to lead and mentor technical teams
34. Strong investigative mindset with attention to detail
35. Excellent written and verbal communication skills
36. Ability to translate technical findings into business and risk context
Desirable Skills
37. Experience with detection engineering or SOAR automation
38. Purple team or red team collaboration experience
39. Forensic analysis experience (memory, disk, network)
40. Exposure to regulatory environments (e.g. ISO 27001, NIST, GDPR)