SOC Lead

Security Operations Centre (SOC) Lead / SOC Manager

London – 5 Days Onsite

Up to £85,000 per annum

Nigel Frank is partnering with a global consultancy to recruit an experienced Security Operations Centre (SOC) Lead / SOC Manager to be based full-time onsite at a client location in London (5 days per week).

This is a high-impact, customer-facing leadership role where you will act as the onsite SOC representative and Single Point of Contact (SPOC) between the end client and an offshore Cyber Fusion Centre. You will play a critical role in ensuring seamless communication, operational excellence, and continuous improvement across 24x7 SOC services.

As SOC Lead, you will combine strong technical capability with operational oversight and stakeholder management. You will oversee daily SOC operations, govern incident response activities, drive service improvements, and ensure all SLAs and security objectives are consistently met.

This role requires someone comfortable operating at both a technical and executive level — able to lead major incidents while also presenting dashboards and risk posture updates to senior stakeholders.

Onsite SOC Leadership & Customer Engagement

• Act as the primary onsite representative and cybersecurity SPOC.
• Manage communication and coordination between the client and offshore SOC teams.
• Lead service reviews, governance meetings, and operational discussions.
• Provide real-time visibility into incidents, investigations, and risk posture.
• Ensure SLA adherence and contractual service delivery.

• Oversee 24x7 SOC operations (L1–L3 Analysts and Threat Hunters).
• Serve as Incident Commander for high-severity security incidents.
• Review RCA documentation and refine incident response playbooks.
• Mature SOC capabilities from reactive monitoring to proactive threat hunting.

• Provide oversight and advisory support across SIEM, SOAR, EDR, and XDR platforms.
• Enhance detection use cases mapped to MITRE ATT&CK.
• Support log onboarding, correlation rule tuning, and automation improvements.
• Drive tooling optimisation and continuous enhancement initiatives.

• Deliver operational dashboards and executive reporting.
• Track KPIs such as MTTD, MTTR, SLA compliance, and false positive rates.
• Ensure alignment with GDPR, ISO 27001, and internal compliance requirements.
• Maintain SOPs, workflows, and documentation standards.

• Mentor onsite and offshore SOC analysts.
• Lead SOC maturity assessments and roadmap initiatives.
• Promote automation, innovation, and operational excellence.

• 10–14 years’ experience in cybersecurity operations.
• 3–5 years in SOC leadership or managerial roles.
• Strong experience working within managed SOC / MSSP environments.
• Excellent stakeholder management and communication skills.
• Experience working with global or offshore teams.

• SIEM: Log Rhythm (preferred), Splunk, Sentinel, Securonix, XSIAM
• SOAR: Splunk SOAR, XSOAR, Securonix SOAR
• Cloud Security: Azure, AWS, GCP detection and response
• Strong knowledge of:
• NIST 800-61, SANS IR frameworks
• MITRE ATT&CK, NIST CSF, ISO 27001
• Network forensics and incident lifecycle management

• CISSP or CISM
• GIAC certifications (GCIH, GCIA, GCFA, GCTI, GMON)
• Log Rhythm certifications
• Azure Security (AZ-500 / SC-200)
• CEH or CompTIA CySA+

• Salary up to £85,000
• Opportunity to lead and shape SOC operations within a global consulting environment
• High-visibility role with direct stakeholder engagement
• Strategic and operational influence across enterprise cyber defence

This role requires full-time onsite presence in London (5 days per week).

If you are an experienced SOC leader looking to take ownership of a high-profile, client-facing security operation, apply now via Nigel Frank for immediate consideration.