Team Lead, SOC

We are seeking a highly skilled and motivated Security Analyst Team Lead to guide and support our security operations team. The successful candidate will provide leadership, management, technical expertise, and mentorship to a team of security analysts, ensuring effective investigation of alerts, escalation to our customer and continuous improvement of security operations.

They must demonstrate the ability to confidently manage and mentor junior analysts at both R1 and R2 levels, providing guidance, oversight, and support in day-to-day operations. Strong leadership skills should be complemented by excellent communication and stakeholder management capabilities.

As the role and wider team are fully remote, the ability to communicate clearly, consistently, and effectively—both verbally and in writing—is essential for successful collaboration and leadership in a distributed environment. They should be highly capable of producing clear, thorough, and high-quality documentation, including incident reports, standard operating procedures, and technical playbooks. Familiarity with security frameworks such as MITRE ATT&CK, NIST, or ISO 27001 is expected.

We are really looking for someone who is a self-starter, someone who can fully embrace and own their work. Taking the initiative and pulling people together towards the main goal.

This role involves working on a rotating shift pattern that includes both day and night shifts as well as occasional on call duty. As part of their responsibilities, the candidate will be expected to directly investigate security tickets, ensuring timely and thorough analysis, appropriate escalation, and effective resolution. A hands-on approach to incident handling is essential, as is the ability to work independently during out-of-hours shifts.

The candidate will be responsible for validating filtering and tuning opportunities within the detection environment to reduce false positives and enhance alert fidelity. Due to this, the role requires strong analytical skills, technical proficiency, and a commitment to continuous learning in a dynamic security environment using Splunk as its SIEM of choice.

Key Responsibilities

• Lead and mentor a team of security analysts across R1 and R2 levels, providing day-to-day oversight, technical guidance, and performance support.
• Manage the analysts within you team ensuring timely reports on performance and areas for improvement.
• Oversee and support the end-to-end alert lifecycle, including triage, investigation, escalation to the customer, and incident follow-up.
• Ensure all analysts adhere to defined processes and standards for security operations, documentation, and communication.
• Validate and implement filtering and tuning opportunities in the Splunk SIEM to improve detection fidelity and reduce false positives.
• Drive the creation and maintenance of high-quality documentation, including incident reports, investigation summaries, playbooks, and SOPs.
• Act as a key escalation point for complex security events, providing senior-level insight and technical direction during investigations.
• Collaborate with other teams and stakeholders to ensure seamless communication and alignment on security posture, risks, and incident handling.
• Promote a culture of continuous learning, encouraging team members to develop their skills and stay current with emerging threats and technologies.
• Contribute to the development and refinement of use cases, detection logic, and threat coverage aligned to frameworks like MITRE ATT&CK
• Support a remote-first team environment by communicating clearly, proactively, and consistently across multiple collaboration platforms.

Skills, Knowledge & Expertise

The ideal candidate has experience working in a cyber security environment. A senior SOC analyst, Data Engineer, Detection Engineer or similar type of roles would be suitable. They are a proactive and experienced security professional with a strong background in security operations and a passion for team leadership. They are confident in managing and mentoring junior analysts across R1 and R2 levels, providing both strategic direction and hands-on support. With exceptional communication skills, they thrive in a fully remote environment, maintaining clear, consistent, and effective collaboration with team members, external stakeholders, and regularly communicating with the EMC manager to ensure alignment and transparency.

Technically proficient, the candidate brings deep knowledge of security operations tools and practices, with a particular focus on Splunk as the SIEM of choice. They are adept at identifying and validating tuning and filtering opportunities to reduce false positives and improve detection accuracy. A detail-oriented mindset ensures their documentation—whether incident reports, playbooks, or procedures—is thorough, professional, and actionable.

They are well-versed in security frameworks such as MITRE ATT&CK, NIST, or ISO 27001, and possess strong analytical skills and a commitment to continuous learning in a fast-paced threat landscape. Above all, they are a reliable team leader who takes ownership of outcomes and actively contributes to the growth and maturity of the SOC.

Minimum Requirements

• Experience within a SOC analyst role, detection engineer, data engineer or similar.
• Strong use of Splunk Programming Language.
• Strong understanding of Content Delivery Networks and AWS Cloud technologies.

Desirable Requirements

• Hands-on experience with Splunk SIEM, including alert triage, investigation, tuning, filtering, and rule development
• Strong analytical and investigative skills for assessing security alerts, tickets, and incident data
• Familiarity with established security frameworks such as MITRE ATT&CK, NIST, and ISO 27001
• Experience in tuning and optimising detection content to reduce false positives and enhance alert fidelity
• Capable of drafting and maintaining clear, thorough, and professional technical documentation
• Strong understanding of common cyber threats, tactics, techniques, and procedures (TTPs)
• Technically proficient in troubleshooting complex alerts and contributing to detection engineering initiatives

Desirable Certifications

• Splunk Power User
• CompTIA CySA +
• CompTIA Security X
• Blue Team Level Two
• GCIH

**Behaviours **

• Demonstrates strong investigative instincts—able to piece together disparate data to uncover patterns, anomalies, and malicious activity.
• Challenges assumptions and seeks root causes, not surface-level symptoms, when identifying potential threats.
• Adds Value: Goes beyond the minimum requirements to provide solutions and contributions that enhance the customer’s success and growth.
• Strong leadership and team management abilities, with proven experience mentoring and guiding R1 and R2 level security analysts
• Capable of managing and prioritising workloads across a rotating shift pattern, including both day and night shifts
• Excellent verbal and written communication skills, essential for effective collaboration in a fully remote, distributed team environment
• Clear and consistent stakeholder engagement and reporting capabilities
• Skilled in producing high-quality documentation, including incident reports, standard operating procedures (SOPs), playbooks, and investigation summaries
• Confident in conflict resolution, decision-making, and acting as the escalation point during complex security incidents
• Proactive in identifying areas for team and process improvement, with a commitment to continuous service enhancement
• Ability to foster a culture of continuous learning and professional development within the team
• Self-motivated and dependable when working independently, particularly during out-of-hours or high-pressure situations
• Strong organisational and time management skills, ensuring adherence to deadlines and service level agreements (SLAs)

Job Benefits

• Flexible Working : Balance your work and personal life with our flexible working options.
• Generous Holiday Allowance : Enjoy 25 days of holiday, plus bank holidays, with the option to buy up to 5 additional days of annual leave.
• Medicash & Critical Illness Scheme
• Financial & Investment Benefits: Enjoy peace of mind with our Pension, Life Assurance, and Share Save Scheme.
• Community & Volunteering Programmes: Make a difference in your community with our volunteering opportunities.
• Green Car Scheme: Drive green and save money with our eco-friendly car scheme.
• Cycle Schem e: Stay fit and healthy with our cycle-to-work scheme.
• Special Time Off : Take time off for those big moments in life, like getting married/entering into a civil partnership, becoming a grandparent, and welcoming home a new pet.
• Family Planning : Benefit from our generous maternity and paternity leave, as well as time off and support for those undergoing fertility treatments.