We are looking for
the right people to join us as we embrace the challenges thrown up by the advancements within the IT industry and within the threats faced. Nettitude will be at the forefront of this arena and we want to seek the right people to join the team and make it happen.
You can find out more about us at. If you want to review our research and tooling, then head on over to
The role
The purpose of this role is to take the lead of one of our technical, high-performing / security operations teams. It will involve being accountable for the effective functioning of the team by ensuring performance standards and continuously developing capability as an integral part of our high-trust, high-performing service.
You will use your winning combination of management and security operations experience to enable the effective functioning of our award-winning defensive monitoring service, proactively securing and monitoring our clients across the globe. Your first priority is to the team, although it doesn’t end there; you will also be expected to be hands-on, performing technical tasks ranging from deep dive investigations and incident response escalations all the way through to threat hunting, tuning detections, technical training and process improvements.
Location
This role is remote within the UK, with an expectation of at least one day a month in the office for team building, workshops and clinic days. We can support working from across the UK. All applicants will require residence in the UK.
What you'll be doing in your role:
1. Responsibility for the line management, mentoring and development of a / technical security operations team
2. Act as a point of escalation and subject matter expertise for incidents escalated from junior analysts or customers; including coordination of internal and external client resources to contain, eradicate, and recover from Incidents, within and out of hours as part of an on-call rota
3. Maintain regular verbal and written communication with customers, suppliers and stakeholders, internally as required.
4. Responsible for providing Task and Resource Management of Analyst Teams to ensure the smooth operation of the SOC Monitor Service, including task delegation in alignment with priorities
5. Support efforts to maintain a high-performing service through continuous improvement to operational processes, analyst capabilities, platform efficiency and quality assurance
6. Lead and Facilitate the Development of the wider SOC team through technical training courses, workshops and exercises
7. Lead efforts to develop and integrate our Threat Hunting playbooks, processes and projects
8. Maintain an awareness of the latest Defensive Monitoring technologies and trends
9. Deputised lead of the wider SOC Monitor team as the on-duty senior member of staff where a member of senior manager is not present
Key Skills:
The following are the requirements for this role:
10. Strong experience in team leadership, coaching, task allocation and providing actionable, constructive feedback for improvement, including conducting regular s
11. Strong experience in leading incident management, incident handling, problem management and performance management in a Controlled Environment
12. Developed technical capability with SIEM, EDR/EPP, NDR and NetMon Tools – usage, configuration, and architecture including rule writing
13. Demonstrable experience in analysing log data across multiple device types and sources as part of incident management
14. Experience of attack vectors, with the ability to differentiate between normal and abnormal activity, making sensible recommendations on countermeasures and remediation activities
15. Experience in a customer-facing role; communicating to different levels of stakeholders, both internal and external
16. Experience within cloud-enabled environments and how this affects monitoring
17. Good understanding of what makes a capable, high-performing SOC team
18. Good understanding of common scripting languages across Windows and Linux devices, and how these can be abused in a malicious context
19. Demonstrable high levels of emotional intelligence when supporting colleagues, peers and direct reports
20. Ability to attain Security Clearance (SC)
There are no formal requirements for any qualifications or certifications. We’re not looking for badge collectors; we look far deeper than that. However, one or more of the following may serve as an distinct advantage.
21. SC-: Microsoft Security Operations Analyst
22. CREST CPIA, CRIA, CPTIA or above
23. EDR-vendor certifications
24. Azure/AWS/GCP Administrator/Engineer, DevOps or Data
25. Defensive Security or similar industry recognised certifications ( GIAC, SBT) are also well received
What we offer:
We are a people-focused, high-performing, high-trust managed security services team. We pride ourselves on our investment in our people, meaning as we are a fast-evolving team in an exciting working environment, you’ll always have opportunities to solve the latest cybersecurity challenges, with the responsibility and development opportunities to match.
Company benefits:
26. Access to our interactive learning platforms via our partners, with encouragement to pursue subsidised external training & certification
27. Intensive new starter training program, blending theory, hands-on labs, case studies, online and on the job training to help you hit the ground running
28. Frequently updated training & progression plans with multiple tracks of development, supporting lateral movement or upwards progression
29. Generous annual training, cross-training and project days
30. The option to join in with company and department socials to relax, get to know your new colleagues and team build (currently virtual)
31. Yearly wellness day to be spent in the way that works best for you
32. Recognition & rewards for individual, team and department performance
33. Performance-based bonus programme
34. Generous pension scheme
35. A supportive team enabling you to succeed and grow your career
An attractive remuneration package will be provided. LI-Nettitude