SOC Lead

SOC Lead

Want to apply Read all the information about this position below, then hit the apply button.

6 months

Bath - hybrid x3 days onsite x2 remote

Active SC/DV clearance required

£700 per day outside IR35

The SOC Lead - Threat Hunting & Investigations is responsible for leading advanced threat detection, proactive threat hunting, and complex security investigations across the enterprise. This role focuses on identifying unknown threats, coordinating deep-dive investigations, and elevating the maturity of SOC investigative and hunting capabilities. The role combines technical leadership, hands-on expertise, and mentorship of analysts.

Key Responsibilities

Threat Hunting

Lead proactive, hypothesis-driven threat hunting activities across endpoint, network, cloud, identity, and SaaS environments
Develop and maintain threat hunting playbooks aligned to MITRE ATT&CK techniques
Identify stealthy, low-and-slow, and novel attack patterns not detected by automated controls
Translate threat intelligence into actionable hunt hypotheses
Continuously refine detection logic based on hunt outcomes and emerging threatsInvestigations & Incident Response

Lead complex and high-severity security investigations from triage through containment and remediation
Act as the technical escalation point for advanced SOC investigations
Conduct root cause analysis and attacker kill-chain reconstruction
Produce clear, defensible investigation documentation suitable for executive, legal, and regulatory audiences
Coordinate incident response activities with IR, IT, Legal, Risk, and external partners as requiredSOC Technical Leadership

Define investigation standards, workflows, and quality benchmarks
Mentor and upskill SOC analysts in hunting methodologies and investigative techniques
Review and improve alert fidelity, detection coverage, and response effectiveness
Provide technical oversight for tooling such as SIEM, EDR/XDR, NDR, SOAR, and cloud-native security platformsDetection Engineering & Improvement

Collaborate with detection engineers to convert hunt findings into new or improved detections
Identify visibility gaps and recommend logging, telemetry, and tooling improvements
Validate detection performance through purple team activities and simulationThreat Intelligence & Collaboration

Consume and operationalise internal and external threat intelligence
Maintain awareness of attacker tactics, tools, and campaigns relevant to the organisation
Act as a key interface between SOC, Threat Intel, Red Team, and Vulnerability ManagementReporting & Metrics

Track and report on hunt coverage, outcomes, dwell time, MTTR, and investigation quality
Provide regular insights to senior leadership on threat trends and risk postureRequired Skills & Experience

Technical Experience

7+ years in Security Operations, Threat Hunting, or Incident Response
Proven experience leading investigations involving advanced persistent xwzovoh threats, insider threats, or targeted attacks
Strong hands-on expertise with:
SIEM platforms (e.g. Sentinel, Splunk, Elastic)
EDR/XDR solutions (e.g. Defender, CrowdStrike, SentinelOne)
Network and cloud security telemetry
Strong understanding of:
MITRE ATT&CK
Windows, Linux, and cloud attack techniques
Malware behaviours, credential abuse, lateral movement, and persistence mechanismsLeadership & Soft Skills

Demonstrated ability to lead and mentor technical teams
Strong investigative mindset with attention to detail
Excellent written and verbal communication skills
Ability to translate technical findings into business and risk contextDesirable Skills

Experience with detection engineering or SOAR automation
Purple team or red team collaboration experience
Forensic analysis experience (memory, disk, network)
Exposure to regulatory environments (e.g. ISO 27001, NIST, GDPR)Apply now to be part of this impactful opportunity