The role
offers real variety and continued hands-on involvement, combining leadership with incident response, threat detection, and operational delivery.
We will also consider experienced SOC professionals who are ready to step into a leadership position while remaining technically engaged.
You will lead a team of analysts within a 24/7 SOC, acting as the primary escalation point for complex incidents, supporting operational delivery, and helping to mature our detection and response capabilities across multiple clients.
This role is site-based in Hemel Hempstead and follows a shift pattern of two day shifts (6am–6pm), two night shifts (6pm–6am), followed by four days off.
What you'll be doing:
1. Lead and mentor a team of SOC Analysts, providing technical guidance and operational oversight during shifts.
2. Act as the primary escalation point for high-severity security incidents.
3. Monitor, triage, and investigate host- and network-based security alerts across critical client infrastructure.
4. Conduct in-depth analysis of logs, alerts, and network traffic to identify malicious activity.
5. Contribute to the development and improvement of detection rules and use cases aligned to the MITRE ATT&CK framework.
6. Support continuous improvement of SOC processes, tooling, and incident response playbooks.
7. Maintain clear and accurate incident documentation, including reports and post-incident reviews.
8. Represent the SOC in operational meetings with internal teams, partners, and stakeholders.
What you will bring:
9. Proven experience working in a Security Operations Centre (SOC) environment.
10. Experience handling and escalating security incidents across enterprise environments.
11. Strong understanding of network and host-based attack techniques.
12. Hands-on experience with SIEM platforms, ideally Microsoft Sentinel or Splunk.
13. Experience leading or mentoring analysts in an operational security environment.
It would be great if you had:
14. Experience improving detection content or threat-informed defense use cases.
15. Familiarity with the MITRE ATT&CK framework.
16. Scripting or automation experience ( Python, PowerShell, Bash).
17. Exposure to malware analysis or reverse engineering (not required for day-to-day work).
18. Relevant certifications such as CREST Practitioner Intrusion Analyst, Blue Team Level 1, or similar.
If you are interested in this role but not sure if your skills and experience are exactly what we’re looking for, please do apply, we’d love to hear from you!
Employment Type: Permanent
Location: Hemel Hempstead
Security Clearance Level: Eligible for DV (Developed Vetting)
Internal Recruiter: Lee
Salary: Up to £75k + on call allowance
Benefits: 25 days annual leave with the choice to buy additional holiday days, health cash plan, life assurance, and pension