SOC Lead - Gamma Labs

Main purpose of role:

A fantastic opportunity for an experienced SOC analyst or incident responder, ready to take the next step in your career as part of a growing security function within an ambitious and dynamic organisation.

As a SOC Lead at Gamma you’ll be the senior member of the L2/3 team, working alongside and guiding the SOC Specialists to protect Gamma and our customers from threat actors. You'll manage escalations from our MSSP for L1 activity as well as responding to escalations from the internal team.

Supported by an Incident Manager, you will take the lead during cyber incident response, ensuring that the right questions are being asked - and that the right people are being facilitated to answer them.

You'll take a proactive, intelligence-led approach to cyber defence, overseeing and developing the threat hunting capability to detect threats and neutralise them before they impact the business.

Key responsibilities:

The SOC is responsible for ensuring Gamma is defended against threat attack vectors, actors and their tactics, techniques, and procedures (TTPs). The SOC lead will:

· Provide guidance and mentorship to SOC Specialists.

· Respond to cyber events and tickets escalated to L2/3.

· Identify, classify, and respond to cyber incidents, acting as the "security lead" within a resolver group.

· Ensure that the Head of Security Operations and other senior stakeholders are appraised of incident impact, developments, and outcomes.

· Recognise when external assistance is required to support or guide incident response and escalate promptly.

· Develop - and guide the development of - runbooks and processes, ensuring they're fit-for-purpose and followed.

· Prepare incident reports and gather reporting metrics for cyber events and incidents.

· Analyse security event trends to tune rules and thresholds to improve the fidelity of detections and alerts.

Key skills:

Skill Detail

Problem solving · You'll apply a methodical investigative mindset to all security incidents, and you'll foster the same in others.

Decision making · Calm & decisive under pressure: Ability to drive calm and effective response to cyber security events. · Make evidence-based decisions. · Recognise that your decisions can impact the Gamma Group and external stakeholders and don’t be afraid to seek help. · You’ll identify when assistance is required to support or guide incident response and escalate promptly.

Innovation · You’ll drive continuous improvement of security tooling and processes, demonstrating a commitment to improving the speed, accuracy, and reliability of detection and response through automation and data enrichment.

Communication · Strong communication, visual & written skills. Ability to present to Senior Manager and Director levels. · Ability to communicate with stakeholders at different levels and with varied technical knowledge. · Ability to document processes with refence to inputs, outputs and stakeholders.

Interpersonal · Ability to work within geographically dispersed virtual teams · Ability to build partnerships with other SOCs and external stakeholders (peers, customers and vendors). · Influencing skills: Ability to persuade, influence and motivate others, with the right sense of urgency, without having formal authority.

Key relationships:

The SOC is the "front door" for Gamma's security function. Being responsive and supportive is key to building trust with our colleagues. You will maintain healthy and collaborative working relationships across Gamma Group to help foster a strong security culture. You will work closely with Security Engineering and other technical teams to make continual improvements to the technology which underpins our capability, and to define requirements for new security tools and bring them into operation.

Experience and skills:

· Typically qualified to degree level, or the equivalent professional experience within IT and cyber security.

· Extensive experience of working within a SOC or adjacent role.

· Experienced in responding to cyber incidents.

· Conversant with common security tooling (E.g., SIEM, SOAR, EDR, NDR).

· Understanding of threat actors, their tactics, techniques, and procedures.

· Understanding of security event data, the value of different data sources and tools for analysis.

· Previous experience of mentoring or leading SOC analysts is desirable but not essential.

· Experience of risk-based vulnerability management is desirable.