SOC Lead

SOC lead required for innovative MSP. You will lead the strategic direction, performance, and day-to-day operations of their Security Operations Centre (SOC). As a central figure in security services, you'll ensure the efficient detection, analysis, and response to cyber threats across a diverse client portfolio. This leadership role involves mentoring your team, enhancing our security processes, and driving ongoing improvements in threat detection and incident response capabilities.

Key Responsibilities

Team Leadership & Development

• Lead and mentor a team of SOC analysts, fostering a collaborative, high-performing environment.
• Manage team scheduling, conduct performance reviews, and support professional growth and development.

SOC Operations Oversight

• Supervise 24/7/365 monitoring of client environments, ensuring consistent adherence to SLAs for threat detection and incident response.
• Drive operational efficiency and ensure timely escalation and resolution of security incidents.

Incident Response Management

• Serve as the main escalation point for significant security incidents.
• Coordinate response efforts and ensure clear communication with both internal teams and external clients.

Process & Workflow Optimization

• Continuously review, update, and document SOC processes, playbooks, and standard operating procedures (SOPs) to improve operational effectiveness.

Technology Oversight

• Ensure the reliability and performance of security tools, including SIEM and EDR platforms.
• Lead the evaluation, selection, and implementation of new security technologies and enhancements.

Reporting & Analytics

• Develop and maintain KPIs and metrics to assess SOC performance.
• Deliver regular reports and insights to senior leadership and clients on security trends and incident management.

Client Relationship Management

• Act as a trusted advisor to clients, contributing to service reviews and providing expert security guidance.

Required Experience & Skills

• Proven experience working in a Security Operations Centre (SOC) or related cybersecurity environment.
• Industry-recognised certifications (preferred), such as a cybersecurity degree, Network+, Security+, or equivalent technical qualifications.
• Strong hands-on knowledge of SIEM and EDR platforms, including experience configuring and writing queries (eg, SQL, KQL).
• Familiarity with cloud platforms (AWS, Azure, etc.) and securing hybrid IT environments.
• Excellent communication skills, both verbal and written, with the ability to translate technical information for non-technical audiences.
• Previous experience in an incident response role and a solid understanding of IR processes.
• Demonstrated experience leading or managing a security-focused team.
• Understanding of key security frameworks and standards, such as ISO 27001, NIST, and Crest.