SOC Lead

Job Description

The Global Security Operations Centre (SOC) is a critical part of the organisation’s security capability, operating 24/7 across three regions.

As the SOC Lead, you are responsible for ensuring the continuous monitoring, detection, investigation, and response to cyber threats. You will coordinate teams across all regions to maintain a unified, high‑quality monitoring capability, drive SOC strategy, embed automation and AI-driven improvements, and develop a high‑performing analyst team.

This role requires strong leadership, technical understanding, excellent communication skills, and proven experience managing security operations within a global, follow‑the‑sun operating model.

Key Responsibilities

Operational Leadership & Coordination

• Lead, mentor, and develop SOC analysts across three countries, ensuring consistent quality and performance across all regions.
• Oversee day‑to‑day SOC monitoring activities, ensuring 24/7 operational coverage and seamless handover across time zones.
• Provide expert guidance during investigations, escalations, and complex security incidents.
• Ensure all security events are triaged, investigated, documented, and remediated in alignment with SOC processes.
• Maintain high levels of situational awareness across all regional teams.

Strategic Direction & Continuous Improvement

• Contribute to the long‑term SOC strategy, including capability growth, tooling advancement, and global operating model enhancements.
• Drive maturity improvements aligned with frameworks such as MITRE ATT&CK, Cyber Kill Chain, and defence‑in‑depth principles.
• Identify and implement opportunities to enhance analyst effectiveness through improved processes, playbooks, tooling, and governance.
• Lead annual/quarterly SOC roadmap planning and execution.

AI, Automation & Engineering Collaboration

• Drive adoption of AI‑assisted automated triage, and machine‑learning‑based threat analysis.
• Partner with engineering teams to enhance SIEM/SOAR pipelines, enrich data sources, and reduce manual workload through targeted automation.
• Oversee, tuning, and optimisation of detection rules across monitoring platforms.

Incident Response & Threat Analysis

• Support incident investigations with technical leadership, rapid decision‑making, and timely updates to stakeholders.
• Ensure learnings from incidents and threat intelligence are captured and integrated into processes and playbooks.

Stakeholder Management & Reporting

• Act as the SOC technical point of contact for internal stakeholders, including security leadership, technology teams, and business functions.
• Communicate technical threats clearly to non‑technical audiences, including senior management.
• Lead regular SOC operational reviews, presenting insight into service performance, trends, risks, and improvement plans.

SOC Metrics, Performance & Quality Assurance

• Develop and maintain SOC KPIs and OKRs across all three regions.
• Track metrics such as MTTD, MTTR, alert volumes, false positives, automation utilisation, analyst productivity, and rule effectiveness.
• Ensure continuous performance monitoring and improve SOC throughput and quality.
• Conduct case reviews, root‑cause analysis, and trend reporting to strengthen detection and response capability.

People Leadership & Development

• Build a culture of technical excellence, collaboration, and accountability across global teams.
• Coach and mentor analysts, identifying training needs, certification pathways, and career development opportunities.
• Conduct performance reviews and support the professional development of junior and senior SOC analysts.
• Foster an inclusive, high‑trust, globally aligned team environment.

Knowledge & Experience Requirements

Required

• 4+ years’ experience in SOC operations and security monitoring
• Minimum 3 years’ experience leading and developing high‑performing teams.
• Strong understanding of SIEM platforms
• Proven knowledge of MITRE ATT&CK, Cyber Kill Chain, and modern threat actor behaviours.
• Experience in global follow‑the‑sun SOC operations (desirable but not mandatory).
• Strong communication, report writing, presentation, and stakeholder‑facing skills.

Highly Desirable

• Experience with SOAR technologies
• Experience with detection content and playbooks.
• Familiarity with cloud environments (Azure, GCP) and cloud security practices.
• Background in AI/ML security tools or LLM integration within SOC workflows.
• Nice to have certifications (e.g., GCIH, GCIA, GCFE, GDAT, GCDA, GISP).

Admiral: Where You Can

We take pride in being a diverse and inclusive business. It's a place where you can Be You, and show up as you are. We’re committed to fostering a people-first culture where everyone is accepted, supported, and empowered to be brilliant. You can, Grow And Progress at a pace and direction that suits you, Make A Difference for our customers and each other, and Share in Our Future with all colleagues eligible for up to £3,600 of free shares each year after one year of service.

Everyone receives 33 days holiday (including bank holidays) when they join us, increasing the longer you stay with us, up to a maximum of 38 days (including bank holidays). You also have the option to buy or sell up to an additional five days of annual leave.

We’re proud of our people-first culture. In fact, we've been recognised as a Great Place to Work for Women, a Great Place to Work for Wellbeing, and an overall Great Place to Work for over 25 years! We’re fully committed to making sure your progression is not slowed or halted by barriers related to race, gender, age, sexuality or any of the protected characteristics.

Our fantastic benefits make sure our colleagues have a great work-life balance; You can view some of our other key benefits here.

Disability Confident Leader

As a Disability Confident Leader, for candidates with a disability or long-term health condition, that opt into the Disability Confident scheme, we’ll invite a fair and proportionate number of applicants that meet the essential requirements of the role to the first stage of our selection process.

If you need any adjustments or support with your application or during the recruitment process, just let us know. Please do email us or contact us on 07386697107. This number is dedicated to supporting candidates that require reasonable adjustments or support during the application process.

#LI-GN1