SOC Manager - L3 & MSSP (Inside IR35)

ob Description: SOC Manager (L3 & MSSP Oversight) - Inside IR35

Location: Gloucester (Hybrid: 2 days per week in-office)

Reports to: CISO/Head of Cyber Security

Role Overview

As the SOC Manager, you will be the bridge between high-level strategic security and deep-dive technical response. You aren't just managing a team; you are orchestrating an ecosystem. You will lead our internal Level 3 Incident Response function while acting as the primary service owner for our Accenture Managed Service.

Your mission is to ensure that the output from Microsoft Sentinel isn't just "noise" but actionable intelligence that protects our global infrastructure. You will be the final point of escalation for complex threats and the driving force behind continuous detection improvement.

Key Responsibilities

1. Leadership & Level 3 Management

• Direct Management: Lead and mentor a high-performing team of L3 Security Analysts, fostering a culture of curiosity and technical excellence.

• Crisis Handling: Act as the Incident Commander for P1/Major security incidents, coordinating response efforts across IT, Legal, and PR.

• Deep-Dive Analysis: Provide oversight on complex forensics and malware analysis tasks performed by your team.

2. MSSP Governance (Accenture & Microsoft Sentinel)

• Service Excellence: Manage the relationship with Accenture, ensuring they meet SLAs/KPIs and provide high-quality initial triage and L1/L2 support.

• Sentinel Optimization: Review and refine the Sentinel workbook outputs, KQL queries, and analytic rules developed by the MSSP to ensure they align with our specific threat profile.

• Data Strategy: Oversee the ingestion of logs into Sentinel, balancing visibility requirements with cost-effective data management.

3. Strategy & Continuous Improvement

• Detection Engineering: Lead the transition from reactive "alert-tuning" to proactive Threat Hunting and Purple Teaming.

• Automation: Drive the adoption of SOAR (Security Orchestration, Automation, and Response) playbooks within Sentinel to reduce Mean Time to Remediate (MTTR).

• Reporting: Translate technical SOC metrics into executive-level reports that demonstrate risk reduction to the Board.

Technical Requirements

• The Sentinel Expert: You have a deep understanding of the Microsoft Security Stack (Sentinel, Defender for Endpoint/Identity/Cloud).

• KQL Proficiency: You can write and review complex KQL (Kusto Query Language) queries.

• Incident Response: Proven experience in the full IR life cycle (NIST/SANS) within a large-scale enterprise.

• Cloud Fluency: Strong understanding of Azure architecture and multi-cloud security challenges.

Soft Skills & Experience

• Vendor Management: Experience managing large-scale MSSP contracts (ideally Accenture or similar Big 4/Global integrators).

• Communication: The ability to explain a "zero-day" to a non-technical stakeholder without using jargon.

• Geographic Flexibility: Comfortable working from the Gloucester office 2 days per week to collaborate with the core engineering and infrastructure teams.