Role Overview
We are seeking an experienced and strategic SOC Manager to lead the Security Operations Centre in protecting critical infrastructure and digital assets across enterprise and operational environments. This role is pivotal in ensuring real-time threat detection, incident response, and continuous improvement of cybersecurity posture within a high-assurance, multi-domain organisation.
Key Responsibilities
* Lead and manage the SOC team, overseeing daily operations, incident response, and threat monitoring.
* Develop and maintain SOC processes, playbooks, and escalation procedures aligned with industry best practices.
* Ensure timely detection, analysis, containment, and remediation of security incidents.
* Oversee the deployment, configuration, and optimisation of SOC tools including SIEM, SOAR, IDS/IPS, endpoint protection, and threat intelligence platforms.
* Collaborate with IT, engineering, and cybersecurity teams to ensure alignment with broader security architecture and compliance requirements.
* Conduct regular threat hunting, vulnerability assessments, and gap analyses to proactively identify risks.
* Produce detailed reports and metrics on SOC performance, incident trends, and threat landscape.
* Ensure compliance with regulatory frameworks including ISO 27001, NIST SP800, and MOD-specific standards (JSPs, DEFSTANs).
* Support audits, penetration tests, and certification efforts as required.
* Mentor and develop SOC analysts, fostering a culture of continuous learning and operational excellence.
Requirements
Required Qualifications & Experience
* Proven experience managing a SOC or leading incident response teams in regulated environments.
* Strong understanding of cybersecurity operations, threat intelligence, and incident management.
* Hands-on experience with SIEM platforms (e.g., Splunk, QRadar), SOAR tools, and endpoint protection solutions.
* Familiarity with regulatory and compliance frameworks including ISO 27001, NIST, and MOD standards.
* Excellent leadership, communication, and stakeholder engagement skills.
* UK citizenship and eligibility for SC clearance (mandatory).
Desirable Qualifications
* Certifications such as CISSP, CISM, GIAC, or equivalent.
* Experience with cloud security monitoring (Azure, AWS).
* Knowledge of secure network architecture and cross-domain solutions.
* Exposure to DevSecOps and secure software development practices.