SOC Lead

SOC Lead
Below covers everything you need to know about what this opportunity entails, as well as what is expected from applicants.

6 months

Bath - hybrid x3 days onsite x2 remote

Active SC/DV clearance required

£700 per day outside IR35

The SOC Lead - Threat Hunting & Investigations is responsible for leading advanced threat detection, proactive threat hunting, and complex security investigations across the enterprise. This role focuses on identifying unknown threats, coordinating deep-dive investigations, and elevating the maturity of SOC investigative and hunting capabilities. The role combines technical leadership, hands-on expertise, and mentorship of analysts.

Key Responsibilities

Threat Hunting

• Lead proactive, hypothesis-driven threat hunting activities across endpoint, network, cloud, identity, and SaaS environments

• Develop and maintain threat hunting playbooks aligned to MITRE ATT&CK techniques

• Identify stealthy, low-and-slow, and novel attack patterns not detected by automated controls

• Translate threat intelligence into actionable hunt hypotheses

• Continuously refine detection logic based on hunt outcomes and emerging threats

Investigations & Incident Response

• Lead complex and high-severity security investigations from triage through containment and remediation

• Act as the technical escalation point for advanced SOC investigations

• Conduct root cause analysis and attacker kill-chain reconstruction

• Produce clear, defensible investigation documentation suitable for executive, legal, and regulatory audiences

• Coordinate incident response activities with IR, IT, Legal, Risk, and external partners as required

SOC Technical Leadership

• Define investigation standards, workflows, and quality benchmarks

• Mentor and upskill SOC analysts in hunting methodologies and investigative techniques

• Review and improve alert fidelity, detection coverage, and response effectiveness

• Provide technical oversight for tooling such as SIEM, EDR/XDR, NDR, SOAR, and cloud-native security platforms

Detection Engineering & Improvement

• Collaborate with detection engineers to convert hunt findings into new or improved detections

• Identify visibility gaps and recommend logging, telemetry, and tooling improvements

• Validate detection performance through purple team activities and simulation

Threat Intelligence & Collaboration

• Consume and operationalise internal and external threat intelligence

• Maintain awareness of attacker tactics, tools, and campaigns relevant to the organisation

• Act as a key interface between SOC, Threat Intel, Red Team, and Vulnerability Management

Reporting & Metrics

• Track and report on hunt coverage, outcomes, dwell time, MTTR, and investigation quality

• Provide regular insights to senior leadership on threat trends and risk posture

Required Skills & Experience

Technical Experience

• 7+ years in Security Operations, Threat Hunting, or Incident Response

• Proven experience leading investigations involving advanced persistent threats, insider threats, or targeted attacks xwzovoh

• Strong hands-on expertise with:

• SIEM platforms (e.g. Sentinel, Splunk, Elastic)

• EDR/XDR solutions (e.g. Defender, Crowd

Strike, Sentinel

One)

• Network and cloud security telemetry

• Strong understanding of:

• MITRE ATT&CK

• Windows, Linux, and cloud attack techniques

• Malware behaviours, credential abuse, lateral movement, and persistence mechanisms

Leadership & Soft Skills

• Demonstrated ability to lead and mentor technical teams

• Strong investigative mindset with attention to detail

• Excellent written and verbal communication skills

• Ability to translate technical findings into business and risk context

Desirable Skills

• Experience with detection engineering or SOAR automation

• Purple team or red team collaboration experience

• Forensic analysis experience (memory, disk, network)

• Exposure to regulatory environments (e.g. ISO 27001, NIST, GDPR)

Apply now to be part of this impactful opportunity!