SOC Shift Lead

Job Description SOC Shift Lead46,000 - 84,000 GBP25% Shift Allowance Hybrid WORKINGLocation: Central London, Greater London - United Kingdom Type: PermanentSOC Shift Lead - LondonSalary: 46,000 - 84,000 + 25% Shift AllowanceLocation: London (On-site)Security Requirement: DV-clearable (does not need to hold DV at application stage)Work Pattern: 24/7 shift rota - 14 shifts per 28-day cycle, 12-hour shifts, rotating nights/daysCareer Level: Associate ManagerAbout the Role We are seeking an experienced SOC Shift Lead to join a highly secure, high-performance operations environment supporting sensitive UK-based compute infrastructure.This role is central to real-time defensive security operations and requires a decisive leader capable of managing escalations, guiding analysts, and maintaining a strong security posture across mission-critical systems.You will operate within a 24/7 Security Operations Centre, leading your assigned shift, coordinating incident response activities, and ensuring operational continuity in the absence of senior management.Key ResponsibilitiesLead investigations into escalated security incidents, assessing attack vectors, scope, and business impact.Correlate telemetry across SIEM, EDR, network, and cloud data sources to form complete incident narratives.Direct containment, eradication, and recovery actions in partnership with IT/OT stakeholders.Own medium- and high-severity incident response activities, producing detailed investigation documentation.Tune and optimise detection content in collaboration with engineering and content-development teams.Identify detection gaps and recommend improvements to playbooks, workflows, and overall SOC maturity.Mentor L1 Analysts, providing technical guidance and quality assurance on triage work.Participate in SOC exercises, simulations, and continuous readiness activities.Act as shift authority, managing escalations and ensuring operational stability during your rotation.Role RequirementsEducation: Bachelor's degree in Cybersecurity, Computer Science, or related discipline.Experience: 7-10 years in SOC operations, incident response, threat analysis, or similar defensive security roles.Preferred Certifications: GCIA, GCIH, CompTIA CySA+, Microsoft SC-200, Splunk Power User (or equivalent).Technical Expertise: Strong analytical mindset with deep knowledge of SIEM/EDR tooling.Understanding of adversary behaviour, malware characteristics, and incident-handling methodologies.Shift Structure & Security Conditions14 shifts every 28 days, each 12 hours, rotating 3 nights ? 4 days off ? 3 days.Includes a 25% shift premium based on base salary.Must be British-born and eligible for DV clearance.Employment requires passing BPSS checks and meeting strict security-history requirements.Reference: AMC/JWA/SOCSLAPostcode: SW1#jawaJBRP1_UKTJ

Created: 2026-04-08