A leading gaming sector organisation undergoing a significant cybersecurity transformation.
The SOC has recently transitioned from a third-party MSSP to a fully in-house 24/7 operation. Operating under strict Gaming Commission oversight, this is one of the UK's most highly regulated environments, with a strong focus on resilience, compliance, and operational excellence.
Key responsibilities
* Lead, mentor, and develop a team of SOC analysts in a 24/7 operational environment across a three-shift rotation
* Own and enhance incident detection and response capabilities
* Act as senior decision-maker during major incidents and crisis situations
* Develop and implement SOC use cases aligned to the MITRE ATT&CK framework
* Drive continuous improvement across SOC processes, tooling, and playbooks
* Collaborate with Security Engineering to optimise detection pipelines
* Build strong relationships with stakeholders across technology and the wider business
* Partner with the Major Incident Manager on critical security events
* Support regulatory compliance, audit requirements, and contribute to strategic direction
Experience
* Proven experience managing SOC or security operations teams
* Strong background in incident response and crisis management
* Background in highly regulated environments (Gaming, Financial Services, Utilities) Technical skills
* Demonstrated ability to operate effectively in high-pressure situations
Technical skills
* SIEM platforms — Sentinel, Splunk, Elastic or similar
* SOC operations, detection engineering, and security tooling
* MITRE ATT&CK framework and use case development
* Demonstrated ability to operate effectively in high-pressure situations
* Security pipelines, integrations, and emerging AI/LLM in cybersecurity
* Strong leadership and people development capabilities
* Confident and decisive under pressure
* Excellent stakeholder management and communication
* Collaborative, personable, and resilient mindset
Technical environment
* SIEM platforms — Microsoft Sentinel, Splunk, Elastic (SIEM transition in progress; training provided)
* Modern security operations tooling and detection engineering practices
* Emerging focus on AI/LLM applications within security operations
Working arrangements
* Hybrid model — minimum 1 day per week onsite in Warrington
* Flexibility offered, with initial emphasis on building strong in-person relationships
* New state-of-the-art office and dedicated SOC facility opening May/June 2026
#J-18808-Ljbffr