Enable job alerts via email!
SOC Team Lead - 6-month contract (Inside IR35) - Hybrid, Central London
ZipRecruiter
City Of London
On-site
GBP 70,000 - 90,000
Full time
Today
Be an early applicant
Job summary
A leading cybersecurity firm in London is seeking a Senior Tier-2/3 SOC Lead to oversee investigations and manage a small team of analysts. The ideal candidate will have over 5 years of experience in SOC/IR, strong communication skills, and demonstrable case handling capabilities. This role offers competitive compensation and opportunities for professional growth.
Qualifications
- 5+ years of SOC/IR experience with demonstrable true-positive case handling end-to-end.
- Proven team lead experience including mentoring and performance management.
- Ability to explain technical incidents in business terms.
Responsibilities
- Triage, investigate and resolve true-positive incidents end-to-end.
- Lead and manage a small SOC analyst team.
- Act as senior escalation point for incident response.
Skills
SOC/IR experience
Team lead experience
Strong communication skills
Experience in regulated environments
Tools
EDR platforms
SIEM platforms
SOAR platforms
Job description
Overview
Senior Tier-2/3 SOC lead to own complex investigations, run a small analyst team, and translate incident impact into business terms for senior stakeholders.
Key responsibilities
- Triage, investigate and resolve true-positive incidents end-to-end.
- Lead and manage a small SOC analyst team (rostering, mentoring, performance feedback).
- Act as the senior escalation point and lead incident response for Tier-2/3 events.
- Produce clear incident summaries and brief senior stakeholders and business owners.
- Maintain and improve SOC runbooks, playbooks and triage guides.
- Drive detection tuning and use-case development; participate in post-incident reviews and lessons learned.
Must have
- 5+ years SOC/IR experience with demonstrable true-positive case handling end-to-end.
- Proven team lead experience (mentoring, shift coordination, performance management).
- Strong communication skills and ability to explain technical incidents in business terms.
- Experience in regulated/financial services environments is desirable.
Nice to have
- Familiarity with EDR, SIEM and SOAR platforms (e.g., Sentinel, Splunk, CrowdStrike).
- Experience improving SOC KPIs (MTTR, false positive rate, coverage).
'/%3e%3cpath%20d='M101.744%2012.4726L102.894%2016.1947L99.0021%2013.2201L101.744%2012.4726ZM105.3%208.40937H100.488L99.0026%203.59473L97.5116%208.41047L92.7%208.40385L96.5965%2011.3834L95.1055%2016.1942L99.0021%2013.2196L101.408%2011.3834L105.3%208.40992V8.40937Z'%20fill='white'/%3e%3cdefs%3e%3clinearGradient%20id='paint0_linear_5593_1381'%20x1='90'%20y1='9.44471'%20x2='99'%20y2='9.44471'%20gradientUnits='userSpaceOnUse'%3e%3cstop%20stop-color='%2300AD70'/%3e%3cstop%20offset='0.998594'%20stop-color='%2300B67A'/%3e%3cstop%20offset='1'%20stop-color='%23DCDCE6'/%3e%3c/linearGradient%3e%3c/defs%3e%3c/svg%3e){kind=small}
Land a better
job faster
job faster
Follow us
