SOC Manager/Lead in Westminster

We are seeking a competent Onsite SOC Lead/SOC Manager to operate from the client's premises in London and serve as the Single Point of Contact (SPOC) between the customer and the offshore Mphasis Next-Gen Cyber Fusion Center (Bangalore SOC Team). This individual will play a critical role as the bridge between client stakeholders and the offshore operations, ensuring seamless communication, transparency, and alignment of SOC deliverables. The SOC Lead/Manager will oversee daily BAU SOC functions, drive threat detection and response improvements, provide governance, and ensure the timely delivery of all operational and strategic security services. This position requires strong technical expertise in SIEM/SOAR/EDR technologies (primarily LogRhythm, but exposure to all leading SIEM platforms is essential), robust incident management skills, and exceptional stakeholder communication capabilities.

Responsibilities

• Act as the primary onsite representative of the SOC and the single point of contact for all cybersecurity operational matters.
• Ensure all communication to and from the customer is routed, validated, and tracked efficiently with the offshore SOC team.
• Manage expectations, clarify priorities, and ensure consistent delivery of SOC services as per SLAs and contractual obligations.
• Conduct regular onsite engagements with customer stakeholders, including service reviews, governance meetings, and ad-hoc consultations.
• Coordinate offshore teams regarding alerts, incidents, reporting, change requests, and enhancement requirements.
• Provide real-time visibility to the customer on incident status, ongoing investigations, and risk posture.

SOC Leadership & Operations Management

• Oversee and guide the offshore SOC analysts (L1, L2, L3, Threat Hunters) to ensure efficient 24×7 operations.
• Define, maintain, and enforce SOC operational procedures, response processes, and escalation workflows.
• Monitor SOC performance, quality of investigations, and ensure adherence to SLAs.
• Coordinate shift-wise activities, staffing coverage, operational handovers, and performance reviews with SOC management.
• Drive SOC efficiency enhancements and maturing SOC operations from reactive response to proactive threat hunting.

Incident Management & Crisis Response

• Serve as the Incident Commander for critical/high-severity incidents impacting the client.
• Lead cross-functional coordination including IT, Network, Cloud, and business units, during major security events.
• Review incident reports, RCA documents, and ensure lessons learned are implemented across the SOC.
• Periodically refine IR playbooks and ensure alignment with global frameworks like NIST 800-61 and ISO standards.

Security Technology Oversight

• Provide advisory and operational oversight for SIEM (LogRhythm primarily), SOAR, EDR, and XDR tools.
• Work closely with detection engineers to enhance use cases, correlation rules, and detection logic mapped to MITRE ATT&CK.
• Liaise with customer infrastructure/engineering teams for log onboarding, tool optimization, and integration enhancements.
• Evaluate and recommend enhancements across SOC tooling, dashboards, and automation workflows.

Threat Intelligence & Proactive Defense

• Drive proactive security initiatives including threat hunting, behaviour analytics reviews, and continuous tuning of alert logic.
• Ensure ingestion and effective use of global, contextual, and sector-specific threat intelligence feeds.
• Support execution of red/blue/purple team activities to validate SOC readiness and improve detection quality.

Governance, Metrics & Reporting

• Prepare and present operational dashboards, SOC performance reports, and executive summaries.
• Track KPIs/KRIs such as MTTD, MTTR, SLA adherence, volume trends, and false positive rates.
• Ensure compliance with audit, regulatory (GDPR, ISO 27001), and internal policy requirements.
• Maintain documentation, SOPs, process maps, and incident workflows.

People Development & Continuous Improvement

• Mentor analysts (onsite and offshore) to enhance their skillsets, investigative mindset, and operational maturity.
• Promote continuous improvement, innovation, and automation within the SOC.
• Lead SOC maturity assessments and ensure execution of roadmap initiatives aligned with NIST CSF/Gartner models.

Qualifications

• Bachelor's/Master's degree in Cybersecurity, Computer Science, or Information Security.
• 10-14 years of experience in cybersecurity operations with 3-5 years in SOC leadership or managerial roles.
• Strong technical expertise with hands‐on knowledge of:

• SIEM: LogRhythm (primary), Splunk, Sentinel, Securonix, XSIAM
• SOAR: Splunk SOAR, XSOAR, Securonix SOAR
• EDR/XDR: CrowdStrike Falcon, MS Defender, SentinelOne
• Cloud Security: Azure, AWS, GCP detection and response

• Incident Response frameworks (NIST 800‐61, SANS IR)
• SOC operating models, MITRE ATT&CK, NIST CSF, ISO 27001
• Threat intelligence, network forensics, UEBA, DLP solutions

Preferred Certifications

• CISSP/CISM
• GIAC Certifications (GCIH/GCIA/GCFA/GCTI/GMON)
• CEH or CompTIA CySA+ (as secondary options)
• LogRhythm Analyst/Administrator Certification (primary tool)
• Azure Security (AZ‐500/SC‐200)

Key Performance Indicators (KPIs)

• SOC uptime, SLA compliance, and operational stability
• Reduction in MTTD and MTTR
• Accuracy and quality of incident investigations
• Decrease in false positives and overall alert fatigue
• SOC maturity growth over time
• Successful customer audits and compliance scores
• Client satisfaction and feedback scores
• Effective collaboration and alignment between onsite and offshore teams