SOC Manager

A leading gaming sector organisation undergoing a significant cybersecurity transformation.

The SOC has recently transitioned from a third-party MSSP to a fully in-house 24/7 operation. Operating under strict Gaming Commission oversight, this is one of the UK's most highly regulated environments, with a strong focus on resilience, compliance, and operational excellence.

Key responsibilities

• Lead, mentor, and develop a team of SOC analysts in a 24/7 operational environment across a three-shift rotation

• Own and enhance incident detection and response capabilities

• Act as senior decision-maker during major incidents and crisis situations

• Develop and implement SOC use cases aligned to the MITRE ATT&CK framework

• Drive continuous improvement across SOC processes, tooling, and playbooks

• Collaborate with Security Engineering to optimise detection pipelines

• Build strong relationships with stakeholders across technology and the wider business

• Partner with the Major Incident Manager on critical security events

• Support regulatory compliance, audit requirements, and contribute to strategic direction

Experience

• Proven experience managing SOC or security operations teams

• Strong background in incident response and crisis management

• Background in highly regulated environments (Gaming, Financial Services, Utilities) Technical skills

• Demonstrated ability to operate effectively in high-pressure situations

Technical skills

• SIEM platforms — Sentinel, Splunk, Elastic or similar

• SOC operations, detection engineering, and security tooling

• MITRE ATT&CK framework and use case development

• Demonstrated ability to operate effectively in high-pressure situations

• Security pipelines, integrations, and emerging AI/LLM in cybersecurity

Soft skills

•Strong leadership and people development capabilities

• Confident and decisive under pressure

• Excellent stakeholder management and communication

• Collaborative, personable, and resilient mindset

Technical environment

• SIEM platforms — Microsoft Sentinel, Splunk, Elastic (SIEM transition in progress; training provided)

• Modern security operations tooling and detection engineering practices

• Emerging focus on AI/LLM applications within security operations

Working arrangements

• Hybrid model — minimum 1 day per week onsite in Warrington

• Flexibility offered, with initial emphasis on building strong in-person relationships

• New state-of-the-art office and dedicated SOC facility opening May/June 2026