The role
This role leads the Security Engineering team within ANS’s Security Operations Centre. It is a pivotal position responsible for driving onboarding, tuning, rule deployment, and technical platform support during customer transitions, as well as overseeing engineering-led activity within live services.
As a people leader, you will bring structure, clarity, and calm to a highly capable team that thrives on technical challenges. You’ll apply emotional intelligence, professional resilience, and strong coaching skills to support their development, strengthen alignment and prioritisation, and ensure consistent, high‑quality delivery.
What will I do?
* Lead and schedule the SOC Engineering team to ensure clarity, consistency and manageable workloads across onboarding and live services.
* Own the delivery of engineering activity during customer onboarding and transition, including Sentinel connector setup, Microsoft Defender integration, rule tuning, and SOAR playbook deployment.
* Ensure structured service handover to SOC Analysts post-onboarding, with clear technical documentation and expectations.
* Act as escalation point for complex engineering-led issues in live environments, maintaining SLAs and platform health.
* Drive continual improvement in detection logic, rule effectiveness, enrichment, automation and engineering playbooks.
* Provide technical leadership in core tooling: Microsoft Sentinel, Defender for Endpoint, Defender for Cloud, Entra ID and integration platforms. Google Chronicle SOAR (technical ownership sits with SecDevOps Lead)
* Champion best practices in customer environment configuration, data ingestion, and engineering change control.
* Bring structure to engineering reporting and team outputs, with clarity on ownership, outcomes, and next steps.
* Support the development of junior engineers, setting standards for communication, time management and delivery focus.
What will I bring to the role?
Essential:
* Experience managing or leading a technical security engineering team within an MSP, MSSP or SOC environment.
* Proven experience with Microsoft Security Suite (Sentinel, Defender XDR, Defender for Cloud) and Sentinel setup/integration.
* Strong technical expertise with Microsoft Azure (Azure AD, Lighthouse, and security architecture)
* Proven experience configuring connectors, setting up data ingestion, and tuning detection rules.
* Experience with Google Chronicle SOAR or other SOAR/SIEM platforms
* Comfortable writing or modifying KQL queries, understanding detection logic, and debugging enrichment issues.
* Excellent communication and interpersonal skills, able to translate technical activity into customer-facing updates.
* High emotional intelligence able to support and guide a stretched team, while holding standards and focus.
* Ability to set priorities, manage competing demands and keep work structured in fast-paced environments.
* Prior exposure to cost control in log ingestion or cloud service consumption.
* Strong collaboration skills, with the ability to interface effectively with analysts, architects, and customers.
Desirable:
* Experience with additional integrations such as Mimecast, Darktrace, or legacy EDR platforms.
* Understanding of ITIL processes, especially change and incident management.
* Knowledge of Google Cloud Platform.
* Knowledge of AWS.