£46,000 - £84,000 GBP
25% Shift Allowance
Hybrid WORKING
Location: Central London, Greater London - United Kingdom Type: Permanent

SOC Shift Lead - London

Salary: £46,000 - £84,000 + 25% Shift Allowance

Location: London (On-site)

Security Requirement: DV-clearable (does not need to hold DV at application stage)

Work Pattern: 24/7 shift rota - 14 shifts per 28-day cycle, 12-hour shifts, rotating nights/days

Career Level: Associate Manager

About the Role

We are seeking an experienced SOC Shift Lead to join a highly secure, high-performance operations environment supporting sensitive UK-based compute infrastructure.

This role is central to real-time defensive security operations and requires a decisive leader capable of managing escalations, guiding analysts, and maintaining a strong security posture across mission-critical systems.

You will operate within a 24/7 Security Operations Centre, leading your assigned shift, coordinating incident response activities, and ensuring operational continuity in the absence of senior management.

Key Responsibilities

• Lead investigations into escalated security incidents, assessing attack vectors, scope, and business impact.
• Correlate telemetry across SIEM, EDR, network, and cloud data sources to form complete incident narratives.
• Direct containment, eradication, and recovery actions in partnership with IT/OT stakeholders.
• Own medium- and high-severity incident response activities, producing detailed investigation documentation.
• Tune and optimise detection content in collaboration with engineering and content-development teams.
• Identify detection gaps and recommend improvements to playbooks, workflows, and overall SOC maturity.
• Mentor L1 Analysts, providing technical guidance and quality assurance on triage work.
• Participate in SOC exercises, simulations, and continuous readiness activities.
• Act as shift authority, managing escalations and ensuring operational stability during your rotation.

Role Requirements

• Education: Bachelor’s degree in Cybersecurity, Computer Science, or related discipline.
• Experience: 7-10 years in SOC operations, incident response, threat analysis, or similar defensive security roles.
• Preferred Certifications: GCIA, GCIH, CompTIA CySA+, Microsoft SC-200, Splunk Power User (or equivalent).
• Technical Expertise:
• Strong analytical mindset with deep knowledge of SIEM/EDR tooling.
• Understanding of adversary behaviour, malware characteristics, and incident-handling methodologies.

Shift Structure & Security Conditions

• 14 shifts every 28 days, each 12 hours, rotating 3 nights ? 4 days off ? 3 days.
• Includes a 25% shift premium based on base salary.
• Must be British-born and eligible for DV clearance.
• Employment requires passing BPSS checks and meeting strict security-history requirements.

Reference: AMC/JWA/SOCSLA

Postcode: SW1

#jawa