Sopra Steria’s SOC is currently seeking SOC Shift Leads to join our Managed Security Service Provider team. This is a great opportunity to take on increased responsibility in a complex, fast-paced environment, leading, mentoring, and developing a team of SOC Analysts.
As we expand our Cyber Security Operations capability, we’re looking for a Lead SOC Analyst to help protect multiple critical client environments. The role offers real variety and continued hands-on involvement, combining leadership with incident response, threat detection, and operational delivery.
We will also consider experienced SOC professionals who are ready to step into a leadership position while remaining technically engaged.
You will lead a team of analysts within a 24/7 SOC, acting as the primary escalation point for complex incidents, supporting operational delivery, and helping to mature our detection and response capabilities across multiple clients.
This role is site-based in Hemel Hempstead and follows a shift pattern of two day shifts (6am–6pm), two night shifts (6pm–6am), followed by four days off.
You do need to be eligible for SC and DV Clearance.
What you'll be doing:
- Lead and mentor a team of SOC Analysts, providing technical guidance and operational oversight during shifts.
- Act as the primary escalation point for high-severity security incidents.
- Monitor, triage, and investigate host- and network-based security alerts across critical client infrastructure.
- Conduct in-depth analysis of logs, alerts, and network traffic to identify malicious activity.
- Contribute to the development and improvement of detection rules and use cases aligned to the MITRE ATT&CK framework.
- Support continuous improvement of SOC processes, tooling, and incident response playbooks.
- Maintain clear and accurate incident documentation, including reports and post-incident reviews.
- Represent the SOC in operational meetings with internal teams, partners, and stakeholders.
What you will bring:
- Proven experience working in a Security Operations Centre (SOC) environment.
- Experience handling and escalating security incidents across enterprise environments.
- Strong understanding of network and host-based attack techniques.
- Hands-on experience with SIEM platforms, ideally Microsoft Sentinel or Splunk.
- Experience leading or mentoring analysts in an operational security environment.
It would be great if you had:
- Experience improving detection content or threat-informed defense use cases.
- Familiarity with the MITRE ATT&CK framework.
- Scripting or automation experience (e.g. Python, PowerShell, Bash).
- Exposure to malware analysis or reverse engineering (not required for day-to-day work).
- Relevant certifications such as CREST Practitioner Intrusion Analyst, Blue Team Level 1, or similar.
If you are interested in this role but not sure if your skills and experience are exactly what we’re looking for, please do apply, we’d love to hear from you!
Employment Type: Permanent
Location: Hemel Hempstead
Security Clearance Level: Eligible for DV (Developed Vetting)
Internal Recruiter: Jane
Salary: Up to £75k + on call allowance
Benefits: 25 days annual leave with the choice to buy additional holiday days, health cash plan, life assurance, and pension
Loved reading about this job and want to know more about us?
Sopra Steria’s Aerospace, Defence and Security business designs, develops and deploys digital solutions to Central Government clients. The work we do makes a real difference to the client’s goal of National Security, and we operate in a unique and privileged environment. We are given time for professional development activities, and we coach and mentor our colleagues, sharing knowledge and learning from each other. We foster a culture in which employees feel valued and supported and have pride in their work for the customer, delivering outstanding rates of customer satisfaction in the UK’s most complex safety- and security-critical markets.
:quality(80))
:quality(80))
:quality(80))