About Ekco
🚀 Founded in 2016 Ekco is now one of the fastest growing cloud solution providers in Europe!
We specialise in enabling companies to progress along the path of cloud maturity, managing transformation and driving better outcomes from our customers’ existing technology investments.
☁️ In a few words, we take businesses to the cloud and back!
🌍 We have over 950 highly talented and supportive colleagues (and counting) across a number of regional offices in the UK, Benelux & Ireland.
The Role
We are seeking a SOC Principal to act as the technical authority driving the evolution of our Security Operations capability. This role focuses on advancing detection capability, hunting practices, and investigative standards to ensure the SOC remains ahead of emerging threats. By shaping how complex threats are identified and handled, the Principal sets the benchmark for technical excellence across the team.
As a senior escalation point, the Principal provides deep technical guidance to analysts and SecOps Leads while fostering a culture of continual improvement. Working closely with Detection Engineering, Threat Intelligence, and Incident Response, you will play a key role in maturing detection coverage, refining response workflows, and building the SOC’s long-term resilience against advanced adversaries.
Key Responsibilities and day to day:
Operational Leadership:
* Lead and oversee investigations into complex or ambiguous threats escalated from the SOC.
* Conduct root cause analysis and post-incident reviews, ensuring lessons learned feed back into operations.
* Identify and close detection gaps by collaborating with Detection Engineering on new, tuned, or improved rules.
* Drive proactive threat hunting initiatives using intelligence, behavioural indicators, and anomaly detection.
* Validate high-severity alerts for both technical accuracy and business impact.
Capability & People Leadership:
* Act as the escalation point for technical investigations and threat-related queries from Senior Analysts.
* Provide technical mentoring, informal upskilling, and guidance to SOC analysts.
* Contribute to the development, testing, and refinement of SOC SOPs, playbooks, and the detection lifecycle.
* Participate in evaluating and tuning SOC tools and workflows (SIEM, SOAR, EDR, enrichment, automation).
* Develop and enhance SOC capabilities, including enrichment logic, automation use cases, and threat hunting frameworks.
* Collaborate with Threat Intelligence to generate hunting leads and contribute insights back into CTI production.
Client Assurance & Representation:
* Represent SOC technical expertise in internal and client-facing service reviews.
* Provide expert support and guidance for client incidents escalated to SOC leadership.
To be successful in this role you’ll need/ What you’ll bring to the role or team/ What we’re looking for in a team mate
* Proven experience working within MSSP
* Strong expertise in SOC technologies (SIEM, EDR, SOAR, etc)
* In-depth expertise in the analysis of logs, artefacts, security events, IOCs, tactics, techniques and procedures (TTP’s)
* Proven ability to mentor and develop SOC analysts and act as a technical escalation point.
* Confidence representing SOC technical expertise in client-facing discussions and incident reviews.
* Strong analytical mindset with the ability to identify and drive strategic improvements across SOC operations.
* Deep understanding of the cyber kill chain and cybersecurity frameworks (e.g., MITRE ATT&CK, NIST, CIS) and threat landscapes
* Proven ability to handle high-pressure situations, make critical decisions, and manage complex incidents.
* Excellent communication and interpersonal skills, both verbal and written, to manage stakeholder and client relationships effectively
* Strong organisational and administrative skills, with attention to detail
* Good problem-solving abilities with a proactive focus on finding innovative and practical solutions.
* Ability to work collaboratively in a fast-paced environment
Experience collaborating with cross-functional teams (Threat Intelligence, Detection Engineering, Incident Response) to strengthen detection and response capabilities.
Benefits/Perks
* ☀️ Time off - 25 days leave + public holidays
* 🎂 x1 day Birthday leave per year
* 💰 Company Pension Scheme (employer contribution 5%) + flexible salary sacrifice
* 📞 Employee Assistance Programme (EAP) - access to dedicated mental health, emotional wellbeing and general advice
* 🏃♀️ EkcOlympics - a global activity for fun!
* 📚 Learning & development - Unlimited access to Pluralsight learning platform
* 🌱 A lot of responsibilities & opportunities to grow (also internationally)
Why Ekco
* ⭐️ Microsoft’s 2023 Rising Star Security Partner of the year
* 🚀 VMware & Veeam top partner status
* 🏅 Ranked as 4th fastest growing technology company in the Deloitte Fast50 Awards
* 🌈Ekco are committed to cultivating an environment that promotes diversity, equality, inclusion and belonging
* 🎉 We recognise the value of internal mobility and encourage opportunities for internal development & progression
* ✨ Flexible working with a family friendly focus are at the core of our company values