Tech Lead - SOC Responder

Support the SOC Manager in delivering a wide range of security operations services at Colt Technology Services. Lead SIEM, incident response, and infrastructure security tasks, ensuring tools and processes are robust and effective.

• SIEM, IR tools platform management including design, implementation, administration, use case preparation, connector deployment, maintenance & health checks.
• Responsible for operational activities, technology escalation support, security solution assessment, build activities, and maturing existing services.
• Analyse potential infrastructure security incidents to determine if an incident qualifies as a legitimate breach.
• Establish and govern the security incident response processes, investigations, and operational processes.
• Maintain and enhance the formal service catalogue, service descriptions, targets and performance metrics.
• Ensure security services, tools and platforms are adequately maintained.
• Monitor and report on the effectiveness of security‑enforcing technologies.
• Identify and continuously monitor specific security risks and KPIs, producing management information that demonstrates value of key security investments.
• Contribute to the design, development and maintenance of security standards and controls.
• Align the team's goals and plans with Colt’s long‑term priorities and strategy.
• Develop and grow talent and people capability within the security teams.

• 6+ years Information Security Incident Response experience, focused on detection and response to malicious activity using log data from various sources.
• Strong networking and systems experience, preferably in an enterprise environment.
• Strong understanding of information security and the threat landscape surrounding enterprise systems.
• Strong scripting experience (Python, PowerShell, Unix shell).
• Demonstrated experience working in all phases of the SDLC.
• Deep understanding and experience using cyber security operations, security monitoring, endpoint (EDR), network, and SIEM tools.
• Prior SOC experience is a plus.
• Extensive knowledge of network and server security protocols, technologies, and products.
• Industry‑recognized certifications (e.g., CISSP, GCIH, GCFA, OSCP) preferred.
• Strong oral and written communication skills.
• Relentless curiosity and attention to detail.
• Ability to learn quickly and leverage prior experience to effectively solve current security challenges.
• Refusal to accept the status quo.
• Degree in Information Technology, Engineering or a related field.
• SIEM management experience – desirable to hold an advanced vendor certification for products such as ArcSight, Microsoft Sentinel or LogRhythm.

• Flexible working hours and the option to work from home.
• Extensive induction program with experienced mentors and buddies.
• Opportunities for further development and educational opportunities.
• Global family leave policy.
• Employee assistance program.
• Internal inclusion & diversity employee networks.