Lead SOC Analyst (Leeds)

Lead SOC Analyst

Leeds

SC Clearance essential

Day Shift / On-site

A leading UK-based consultancy specialising in Defence and Security is seeking an experienced Lead SOC Analyst to support the day-to-day operations and continuous improvement of a dedicated SOC for a high-profile Critical National Infrastructure (CNI) organisation. This opportunity involves working at the forefront of cyber defence, helping to secure hundreds of cloud-hosted systems across AWS and Azure environments from persistent and advanced threats.

This strategic SOC is designed to be a benchmark of cyber security excellence, blending in-house and consultancy staff across multiple sites. Core operational duties will be conducted from a secure facility in Leeds, due to essential connectivity with the customer’s network.

The role is shift-based, supporting 24/7 operations as part of a structured four-team rotation. The successful candidate will play a vital role in detecting, analysing, and responding to security threats using industry-leading Security Information and Event Management (SIEM) and orchestration tools. Due to the nature of the project applicants must hold an active SC Clearance and be eligible for enhanced clearance checks

Key Responsibilities:

• Lead operational cyber defence activities across a 24/7 SOC environment.
• Deliver comprehensive shift handover briefings and ensure continuity across teams.
• Monitor and analyse SIEM alerts, logs, and network traffic to identify and respond to security threats.
• Triage and categorise incidents in accordance with established security policies.
• Detect and investigate intrusion attempts and determine their scope and impact.
• Document high-quality security incident reports, supported by threat intelligence and independent research.
• Conduct or support remediation efforts to neutralise threats, restore systems, and prevent recurrence.
• Produce post-incident review reports and provide actionable security improvement recommendations.
• Apply threat intelligence to improve detection capabilities and situational awareness.
• Support national-scale cyber incident response activities in a coaching or mentoring capacity.
• Collaborate with internal and client teams to enhance SOC services and align with evolving threat landscapes.
• Develop automated response workflows for SOAR platforms targeting common attack vectors.
• Drive continuous improvement by refining detection use cases and enhancing SOC processes.

Technical Skills & Experience:

• Hands-on experience with SIEM tools such as Splunk (Enterprise Security) and Microsoft Sentinel.
• Proficiency in Python and scripting for automation and analysis tasks.
• Strong understanding of security architecture, especially in cloud (AWS/Azure) and network environments.
• Experience with cyber threat intelligence, including threat actor tactics, techniques, and procedures (TTPs).
• Proven track record of investigating complex intrusions, including nation-state or targeted ransomware attacks.
• Solid knowledge of TCP/IP, network traffic analysis, and anomaly detection.
• Familiarity with a broad range of security tools and platforms.
• Experience in developing custom detection content and automation scripts.

Non-Technical:

• Excellent communication and consulting skills, with the ability to brief stakeholders and produce clear reports.
• Proven leadership and coaching mindset to mentor junior analysts.
• Strong stakeholder engagement and client-facing experience.
• Self-motivated with the ability to work independently in high-pressure environments.
• Adaptability to work across diverse teams and organisational cultures.