Security Operations Manager

Role Overview

The Security Operations Manager is responsible for building, operating, and continually advancing LRQA's corporate cyber defence capability in an environment where attackers move fast and automation matters. You will lead a high-performing internal Security Operations team while overseeing a 24×7 outsourced SOC and Incident Response provider.

This is a hands-on operational management role where you will combine threat-informed detection engineering, incident response coordination, vulnerability management, and AI-assisted defence. Working closely with IT and senior leadership, you will lead LRQA's Cyber Security Analysts, drive the adoption of AI tooling to elevate detection quality, investigation speed, and response outcomes.

Detection & Response Operations

• Design, mature, and scale LRQA's detection and response capabilities across endpoints, identity, cloud, and network environments.
• Own and continuously improve alert logic, response playbooks, escalation workflows, and post-incident review processes.
• Ensure threats are detected, triaged, contained, and remediated quickly and consistently.
• Lead incident response during major security events—coordinating internal teams and managing third-party IR resources where required.

Team Leadership

• Manage and mentor a team of internal Cyber Security Analysts.
• Provide technical direction, operational structure, coaching, and performance development.
• Build analyst capability, with a focus on modern detection engineering and AI-assisted investigation techniques.

Third-Party SOC & Incident Response Management

• Oversee a 24×7 third-party SOC and IR provider as LRQA's operational extension.
• Define and enforce SLAs, KPIs, and escalation procedures.
• Conduct regular service reviews to ensure high-quality detections, effective response actions, and continual improvement.
• Be the primary point of accountability for all outsourced SOC and IR outcomes.

AI-Assisted Defence

• Drive adoption of AI-enabled security tooling across detection, investigation, and response workflows.
• Integrate AI outputs into detection engineering and decision-making, to enhance the team's capability.
• Establish guardrails to ensure AI recommendations remain explainable, accurate, and aligned to LRQA's security standards.

Vulnerability Management

• Own and drive LRQA's vulnerability management programme
  , ensuring timely identification, prioritisation, and remediation of weaknesses across endpoints, cloud services, identity systems, and networks.
• Collaborate with IT, engineering, and cloud teams to ensure remediation activities are tracked, risk-aligned, and completed within agreed SLAs.
• Use innovative methods to enhance vulnerability prioritisation, exploit-likelihood assessment, and risk scoring.
• Integrate vulnerability intelligence into detection engineering and threat-modelling activities to strengthen LRQA's overall defensive posture.
• Provide clear reporting on vulnerability trends, remediation progress, and systemic risk to senior security leadership.

Metrics & Reporting

• Define, track, and maintain operational metrics such as MTTD, MTTR, alert fidelity, and incident trends.
• Provide clear, actionable reporting to senior security leadership.
• Use data-driven insights to prioritise improvements, influence tooling investment, and strengthen operational resilience.

Cross-Functional Collaboration

• Partner with IT, Cloud, Engineering, and Risk teams to remediate vulnerabilities and reduce systemic security risk.
• Support compliance, audit, and regulatory enquiries relating to security operations.

• Experience leading Security Operations, SOC, or incident response teams.
• Strong understanding of detection engineering, incident response lifecycle, and modern security monitoring technologies.
• Proven track record managing third-party SOC and IR service providers.
• Familiarity with AI-assisted security tools.
• Strong leadership, communication, and vendor management skills.

• Experience operating in hybrid or cloud-first environments.
• Hands-on experience with SIEM, EDR/XDR, and SOAR platforms.
• Experience mapping detection logic to frameworks such as MITRE ATT&CK
  .

• An AI first mindset for improving detection and response.
• High-fidelity detections with dramatically reduced alert noise.
• Fast, predictable, and high-quality incident triage and response.
• A motivated internal team supported by a third-party SOC that delivers outcomes.
• Reduction in exposures through vulnerability trend analysis and remediation prioritization

If you are successful in securing a role with us, we will carry out pre-employment checks in accordance with what is allowed under local law.

These checks will include, (as permitted):

- right to work, identification, verification of employment history, education, and criminal records.

We may involve the third-party supplier to run the background checks as needed and your data will be retained for a period as needed for the purpose of…