SOC Manager

SOC Engineering Lead

£70,000 - £80,000 DOE 

Hybrid Working

UKSV clearance required candidates must hold or be eligible to obtain clearance.

This role leads the Security Engineering function within a high-performing Security Operations Centre.

It is a pivotal leadership position responsible for onboarding delivery, platform engineering, detection optimisation and technical transition into live SOC services.

The team is technically strong. What it needs is structure, prioritisation and consistent leadership.

You will bring clarity, accountability and calm while remaining technically credible and hands-on.

This is not a pure management role. You must be able to lead from the front.

The Role

You will:

• Lead and schedule the SOC Engineering team across onboarding and live service activity
• Own technical delivery during customer onboarding and transition
• Oversee Sentinel connector deployment, Defender integration, rule tuning and SOAR playbooks
• Ensure structured service handover into SOC operations with clear documentation
• Act as escalation point for complex engineering issues in live environments
• Maintain SLA adherence and platform health
• Improve detection logic, automation and enrichment capability
• Drive engineering standards, reporting clarity and workload discipline
• Coach and develop junior engineers
• Maintain technical authority across Microsoft Sentinel, Defender suite, Entra ID and Azure security architecture

What Success Looks Like

• Onboarding delivered on time with validated integrations
• Clean handover into SOC with documented runbooks
• Improved automation and measurable SOC efficiency gains
• A structured, aligned engineering team with clear ownership

Essential Experience

• Experience leading a Security Engineering team within an MSP, MSSP or SOC environment
• Strong hands-on expertise with Microsoft Sentinel and Defender XDR
• Deep understanding of Azure security architecture and ingestion strategy
• Proven experience configuring connectors and tuning detection rules
• Experience with SOAR platforms
• Strong KQL capability
• Ability to manage competing priorities in fast-paced environments
• Experience managing ingestion costs or cloud service optimisation
• Confident customer communication

Desirable

• Integration experience (Mimecast, Darktrace, legacy EDR platforms)
• ITIL exposure (change and incident management)
• Google Cloud or AWS knowledge
• Microsoft security certifications
• GIAC, CISSP, CYSA+ or equivalent

Leadership Profile

You are:

• Structured and operationally disciplined
• Calm under pressure
• Comfortable holding accountability
• Technically credible with engineers
• Clear and direct with customers
• Focused on outcomes, not activity

This role will not suit someone who prefers individual contribution without people leadership responsibility.