Lead Security Operations Center Analyst (f/m/d) in Reading

Introducing Thinkproject Platform, pioneering a new era and offering a cohesive alternative to the fragmented landscape of construction software. Thinkproject seamlessly integrates the most extensive portfolio of mature solutions with an innovative platform, providing unparalleled features, integrations, user experiences, and synergies.

By combining information management expertise and in-depth knowledge of the building, infrastructure, and energy industries, Thinkproject empowers customers to efficiently deliver, operate, regenerate, and dispose of their built assets across their entire lifecycle through a Connected Data Ecosystem.

We are looking for a highly experienced and technically skilled Lead Security Operations Centre (SOC) Analyst to join our team and take ownership of the day-to-day operation and continuous improvement of our Security Operations Centre. This role combines deep technical expertise with operational leadership, people management, and project delivery responsibilities, ensuring the SOC remains effective in identifying, investigating, and responding to advanced security threats, issues, and vulnerabilities across the organisation.

Main responsibilities:

• Independently investigate and respond to security alerts and events from SIEM, EDR, and other security tools across endpoints, networks, cloud platforms, and applications.
• Lead proactive threat hunting activities, leveraging threat intelligence, application logs, and infrastructure telemetry to uncover indicators of compromise or stealthy threat activity.
• Perform in-depth analysis of logs, API configurations and traffic, container environments, network data, application and infrastructure architecture, as well as data centre hosting environments to support threat detection, incident investigation, and root cause analysis.
• Manage complex cybersecurity incidents end-to-end, including containment, eradication, recovery, and post-incident analysis, while coordinating closely with cross-functional stakeholders.
• Deploy, operate, configure, and tune SIEM platforms and detection tools to enhance signal accuracy, reduce alert fatigue, and maintain effective detection coverage.
• Design, build, and maintain incident response playbooks and automation workflows to increase the efficiency, speed, and consistency of incident response processes.
• Simultaneously manage multiple active investigations and day-to-day SOC operations, effectively prioritising tasks and managing time under pressure.
• Conduct forensic analysis during investigations, including evidence preservation, malware analysis, memory examination, and root cause identification.
• Collaborate with DevOps, IT, and development teams to ensure timely containment, mitigation, and remediation of vulnerabilities and threats.
• Coordinate outputs from security assessment tools and penetration tests, ensuring clear ownership and timely closure of identified issues.
• Participate in and lead security testing exercises to evaluate and strengthen detection capabilities and response procedures.
• Drive continuous improvement of SOC operations by identifying logging gaps, proposing monitoring enhancements, and introducing new detection or response technologies.
• Maintain comprehensive documentation of investigations, incidents, tuning efforts, and threat intelligence to support reporting, knowledge sharing, and audit readiness.
• Stay current with evolving threat landscapes, adversary techniques, and emerging security tools and practices to strengthen SOC capabilities.
• Adapt SOC processes, solutions, and procedures to enhance the monitoring of the organization's IT network health.
• Ensure security operations and incident response practices are aligned with industry-recognized frameworks such as ISO 27001.
• Implement solutions within CI/CD pipelines to identify and block security issues reaching production environments.
• Support the development and refinement of SOC procedures, training materials, and operational standards to enhance maturity and consistency across the team.
• Act as the operational lead for the SOC, overseeing day-to-day activities, workload prioritisation, incident coordination, and service delivery to ensure effective security monitoring and response capabilities.
• Provide line management, coaching, mentoring, and professional development support to SOC analysts, fostering a high-performing and collaborative security operations culture.

You Must Have:

• Proficiency in spoken and written English, with the ability to communicate effectively across both technical and non-technical audiences.
• Bachelor’s degree in cyber security or a related field, or equivalent professional experience.
• Strong knowledge of cybersecurity principles, threat landscapes, and incident response procedures.
• Hands-on experience with implementation, ongoing management and maturing of Security Information and Event Management (SIEM) tools, Endpoint Detection and Response (EDR) platforms, threat intelligence platforms, and vulnerability identification tools.
• Experience integrating custom-built applications into SIEM platforms.
• Experience with implementation of automation solutions, enhancing SOC efficiency and speeding incident response.
• Experience managing security issues identified through internal tools and external assessments, ensuring remediation is completed in line with company policies and standards.
• Experience in complex incident response and investigation, including forensic evidence handling and root cause analysis.
• A positive, self-motivated attitude.
• The ability to work effectively in a team environment, collaborating with cross-functional teams to achieve shared objectives.

It Would Be Good to Have:

• Proficiency in German (spoken and written).
• Experience conducting red or purple team exercises to validate detection capabilities and improve response playbooks.
• Understanding of advanced detection engineering techniques, such as creating custom correlation rules and behavioural analytics in SIEM platforms.

What we offer: Lunch 'n' Learn Sessions, Women's Network, LGBTQIA+ Network, Coffee Chat Roulette, Free English Lessons, Thinkproject Academy, Social Events, Volunteering Activities, Open Forum with Leadership Team (Tp Café), Hybrid working, Unlimited learning.