SOC Team Leader - CNI / Defence Sector
Location: On-site Hertfordshire Area
Clearance: Must hold or be eligible for DV Clearance
Schedule: 2 days, 2 nights, 4 off (12-hour shifts)
We are seeking a Team Leader to join our Security Operations Centre (SOC) based on-site in Hertfordshire. You'll be responsible for leading a team of analysts on a shift pattern, providing tactical leadership, ensuring high-quality triage and analysis, and contributing to continuous improvement of detection and response operations.
This is a fantastic opportunity to play a key role in securing critical national infrastructure while developing your career within a high-assurance environment.
Key Responsibilities
* Lead a shift team of SOC Analysts, providing guidance, mentoring, and support on a 24/7 operational rota.
* Oversee real-time monitoring, triage, investigation, and escalation of security alerts.
* Act as point of escalation for high-priority incidents and ensure correct response procedures are followed.
* Drive improvements in detection rules, response procedures, and knowledge-sharing using frameworks like MITRE ATT&CK.
* Ensure accurate documentation of incidents and shift handover notes.
* Represent the SOC in stakeholder meetings as required, delivering briefings and updates.
* Maintain high situational awareness of threat landscape relevant to client environment.
* Support onboarding and continuous training of new analysts.
* Foster a positive, performance-driven team culture in a high-tempo environment.
Essential Skills & Experience
* Proven experience working in a SOC, including shift-based or high-tempo environments.
* Strong familiarity with SIEM technologies (especially Microsoft Sentinel and Splunk).
* Confident understanding of networking fundamentals (TCP/IP, DNS, firewalls, proxies, VPNs).
* Exposure to MITRE ATT&CK and threat-informed detection engineering.
* Experience leading or mentoring junior analysts in a technical security environment.
* Strong decision-making and incident management capabilities.
* Clear and concise written and verbal communication skills.
Desirable Qualifications
* Experience working within the defence or critical national infrastructure space.
* Exposure to threat intelligence and/or static malware analysis.
* Familiarity with scripting languages (Python, PowerShell, Bash, etc.).
Note: Candidates must be eligible for DV (Developed Vetting) security clearance, which typically requires sole UK nationality and long-term UK residency.