SOC Shift Lead - London

SOC Shift Lead - London

London

Competitive salary and package dependent on experience

Associate Manager

This position requires a satisfactory BPSS and the candidate must be granted a level of security clearance, typically requiring 10 years continuous UK address history, usually including no periods of 30 consecutive days or more spent outside of the UK, and a declaration of being a British passport holder with no dual nationality at the time of application.

The SOC Shift Lead provides advanced investigation and analysis, acting as the escalation point for complex or high severity incidents. They conduct root cause analysis, guide L1 analysts, and support incident containment and remediation efforts. The team operates 24 7 on high density compute stacks; shift teams are paid a shift premium for non standard hours.

• Investigate escalated incidents to determine attack vectors, scope, and potential impact.
• Correlate events across multiple data sources to build a comprehensive incident narrative.
• Execute containment, eradication, and recovery activities in coordination with IT/OT stakeholders.
• Lead response for medium to high severity incidents and document detailed investigation reports.
• Conduct tuning of detection rules and thresholds in collaboration with the Security Content Engineer.
• Support continuous improvement by identifying gaps in detection coverage and playbooks.
• Mentor and provide technical guidance to L1 Analysts.
• Participate in periodic SOC exercises and simulated incident response drills.
• Be part of a 24/7 SOC Team and work in shifts.
• As a shift lead, be responsible for handling escalations of the Technology Operations Centre in that shift.
• Accountable in absence of a SOC manager or NOC lead.

• Education: Bachelor's degree in Cybersecurity, Computer Science, or related field.
• Experience: 7-10 years in SOC, Incident Response, or Threat Analysis roles.
• Certifications (preferred): GCIA, GCIH, CompTIA CySA+, Microsoft SC-200, or Splunk Certified Power User.
• Skills: Strong analytical mindset, in-depth knowledge of SIEM/EDR tools, malware behaviour, and incident handling methodologies.

31/07/26

We believe that no one should be discriminated against because of their differences. All employment decisions shall be made without regard to age, race, creed, color, religion, sex, national origin, ancestry, disability status, sexual orientation, gender identity or expression, marital status, citizenship status or any other basis as protected by applicable law. Our rich diversity makes us more innovative, more competitive, and more creative, which helps us better serve our clients and our communities.