Security Operations Centre Lead

This is a senior leadership position at the heart of our operations. As Security Operations Lead, you'll run our SOC, oversee threat intelligence and digital monitoring, and take command when incidents need to be dealt with decisively. You'll work alongside intelligence analysts, SOC analysts, penetration testers and senior leadership, and you'll have real influence over how we develop and deliver our capabilities.

It's a role that demands technical depth, calm under pressure and genuine leadership instinct. In return, you'll be part of a team that values your expertise and gives you room to grow it.

What You'll Be Doing

Leading the SOC

• Running our 24/7 SOC and digital intelligence teams, keeping detection, investigation and response sharp and effective.
• Owning day-to-day security monitoring, incident triage, escalation procedures and threat analysis.
• Continuously improving our processes, playbooks and service delivery frameworks, with an eye on standards like ISO 27001 and NIST CSF.

Client Engagement and Reporting

• Being a trusted senior point of contact for clients on operational security matters.
• Delivering executive-level reporting, incident reviews and threat landscape briefings that cut through the noise.
• Making sure client KPIs, SLAs and compliance requirements are met, consistently.

Incident Response and Threat Management

• Acting as Incident Commander when high-severity situations arise, leading the response, not just observing it.
• Coordinating containment, eradication and recovery with internal teams and external stakeholders.
• Overseeing the development and execution of incident response playbooks.
• Driving delivery of threat intelligence reports, attack surface assessments and client-facing briefings.

Growing the Team

• Mentoring SOC Analysts, Cyber Analysts and junior managers, investing in the people around you.
• Leading performance reviews, training plans and skill development pathways.
• Building a culture where collaboration, vigilance and innovation are just how things are done.

Do you have experience in SIEM?, Essential

• 5+ years working within a SOC, cyber intelligence organisation, or comparable environment.
• 2+ years in a senior analyst, team lead or managerial role.
• Solid, hands-on understanding of SIEM and SOAR technologies, threat intelligence frameworks (e.g. MITRE ATT&CK, Cyber Kill Chain), incident response methodologies, and malware, network security, vulnerabilities and threat actor TTPs.
• Strong hands-on experience with Microsoft security technologies, including Microsoft Defender XDR, Microsoft Sentinel and Azure in enterprise environments.
• Proven capability leading SOC activities: incident detection, investigation, threat hunting, response coordination and continuous improvement.
• Microsoft SC-200 (Security Operations Analyst Associate) required. AZ-500 (Azure Security Engineer Associate) preferred.
• Excellent communication skills. You should be as comfortable briefing a CISO as working through a technical post-incident review with the team.
• The ability to stay composed and structured when things get difficult.
• Experience managing teams and improving how operations actually work.

Desirable

• Certifications such as CISSP, CISM, GIAC (GCIA, GCIH, GMON) or CEH.
• Experience with automation frameworks (Python, PowerShell, SOAR scripting).
• Knowledge of digital forensics, OSINT or threat intelligence tooling.
• Background in industry SOC environments.

The kind of person you are

• A natural leader. People look to you when the pressure is on, and you rise to it.
• Analytical and thorough, with a proactive instinct for spotting threats before they escalate.
• Calm and methodical under pressure, without losing urgency.
• Someone who holds themselves to a high ethical standard and expects the same from the team.
• Genuinely passionate about keeping ahead of the threat landscape and developing cutting-edge capabilities.

Pulled from the full job description

• Free parking
• Company pension
• Casual dress
• Company events
• On-site parking, * Salary starting at £40,000
• Professional training budget and exam funding. We invest in your development.
• Company pension
• A team that will challenge you, support you and celebrate your wins

We're a Lincoln-based specialist in cyber security and intelligence, and we're proud of what we've built. CyberShadows delivers advanced threat detection, digital risk protection, cyber intelligence reporting and 24/7 security operations to organisations that can't afford to be caught off guard. What makes us different isn't just our technology. It's our people. We're a tight-knit, genuinely collaborative team that takes the work seriously without taking itself too seriously. If you want to do meaningful cyber work, keep learning, and actually enjoy where you come to work, we think you'll fit in well here.