Engineer the Quantum RevolutionYour expertise can help us shape the future of quantum computing at Oxford Ionics.

View Open Roles

Senior SOC Analyst (Team Leader)

Leeds
1 week ago
Create job alert

As a Senior SOC Analyst (Team Leader), you apply your advanced security operations expertise to lead a team of SOC Analysts while performing advanced investigations and, when required, first-line triage to maintain queue health and SLA compliance. You are responsible for high-quality service delivery through detailed analysis, evidence-led response actions, and operational leadership. In addition to handling escalated alerts, you provide line management, oversee ticket quality, contribute to training and onboarding, and drive continual improvement. You work core business hours with participation in the on-call rota, ensuring consistent service support for customers and operational continuity across teams.

Key Responsibilities

• Incident Investigation and Response – You take ownership of escalated incidents, performing detailed investigations and, when necessary, stepping into first-line triage to guarantee prompt alert handling and escalation.

• Team Leadership – You provide day-to-day leadership and line management for a team of SOC Analysts, conducting performance reviews, appraisals, one-to-one meetings, and development planning.

• Quality Assurance – You own QA for the team’s outputs, ensuring consistency, accuracy, and completeness of incident handling and documentation across the team.

• Training and Onboarding – You lead knowledge-transfer sessions, support structured onboarding of new team members, and coordinate internal training to drive skill development and reinforce SOC best practices.

• Continual Improvement – You identify opportunities to optimise workflows, enhance detection logic, and contribute to service-improvement initiatives across the SOC, including backlog reduction, knowledge-base expansion, and feedback loops from lessons learned.

• Customer Communications – You provide timely incident updates and lead bridging calls with customers during high-priority incidents, ensuring that communications are clear, evidence-led, and aligned to customer expectations.

• Threat Hunting Oversight – You lead and coordinate proactive threat hunting across customer environments, using hypothesis-based approaches to identify undetected threats and validate detection coverage.

Essential Duties

• Advanced Investigation and Escalated Response

o Perform in-depth investigations using correlated data from all available tooling.

o Reconstruct attack chains and identify root causes using MITRE ATT&CK.

o Recommend and coordinate response actions to mitigate impact during active incidents.

• IOC and Threat Analysis

o Investigate indicators of compromise using commercial and open-source threat intelligence.

o Validate alerts and determine their relevance to customer environments, providing context on adversary behaviour and recommending follow-up actions when threats are confirmed.

• Threat Hunting

o Lead and participate in threat hunts using hypothesis-driven approaches mapped to TTPs and MITRE ATT&CK.

o Leverage telemetry and queries in tooling to identify suspicious indicators not surfaced through existing detection logic.

o Document hunting activities, findings, and detection coverage gaps to support tuning and continual detection improvement.

• Team Oversight

o Provide feedback and coaching on triage techniques, escalation decisions, and ticket quality.

o Monitor performance, manage formal HR processes, and support professional development through regular one-to-ones and quarterly appraisals.

o Provide concise on-call handovers and status reporting to maintain continuity between core and shift teams, escalating risks or operational issues as needed.

• Documentation and Reporting

o Ensure clear, evidence-based documentation of incidents and investigations, including rationale for response actions and IOC validation.

o Perform case-closure quality assurance to confirm investigation completeness and capture lessons learned.

o Support knowledge-base development and post-incident reporting activities, ensuring reusable insights are recorded to improve future incident handling and analyst onboarding.

Position Specification

Required Qualifications and Experience

• You may be required to hold or obtain UK Non-Police Personnel Vetting (NPPV) and/or a Security Check (SC) clearance as part of this role.

• A minimum of 4+ years of SOC operational experience, with demonstrated ability across security analysis, incident response, and working escalated cases.

• Proven leadership capability with experience line managing analysts, conducting performance reviews, and overseeing HR-related duties.

• Experience providing ticket quality assurance and training delivery.

• Familiarity with leading SIEM, endpoint and XDR security platforms, in multi-tenant MSSP environments.

• Willingness to obtain or hold relevant security certifications, such as SBT BTL2 and CREST CRIA.

Technical Knowledge

• Operating Systems – Proficient with Windows and Linux environments. Able to interpret logs (e.g. Sysmon, Event Viewer, Syslog), assess process behaviour, and identify privilege misuse.

• Endpoint Tools – Experience in endpoint detection and response across diverse customer environments, including alert triage, telemetry analysis, and supporting threat response.

• SIEM and Log Correlation – Able to perform detailed analysis within multi-tenant SIEM environments, interpreting data from diverse sources (including network, identity, and endpoint).

• Detection and Threat Hunting – Able to plan and execute threat hunting activities using ATT&CK-aligned techniques, drawing on all available telemetry to investigate anomalous activity and validate detection coverage across multiple customer environments.

• Networking Fundamentals - Understand core protocols (TCP/IP, DNS, HTTP), packet analysis, and log interpretation from firewalls, switches, and proxies.

• Incident Response Process - Familiar with the full incident response lifecycle and able to support investigation, containment, and recovery activities under defined playbooks.

• Threat Intelligence - Able to consume, interpret, and apply threat intelligence sources to enrich investigations and support proactive detection improvements.

• Automation and Scripting - Understand the principles of scripting (e.g. PowerShell, Python, Bash) to support investigation and automate analysis tasks.

Behavioural and Professional Competencies

• Communication - Able to lead customer conversations during active incidents and translate technical details into clear, defensible recommendations.

• Team Leadership – Provide structure, guidance, and feedback to analysts, and drive knowledge sharing through documentation and training.

• Decision Making – Confident in leading incident investigations and making timely, evidence-led decisions about escalation or containment.

• Adaptability – Able to pivot across customers, technologies, and attacker behaviours in a fast-paced MSSP environment.

• Customer Empathy and Commercial Awareness – Understand the operational and business impact of incidents, prioritising investigation and response actions accordingly.

• Problem Solving – Investigate and resolve complex issues across endpoint, network, and SIEM data layers with a risk-informed mindset.

Professional Development and Career Progression

• Claranet supports ongoing professional growth. As a Senior SOC Analyst (Team Leader), you are encouraged to build advanced investigative, technical and leadership skills, and play a key role in driving continual improvement within the SOC. You may progress into a Principal SOC Analyst or technical specialist role, or expand into engineering or service leadership, depending on your strengths and interests

Related Jobs

View all jobs

Senior Security Analyst

Senior Security Analyst

24 x 7 Senior Security Analyst

Security Architect

Senior Security Analyst

Senior Cyber Security Analyst

Subscribe to Future Tech Insights for the latest jobs & insights, direct to your inbox.

By subscribing, you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Pre-Employment Checks for Cyber Security Jobs: DBS, References & Right-to-Work and more Explained

The cyber security sector in the UK stands at the forefront of protecting national infrastructure, business operations, and personal data from increasingly sophisticated cyber threats. As organisations across all sectors recognise cyber security as a critical business function, employers are implementing the most rigorous pre-employment screening processes in the technology industry to ensure they recruit professionals capable of defending against advanced persistent threats and maintaining the highest standards of security and trustworthiness. Whether you're a penetration tester, security analyst, incident response specialist, or chief information security officer, understanding the comprehensive vetting requirements is essential for successfully advancing your career in this security-critical field. This detailed guide explores the extensive background checks and screening processes you'll encounter when applying for cyber security positions in the UK, from fundamental eligibility verification to the most stringent security clearance requirements and specialised threat intelligence assessments.

Why Now Is the Perfect Time to Launch Your Career in Cyber Security: The UK's Digital Defence Revolution

The United Kingdom faces an unprecedented cyber security challenge that presents an extraordinary career opportunity. With cyber attacks increasing by 300% year-on-year and the average cost of a data breach reaching £4.24 million, Britain urgently needs skilled cyber security professionals to defend its digital infrastructure, protect citizens' data, and maintain national security in an increasingly connected world. If you've been considering a career change or seeking to future-proof your professional trajectory, cyber security represents one of the most secure, well-compensated, and socially impactful career choices available. The convergence of escalating threats, skills shortage, government investment, and regulatory requirements has created a perfect storm of opportunity that shows no signs of abating.

Automate Your Cyber Security Jobs Search: Using ChatGPT, RSS & Alerts to Save Hours Each Week

Cyber roles drop across consultancies, MSSPs, hyperscalers, banks, gov & start-ups every day—often buried in ATS portals or duplicated across boards. The fix is simple: put discovery on autopilot with keyword-rich alerts, RSS feeds & a reusable ChatGPT workflow that triages listings, ranks fit, & tailors your CV in minutes. This copy-paste playbook is built for www.cybersecurityjobs.tech readers. It’s UK-centric, practical, & designed to save you hours each week. What You’ll Have Working In 30 Minutes A role & keyword map spanning SecOps/Detection, DFIR, AppSec, Cloud Security, GRC, Red Team, Threat Intel, IAM/PAM, OT/ICS & Vulnerability Management. Shareable Boolean search strings for Google & job boards to cut noise fast. Always-on alerts & RSS feeds delivering fresh roles to your inbox/reader. A ChatGPT “Cyber Job Scout” prompt that deduplicates, scores fit & outputs tailored actions. A simple pipeline tracker so deadlines & follow-ups never slip.