Job Openings SOC Team Leader

About the job SOC Team Leader

SOC Team Leader - CNI / Defence Sector

Location: On-site Hertfordshire Area
Clearance: Must hold or be eligible for DV Clearance
Schedule: 2 days, 2 nights, 4 off (12-hour shifts)

We are seeking a Team Leader to join our Security Operations Centre (SOC) based on-site in Hertfordshire. You'll be responsible for leading a team of analysts on a shift pattern, providing tactical leadership, ensuring high-quality triage and analysis, and contributing to continuous improvement of detection and response operations.

This is a fantastic opportunity to play a key role in securing critical national infrastructure while developing your career within a high-assurance environment.

Key Responsibilities

  • Lead a shift team of SOC Analysts, providing guidance, mentoring, and support on a 24/7 operational rota.

  • Oversee real-time monitoring, triage, investigation, and escalation of security alerts.

  • Act as point of escalation for high-priority incidents and ensure correct response procedures are followed.

  • Drive improvements in detection rules, response procedures, and knowledge-sharing using frameworks like MITRE ATT&CK.

  • Ensure accurate documentation of incidents and shift handover notes.

  • Represent the SOC in stakeholder meetings as required, delivering briefings and updates.

  • Maintain high situational awareness of threat landscape relevant to client environment.

  • Support onboarding and continuous training of new analysts.

  • Foster a positive, performance-driven team culture in a high-tempo environment.

Essential Skills & Experience

  • Proven experience working in a SOC, including shift-based or high-tempo environments.

  • Strong familiarity with SIEM technologies (especially Microsoft Sentinel and Splunk).

  • Confident understanding of networking fundamentals (TCP/IP, DNS, firewalls, proxies, VPNs).

  • Exposure to MITRE ATT&CK and threat-informed detection engineering.

  • Experience leading or mentoring junior analysts in a technical security environment.

  • Strong decision-making and incident management capabilities.

  • Clear and concise written and verbal communication skills.

Desirable Qualifications

  • Experience working within the defence or critical national infrastructure space.

  • Exposure to threat intelligence and/or static malware analysis.

  • Familiarity with scripting languages (Python, PowerShell, Bash, etc.).

Note: Candidates must be eligible for DV (Developed Vetting) security clearance, which typically requires sole UK nationality and long-term UK residency.


Or refer someone