Job Title:
Threat Detection and Response Lead
Salary :
£50,000 - £60,000 DOE
Location:
Portsmouth – majority office based with occasional remote working
Purpose
As Threat Detection and Response Lead, you will head up a team focused on proactively identifying, analysing, and mitigating security threats across diverse client environments. You will ensure operational excellence through performance monitoring and by working closely with other cybersecurity functions including Threat Intelligence, Incident Response, Detection Engineering, and DevSecOps.
Key Responsibilities
* Lead, manage, and mentor the Threat Detection and Response team.
* Provide consistent best practice guidance to team members.
* Develop, implement, and improve threat detection, analysis, and remediation processes with clear documentation.
* Oversee daily security operations including monitoring, detection, triage, investigation, and remediation of incidents.
* Drive the deployment, configuration, and tuning of security monitoring tools (SIEM, EDR, NDR).
* Monitor Key Performance Indicators and service deliverables to ensure high-quality outputs for customers.
* Ensure compliance with security policies, standards, and regulatory requirements.
* Manage with a people-first mindset, developing team members and succession plans.
* Build and maintain training and development pathways for the team.
* Stay current with industry trends, tools, and best practices to enhance detection and response services.
* Conduct monthly one-to-ones and support employee growth.
* Contribute to the wider SOC operations and support incident response when required.
* Obtain and maintain relevant technical certifications as required.
Person Specification
* Degree in Computer Science, Information Security, or equivalent experience.
* 5+ years in cybersecurity operations, with at least 2 years managing SOC/MSSP teams.
* Strong experience within MSSP environments and multi-client detection and response.
* Proficiency in security tools including SIEM (e.g., Sentinel, FortiSIEM, Rapid7), EDR (e.g., Microsoft Defender, SentinelOne), and firewalls/IDS/IPS (e.g., FortiGate, Cisco ASA, Palo Alto).
* Solid understanding of incident response, forensic and malware analysis, and attacker TTPs.
* Familiarity with automation and orchestration tools (SOAR) is advantageous.
* Awareness of current cybersecurity risks, threats, and industry developments.
* Evidence of continuous professional development.
* Excellent communication skills, with the ability to explain technical issues to non-technical audiences.
* Strong team player, collaborative mindset, and knowledge-sharing approach.
* Self-motivated, adaptable, and able to thrive in a fast-paced environment.
Unfortunately we are unable to offer sponsorship for this role.