Security Operations Centre Shift Lead
Location: Hemel Hempstead (On-site, Shift-Based)
Salary: Highly competitive with excellent benefit package
Security Clearance Level: Must be eligible for DV Clearance. Due to the highly secure nature of this work all applicants will be required to gain UK Security Clearance to the highest level. You must be a British National who has been resident in the UK for at least the last 10 years and you cannot have been outside the UK for more than 28 days on any one occasion within the last 5 years.
Benefits: 25 days annual leave (option to purchase additional days), health cash plan, life assurance, pension scheme, and a generous flexible benefits fund
Key Requirements
We are seeking a highly capable Security Operations Centre Shift Lead to support critical infrastructure within the Aerospace, Defence and Security sector. You will lead from the frontmentoring analysts, managing incident triage, and driving operational improvements in a mission-critical environment.
This is a shift-based position, following a rotation of 2 days (6am6pm), 2 nights (6pm6am), 4 days off .
Essential Skills and Experience:
Proven experience in a Security Operations Centre (SOC) environment
Previous people management or line management experience
Strong familiarity with SIEM platforms including Microsoft Sentinel and Splunk
Knowledge and use of the Mitre Att&ck Framework for detection and threat analysis
In-depth understanding of:
Client-server applications and multi-tier web environments
Relational databases, firewalls, VPNs, enterprise AntiVirus solutions
Networking principles (e.g. TCP/IP, WAN, LAN, SMTP, HTTP, FTP, POP, LDAP)
Desirable (Nice-to-Have):
Experience in static malware analysis and reverse engineering
Active DV Clearance
Scripting or programming with Python, Perl, Bash, PowerShell, or C++
Recognised certifications such as CREST Practitioner Intrusion Analyst or Blue Team Level 1
Familiarity with additional SIEM technologies, especially QRadar
Role & Responsibilities
As a SOC Shift Lead, you will ensure the smooth operation and continual enhancement of SOC processes and personnel. You will play a pivotal role in protecting client systems and guiding the team through sophisticated cyber defence challenges.
Your responsibilities will include:
Monitoring, triaging, and investigating alerts across host and network security systems
Performing deep analysis of traffic, logs, and system events to identify threats and vulnerabilities
Providing line management to SOC Analysts developing capability and supporting career progression
Enhancing team knowledge across SOC tooling, detection methodologies, and threat triage
Analysing and optimising detection rules and use cases based on Mitre Att&ck
Maintaining detailed and up-to-date incident documentation, findings, and mitigation strategies
Acting as a representative of the SOC in key meetings and internal stakeholder engagements
Working shifts from the on-site Security Operations Centre in Hemel Hempstead
About the Organisation
Our client delivers cutting-edge digital solutions to clients in Central Government, operating in privileged environments where digital trust and national safety are paramount.
We believe in a culture of collaboration, professional development, and knowledge-sharing, where employees feel valued and supported. Our work contributes meaningfully to the UKs most complex safety- and security-critical environments, and we are proud to maintain consistently high levels of customer satisfaction across our engagements.
TPBN1_UKTJ