Team Lead, SOC

Team Lead, SOC

Location: Manchester, Hybrid

The Team Lead is a critical role within the organisation, responsible for leading the detection, analysis, and response to security incidents that could impact business operations. Acting as a key escalation point for complex or high-severity security incidents, the Team Lead ensures timely and effective incident management to minimise risk and disruption.

This role involves close collaboration with the Cyber Incident Response Team (CIRT), Senior Management, and the wider SOC team to coordinate responses to emerging threats, implement mitigation strategies, and support post-incident reviews. The Team Lead also plays a vital role in refining and enforcing incident response procedures, ensuring the SOC remains agile and effective in handling evolving cyber threats.

• Act as a primary escalation point for security incidents, ensuring prompt and effective response.
• Lead incident response efforts during high-priority security events to minimise business impact.
• Follow established escalation procedures to address threats, vulnerabilities, and potential threat actors.
• Provide clients with detailed incident remediation guidance and preventative recommendations.
• Conduct thorough triage and investigations using security tools, including IDS/IPS, Full Packet Capture devices, Firewalls, DDoS detection and mitigation tools, Endpoint Detection and Response (EDR), and SIEM platforms.
• Identify and analyse threats, vulnerabilities, and indicators of compromise (IoCs).
• Document, review, and continuously improve SOC procedures and security monitoring processes.
• Support the ongoing development of Global Management Solutions (GMS) by identifying and implementing process enhancements.
• Provide mentorship and guidance to R1 and R2 Analysts to support their professional growth.
• Contribute to the design and delivery of training programs and continuous improvement initiatives.
• Build and maintain strong working relationships with internal stakeholders and clients.
• Deliver exceptional customer service through proactive monitoring and effective incident management.
• Compile, review, and publish service-focused reports for internal and external stakeholders.
• Stay informed on emerging threats and industry trends to enhance SOC detection and response capabilities.

Minimum Requirements:

• 2-4 years of experience within a SOC Analyst role.
• Previous experience working in a technical, client-facing capacity within a SOC.

Desirable Requirements:

• Splunk Certified Power User/Advanced Power User
• CompTIA Certifications (Security+/ Network+/ Linux+)
• Crest or GIAC Certification
• Degree in a related field.
• Other relevant certifications.

Ways of Working:

• Focusing on Clients and Customers
• Working as One NCC
• Always Learning
• Being Inclusive and Respectful
• Delivering Brilliantly

About NCC Group:

At NCC Group, our mission is to create a more secure digital future. Our teams partner with clients across various industries, delving into, securing new products, emerging technologies, and solving complex security problems. We are committed to providing an inclusive and supportive work environment that fosters creativity, collaboration, authenticity, and accountability. We offer a comprehensive benefits package and opportunities for growth.