SOC Shift Lead – London
Salary: £46,000 – £84,000 + 25% Shift Allowance
Location: London (On‑site)
Security Requirement: DV‑clearable (does not need to hold DV at application stage)
Work Pattern: 24/7 shift rota — 14 shifts per 28‑day cycle, 12‑hour shifts, rotating nights/days
Career Level: Associate Manager
About the Role
We are seeking an experienced SOC Shift Lead to join a highly secure, high‑performance operations environment supporting sensitive UK‑based compute infrastructure.
This role is central to real‑time defensive security operations and requires a decisive leader capable of managing escalations, guiding analysts, and maintaining a strong security posture across mission‑critical systems.
You will operate within a 24/7 Security Operations Centre, leading your assigned shift, coordinating incident response activities, and ensuring operational continuity in the absence of senior management.
Key Responsibilities
* Lead investigations into escalated security incidents, assessing attack vectors, scope, and business impact.
* Correlate telemetry across SIEM, EDR, network, and cloud data sources to form complete incident narratives.
* Direct containment, eradication, and recovery actions in partnership with IT/OT stakeholders.
* Own medium‑ and high‑severity incident response activities, producing detailed investigation documentation.
* Tune and optimise detection content in collaboration with engineering and content‑development teams.
* Identify detection gaps and recommend improvements to playbooks, workflows, and overall SOC maturity.
* Mentor L1 Analysts, providing technical guidance and quality assurance on triage work.
* Participate in SOC exercises, simulations, and continuous readiness activities.
* Act as shift authority, managing escalations and ensuring operational stability during your rotation.
Role Requirements
* Education: Bachelor’s degree in Cybersecurity, Computer Science, or related discipline.
* Experience: 7–10 years in SOC operations, incident response, threat analysis, or similar defensive security roles.
* Preferred Certifications: GCIA, GCIH, CompTIA CySA+, Microsoft SC‑200, Splunk Power User (or equivalent).
* Technical Expertise:
* Strong analytical mindset with deep knowledge of SIEM/EDR tooling.
* Understanding of adversary behaviour, malware characteristics, and incident‑handling methodologies.
Shift Structure & Security Conditions
* 14 shifts every 28 days, each 12 hours, rotating 3 nights → 4 days off → 3 days.
* Includes a 25% shift premium based on base salary.
* Must be British‑born and eligible for DV clearance.
* Employment requires passing BPSS checks and meeting strict security‑history requirements.