SOC Lead

SOC Lead

6 months

Bath - hybrid x3 days onsite x2 remote

Active SC/DV clearance required

£700 per day outside IR35

The SOC Lead - Threat Hunting & Investigations is responsible for leading advanced threat detection, proactive threat hunting, and complex security investigations across the enterprise. This role focuses on identifying unknown threats, coordinating deep-dive investigations, and elevating the maturity of SOC investigative and hunting capabilities. The role combines technical leadership, hands-on expertise, and mentorship of analysts.

Key Responsibilities

Threat Hunting

• Lead proactive, hypothesis-driven threat hunting activities across endpoint, network, cloud, identity, and SaaS environments
• Develop and maintain threat hunting playbooks aligned to MITRE ATT&CK techniques
• Identify stealthy, low-and-slow, and novel attack patterns not detected by automated controls
• Translate threat intelligence into actionable hunt hypotheses
• Continuously refine detection logic based on hunt outcomes and emerging threats

Investigations & Incident Response

• Lead complex and high-severity security investigations from triage through containment and remediation
• Act as the technical escalation point for advanced SOC investigations
• Conduct root cause analysis and attacker kill-chain reconstruction
• Produce clear, defensible investigation documentation suitable for executive, legal, and regulatory audiences
• Coordinate incident response activities with IR, IT, Legal, Risk, and external partners as required

SOC Technical Leadership

• Define investigation standards, workflows, and quality benchmarks
• Mentor and upskill SOC analysts in hunting methodologies and investigative techniques
• Review and improve alert fidelity, detection coverage, and response effectiveness
• Provide technical oversight for tooling such as SIEM, EDR/XDR, NDR, SOAR, and cloud-native security platforms

Detection Engineering & Improvement

• Collaborate with detection engineers to convert hunt findings into new or improved detections
• Identify visibility gaps and recommend logging, telemetry, and tooling improvements
• Validate detection performance through purple team activities and simulation

Threat Intelligence & Collaboration

• Consume and operationalise internal and external threat intelligence
• Maintain awareness of attacker tactics, tools, and campaigns relevant to the organisation
• Act as a key interface between SOC, Threat Intel, Red Team, and Vulnerability Management

Reporting & Metrics

• Track and report on hunt coverage, outcomes, dwell time, MTTR, and investigation quality
• Provide regular insights to senior leadership on threat trends and risk posture

Required Skills & Experience

Technical Experience

• 7+ years in Security Operations, Threat Hunting, or Incident Response
• Proven experience leading investigations involving advanced persistent threats, insider threats, or targeted attacks
• Strong hands-on expertise with:
• SIEM platforms (e.g. Sentinel, Splunk, Elastic)
• EDR/XDR solutions (e.g. Defender, CrowdStrike, SentinelOne)
• Network and cloud security telemetry
• Strong understanding of:
• MITRE ATT&CK
• Windows, Linux, and cloud attack techniques
• Malware behaviours, credential abuse, lateral movement, and persistence mechanisms

Leadership & Soft Skills

• Demonstrated ability to lead and mentor technical teams
• Strong investigative mindset with attention to detail
• Excellent written and verbal communication skills
• Ability to translate technical findings into business and risk context

Desirable Skills

• Experience with detection engineering or SOAR automation
• Purple team or red team collaboration experience
• Forensic analysis experience (memory, disk, network)
• Exposure to regulatory environments (e.g. ISO 27001, NIST, GDPR)

Apply now to be part of this impactful opportunity!