SOC Lead

SOC Lead

6 months

Bath - hybrid x3 days onsite x2 remote

Active SC/DV clearance required

£700 per day outside IR35

The SOC Lead - Threat Hunting & Investigations is responsible for leading advanced threat detection, proactive threat hunting, and complex security investigations across the enterprise. This role focuses on identifying unknown threats, coordinating deep-dive investigations, and elevating the maturity of SOC investigative and hunting capabilities. The role combines technical leadership, hands-on expertise, and mentorship of analysts.

Key Responsibilities

Threat Hunting

Lead proactive, hypothesis-driven threat hunting activities across endpoint, network, cloud, identity, and SaaS environments

Develop and maintain threat hunting playbooks aligned to MITRE ATT&CK techniques

Identify stealthy, low-and-slow, and novel attack patterns not detected by automated controls

Translate threat intelligence into actionable hunt hypotheses

Continuously refine detection logic based on hunt outcomes and emerging threatsInvestigations & Incident Response

Lead complex and high-severity security investigations from triage through containment and remediation

Act as the technical escalation point for advanced SOC investigations

Conduct root cause analysis and attacker kill-chain reconstruction

Produce clear, defensible investigation documentation suitable for executive, legal, and regulatory audiences

Coordinate incident response activities with IR, IT, Legal, Risk, and external partners as requiredSOC Technical Leadership

Define investigation standards, workflows, and quality benchmarks

Mentor and upskill SOC analysts in hunting methodologies and investigative techniques

Review and improve alert fidelity, detection coverage, and response effectiveness

Provide technical oversight for tooling such as SIEM, EDR/XDR, NDR, SOAR, and cloud-native security platformsDetection Engineering & Improvement

Collaborate with detection engineers to convert hunt findings into new or improved detections

Identify visibility gaps and recommend logging, telemetry, and tooling improvements

Validate detection performance through purple team activities and simulationThreat Intelligence & Collaboration

Consume and operationalise internal and external threat intelligence

Maintain awareness of attacker tactics, tools, and campaigns relevant to the organisation

Act as a key interface between SOC, Threat Intel, Red Team, and Vulnerability ManagementReporting & Metrics

Track and report on hunt coverage, outcomes, dwell time, MTTR, and investigation quality

Provide regular insights to senior leadership on threat trends and risk postureRequired Skills & Experience

Technical Experience

7+ years in Security Operations, Threat Hunting, or Incident Response

Proven experience leading investigations involving advanced persistent threats, insider threats, or targeted attacks

Strong hands-on expertise with:

SIEM platforms (e.g. Sentinel, Splunk, Elastic)

EDR/XDR solutions (e.g. Defender, CrowdStrike, SentinelOne)

Network and cloud security telemetry

Strong understanding of:

MITRE ATT&CK

Windows, Linux, and cloud attack techniques

Malware behaviours, credential abuse, lateral movement, and persistence mechanismsLeadership & Soft Skills

Demonstrated ability to lead and mentor technical teams

Strong investigative mindset with attention to detail

Excellent written and verbal communication skills

Ability to translate technical findings into business and risk contextDesirable Skills

Experience with detection engineering or SOAR automation

Purple team or red team collaboration experience

Forensic analysis experience (memory, disk, network)

Exposure to regulatory environments (e.g. ISO 27001, NIST, GDPR)Apply now to be part of this impactful opportunity