SOC LEAD

• Lead and operate the Trust’s SOC capability across monitoring, detection and response
• Own and optimise SIEM, EDR and security tooling to deliver high-quality visibility and alerting
• Deliver effective incident response leadership, including major incident coordination and recovery
• Establish and continuously improve detection use cases and automation (SOAR/playbooks)
• Embed threat intelligence–driven operations and lead proactive threat hunting
• Align SOC activity to organisational risk and vulnerability prioritisation
• Act as key interface with national cyber services and internal stakeholders
• Build and lead a high-performing SOC team, including recruitment and capability development
• Deliver clear SOC performance reporting (KPIs/KRIs) and executive insight
• Drive continuous SOC maturity improvement aligned to best practice frameworks

Person Specifications

Essential:

· Degree in Cyber Security, IT, or equivalent experience

Desirable:

· CISSP, CISM, GIAC or equivalent

Essential:

· SOC operations experience

· Incident detection and response

· SIEM and EDR tools

· Detection use case development

· Team leadership/mentoring

Desirable:

· NHS experience

· SOAR/threat hunting

Essential:

· SOC operations and threat detection

· Threat intelligence and vulnerability management

· Strong communication

Desirable:

· Cloud monitoring

· Automation or scripting