SOC Team Leader - CNI / Defence Sector Location: On-site Hertfordshire Area Clearance: Must hold or be eligible for DV Clearance Schedule: 2 days, 2 nights, 4 off (12-hour shifts) We are seeking a Team Leader to join our Security Operations Centre (SOC) based on-site in Hertfordshire. You'll be responsible for leading a team of analysts on a shift pattern, providing tactical leadership, ensuring high-quality triage and analysis, and contributing to continuous improvement of detection and response operations. This is a fantastic opportunity to play a key role in securing critical national infrastructure while developing your career within a high-assurance environment. Key Responsibilities Lead a shift team of SOC Analysts, providing guidance, mentoring, and support on a 24/7 operational rota. Oversee real-time monitoring, triage, investigation, and escalation of security alerts. Act as point of escalation for high-priority incidents and ensure correct response procedures are followed. Drive improvements in detection rules, response procedures, and knowledge-sharing using frameworks like MITRE ATT&CK. Ensure accurate documentation of incidents and shift handover notes. Represent the SOC in stakeholder meetings as required, delivering briefings and updates. Maintain high situational awareness of threat landscape relevant to client environment. Support onboarding and continuous training of new analysts. Foster a positive, performance-driven team culture in a high-tempo environment. Essential Skills & Experience Proven experience working in a SOC, including shift-based or high-tempo environments. Strong familiarity with SIEM technologies (especially Microsoft Sentinel and Splunk ). Confident understanding of networking fundamentals (TCP/IP, DNS, firewalls, proxies, VPNs). Exposure to MITRE ATT&CK and threat-informed detection engineering. Experience leading or mentoring junior analysts in a technical security environment. Strong decision-making and incident management capabilities. Clear and concise written and verbal communication skills. Desirable Qualifications Experience working within the defence or critical national infrastructure space. Exposure to threat intelligence and/or static malware analysis. Familiarity with scripting languages (Python, PowerShell, Bash, etc.). Note: Candidates must be eligible for DV (Developed Vetting) security clearance, which typically requires sole UK nationality and long-term UK residency.