SOC Lead

SOC Lead 6 months Bath - hybrid x3 days onsite x2 remote Active SC/DV clearance required £700 per day outside IR35

The SOC Lead - Threat Hunting Investigations is responsible for leading advanced threat detection, proactive threat hunting, and complex security investigations across the enterprise. This role focuses on identifying unknown threats, coordinating deep-dive investigations, and elevating the maturity of SOC investigative and hunting capabilities. The role combines technical leadership, hands-on expertise, and mentorship of analysts.

Key Responsibilities

• Threat Hunting
  • Lead proactive, hypothesis-driven threat hunting activities across endpoint, network, cloud, identity, and SaaS environments
  • Develop and maintain threat hunting playbooks aligned to MITRE ATTCK techniques
  • Identify stealthy, low-and-slow, and novel attack patterns not detected by automated controls
  • Translate threat intelligence into actionable hunt hypotheses
  • Continuously refine detection logic based on hunt outcomes and emerging threats
• Investigations Incident Response
  • Lead complex and high-severity security investigations from triage through containment and remediation
  • Act as the technical escalation point for advanced SOC investigations
  • Conduct root cause analysis and attacker kill-chain reconstruction
  • Produce clear, defensible investigation documentation suitable for executive, legal, and regulatory audiences
  • Coordinate incident response activities with IR, IT, Legal, Risk, and external partners as required
• SOC Technical Leadership
  • Define investigation standards, workflows, and quality benchmarks
  • Mentor and upskill SOC analysts in hunting methodologies and investigative techniques
  • Review and improve alert fidelity, detection coverage, and response effectiveness
  • Provide technical oversight for tooling such as SIEM, EDR/XDR, NDR, SOAR, and cloud-native security platforms
• Detection Engineering Improvement
  • Collaborate with detection engineers to convert hunt findings into new or improved detections
  • Identify visibility gaps and recommend logging, telemetry, and tooling improvements
  • Validate detection performance through purple team activities and simulation
• Threat Intelligence Collaboration
  • Consume and operationalise internal and external threat intelligence
  • Maintain awareness of attacker tactics, tools, and campaigns relevant to the organisation
  • Act as a key interface between SOC, Threat Intel, Red Team, and Vulnerability Management
• Reporting Metrics
  • Track and report on hunt coverage, outcomes, dwell time, MTTR, and investigation quality
  • Provide regular insights to senior leadership on threat trends and risk posture

Required Skills Experience

Technical Experience

• 7 years in Security Operations, Threat Hunting, or Incident Response
• Proven experience leading investigations involving advanced persistent threats, insider threats, or targeted attacks
• Strong hands-on expertise with:
  • SIEM platforms (e.g. Sentinel, Splunk, Elastic)
  • EDR/XDR solutions (e.g. Defender, CrowdStrike, SentinelOne)
  • Network and cloud security telemetry
• Strong understanding of: MITRE ATTCK Windows, Linux, and cloud attack techniques
• Malware behaviours, credential abuse, lateral movement, and persistence mechanisms

Leadership Soft Skills

• Demonstrated ability to lead and mentor technical teams
• Strong investigative mindset with attention to detail
• Excellent written and verbal communication skills
• Ability to translate technical findings into business and risk context

Desirable Skills

• Experience with detection engineering or SOAR automation
• Purple team or red team collaboration experience
• Forensic analysis experience (memory, disk, network)
• Exposure to regulatory environments (e.g. ISO 27001, NIST, GDPR)

Apply now to be part of this impactful opportunity!