SOC Engineering Lead

SOC Engineering Lead Up to £75,000 plus benefits Remote (UK Based) Candidates will be required to satisfy full UK SC Clearance SOC, Engineer, Sentinel, Elastic SIEM, Cyber Security, XDR, SIEM, Defender We have partnered with our client, a growing UK Based MSSP, to recruit a SOC Engineering Lead to join their SOC Team. As the SOC Engineer Lead you will work hands on with the Security Operations Centre to architect, evolve and oversee technical operations. The successful candidate will be instrumental in shaping the core detection and response capabilities of the SOC, leading engineering efforts across Elastic SIEM, Microsoft Sentinel, Defender for Endpoint, CrowdStrike, and MISP, while building robust ITSM automation in JIRA Core role: * Lead the technical design, implementation, and tuning of SIEM platforms (Elastic, Microsoft Sentinel). * Engineer and operationalise endpoint detection capabilities using Defender for Endpoint, CrowdStrike, and Elastic Defend. * Maintain and optimise threat intelligence workflows, including integrations with MISP. * Build and maintain robust ITSM integrations and automations in JIRA for incident and change management. * Work with the SOC leadership team to build, iterate and improve engineering to continue to deliver a world class SOC. * Work closely with SOC analysts to ensure telemetry, detections, and playbooks align with real-world attack techniques (MITRE ATT&CK, D3FEND). * Develop and maintain detection engineering pipelines including log onboarding, parsing, enrichment, correlation rules, and alerting logic. * Automate repetitive tasks using scripting and infrastructure-as-code tools (PowerShell, Python, Terraform, etc.). * Drive integration between security tooling and external systems (e.g., threat feeds, SOAR platforms, ticketing tools). * Act as escalation point for complex detection and incident response scenarios. * Mentor junior engineers and analysts, and contribute to a culture of continuous improvement. What you will bring: * Minimum 5 years of experience engineering and operating Security Operations Centre platforms. * Deep knowledge and hands-on experience with: * SIEM: Elastic Stack (Beats, Logstash, Kibana, Elasticsearch), Microsoft Sentinel * EDR: Microsoft Defender for Endpoint, CrowdStrike Falcon, Elastic Defend * Threat Intelligence: MISP (integration, automation, ingestion) * SOAR and automation:: including JIRA automations, sentinel playbooks, azure logic apps and functions, API’s and other integrations. * ITSM: JIRA (incident, change, and service automation) * Strong scripting and automation skills (Python, PowerShell, Bash). * Experience implementing detection-as-code pipelines and detection content engineering at scale. * Solid understanding of threat detection, digital forensics, and security telemetry. * Experience integrating SOC tooling with third-party platforms and APIs