Cyber Security Operations Lead

We are seeking a highly motivated Cyber Security Operations Lead to direct and manage our daily cyber security operations, ensuring the protection of our digital assets, networks, and data from both internal and external threats.

In this pivotal role, you will oversee our Security Operations Centre (SOC), lead incident response activity, strengthen our cyber defence capabilities, and ensure compliance with regulatory and defence standards. You will work collaboratively across the organisation, supporting the AirTanker Security Manager and Operations Security Manager as part of the Security Management Team Working Group (SMT).

AirTanker is a vital part of the UK's defence capability, delivering air-to-air refuelling and air transport services to the RAF and MOD. We operate at the intersection of military precision and commercial innovation. As a Cyber Security Operations Lead, you'll play a critical role in protecting our organisation's digital environment and ensuring our systems remain secure, resilient, and mission‑ready.

By overseeing daily security operations, monitoring threats, and leading incident response activity across our networks, cloud services, and security platforms, you will directly contribute to the safety, reliability, and operational capability of the business.

What's in it for you?

• Operational Impact: From leading real‑time threat monitoring to coordinating rapid incident response, you'll play a central role in protecting mission‑critical systems and ensuring our digital environment remains secure and resilient.
• Strategic Influence: Shape the organisation's cyber defence posture by driving improvements in tools, processes, automation, and threat‑response capability-directly influencing operational readiness and long‑term security strategy.
• Advanced Technology Exposure: Work with a suite of cutting‑edge tools including SIEM, EDR, threat intelligence platforms, and automated defence technologies, expanding your technical capability and exposure to industry‑leading practices.
• Comprehensive Benefits: Including private medical insurance, bonus scheme, EV scheme, contributory pension, and more.
• Adventure & Belonging: Battlefield tours, adventure training, and family fun days.

What you'll be doing:

• Lead the day‑to‑day operations of the Security Operations Centre (SOC), ensuring effective monitoring and incident response.
• Develop and implement strategies to identify, analyse, and mitigate cyber threats in real time.
• Conduct and coordinate investigations into security incidents, system vulnerabilities, and breaches.
• Oversee remediation activities and embed lessons learned to strengthen organisational resilience.
• Maintain, configure, and optimise core security technologies including SIEM, EDR, and associated cyber‑defence tools.
• Develop and maintain incident response playbooks and conduct regular exercises and simulations.
• Monitor threat intelligence sources and adjust defences to address emerging threats.
• Ensure compliance with internal policies, industry standards, and defence‑related security requirements.
• Report regularly on cyber security posture, risks, and operational performance to senior stakeholders.
• Collaborate with internal security leads, operational teams, and wider business units to align security operations with organisational priorities.
• Manage relationships with third‑party SOC providers and partner security platforms.

What you'll bring:

• Strong experience in Cyber Security Operations or within a SOC environment.
• Proficient in SIEM, EDR, IDS/IPS, and vulnerability management technologies.
• Experience in coordinating or supporting incident response activities.
• Understanding of threat intelligence, threat hunting, and adversary tactics.
• Technical knowledge of Windows/Linux hardening, networking fundamentals, and cloud security (Azure/AWS).
• Clear and confident communication skills with the ability to lead and influence stakeholders.
• Degree in Cybersecurity, Information Security, Computer Science, or equivalent experience.
• Eligibility to obtain UK Security Clearance.
• Experience in defence, government, or other regulated environments.
• Exposure to classified data handling, secure configuration standards, and patch management.
• Hands‑on experience with SIEM platforms such as Splunk, QRadar, or Sentinel.
• Experience managing cyber tools such as Arctic Wolf, DarkIQ, or Darktrace.
• Professional certifications such as CompTIA Security+, CySA+, GCIH, CISSP, CISM, or ITIL Foundation.