Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead the design and implementation of cutting-edge security operations technologies.
- Company: Join a growing UK-based MSSP with a focus on innovation.
- Benefits: Competitive salary, remote work, and opportunities for professional growth.
- Other info: Mentor junior engineers and contribute to a culture of continuous improvement.
- Why this job: Shape the future of cyber security and make a real impact in a dynamic team.
- Qualifications: 5+ years in SOC engineering with expertise in SIEM and EDR tools.
Up to £75,000 plus benefits
Remote (UK Based)
Candidates will be required to satisfy full UK SC Clearance.
We have partnered with our client, a growing UK Based MSSP, to recruit a SOC Engineering Lead to join their SOC Team. As the SOC Engineer Lead you will work hands on with the Security Operations Centre to architect, evolve and oversee technical operations. The successful candidate will be instrumental in shaping the core detection and response capabilities of the SOC, leading engineering efforts across Elastic SIEM, Microsoft Sentinel, Defender for Endpoint, CrowdStrike, and MISP, while building robust ITSM automation in JIRA.
Core role:
- Lead the technical design, implementation, and tuning of SIEM platforms (Elastic, Microsoft Sentinel).
- Engineer and operationalise endpoint detection capabilities using Defender for Endpoint, CrowdStrike, and Elastic Defend.
- Maintain and optimise threat intelligence workflows, including integrations with MISP.
- Build and maintain robust ITSM integrations and automations in JIRA for incident and change management.
- Work with the SOC leadership team to build, iterate and improve engineering to continue to deliver a world class SOC.
- Work closely with SOC analysts to ensure telemetry, detections, and playbooks align with real-world attack techniques (MITRE ATT&CK, D3FEND).
- Develop and maintain detection engineering pipelines including log onboarding, parsing, enrichment, correlation rules, and alerting logic.
- Automate repetitive tasks using scripting and infrastructure-as-code tools (PowerShell, Python, Terraform, etc.).
- Drive integration between security tooling and external systems (e.g., threat feeds, SOAR platforms, ticketing tools).
- Act as escalation point for complex detection and incident response scenarios.
- Mentor junior engineers and analysts, and contribute to a culture of continuous improvement.
What you will bring:
- Minimum 5 years of experience engineering and operating Security Operations Centre platforms.
- Deep knowledge and hands-on experience with:
- SIEM: Elastic Stack (Beats, Logstash, Kibana, Elasticsearch), Microsoft Sentinel
- EDR: Microsoft Defender for Endpoint, CrowdStrike Falcon, Elastic Defend
- Threat Intelligence: MISP (integration, automation, ingestion)
- SOAR and automation: including JIRA automations, sentinel playbooks, azure logic apps and functions, APIs and other integrations.
- ITSM: JIRA (incident, change, and service automation)
- Strong scripting and automation skills (Python, PowerShell, Bash).
- Experience implementing detection-as-code pipelines and detection content engineering at scale.
- Solid understanding of threat detection, digital forensics, and security telemetry.
- Experience integrating SOC tooling with third-party platforms and APIs.
SOC Engineering Lead employer: FlexIT Talent Solutions Ltd
Contact Detail:
FlexIT Talent Solutions Ltd Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land SOC Engineering Lead
✨Tip Number 1
Network like a pro! Reach out to folks in the industry, attend meetups, and connect with people on LinkedIn. You never know who might have the inside scoop on job openings or can put in a good word for you.
✨Tip Number 2
Show off your skills! Create a portfolio or GitHub repository showcasing your projects, especially those related to SIEM, EDR, and automation. This gives potential employers a taste of what you can do beyond just a CV.
✨Tip Number 3
Prepare for interviews by brushing up on real-world scenarios. Be ready to discuss how you've tackled challenges in SOC environments, especially with tools like Elastic SIEM and Microsoft Sentinel. Practice makes perfect!
✨Tip Number 4
Don’t forget to apply through our website! We’ve got some fantastic opportunities waiting for you, and applying directly helps us keep track of your application. Plus, it shows you're keen on joining our team!
We think you need these skills to ace SOC Engineering Lead
Some tips for your application 🫡
Tailor Your CV: Make sure your CV is tailored to the SOC Engineering Lead role. Highlight your experience with SIEM platforms like Elastic and Microsoft Sentinel, and don’t forget to mention your scripting skills. We want to see how your background aligns with what we’re looking for!
Craft a Compelling Cover Letter: Your cover letter is your chance to shine! Use it to explain why you’re passionate about cyber security and how your skills can help us build a world-class SOC. Be specific about your achievements and how they relate to the job description.
Showcase Your Technical Skills: In your application, make sure to showcase your technical skills clearly. Mention your hands-on experience with tools like Defender for Endpoint and CrowdStrike, and any automation projects you've worked on. We love seeing practical examples of your work!
Apply Through Our Website: Don’t forget to apply through our website! It’s the best way for us to receive your application and ensures you’re considered for the role. Plus, it makes the whole process smoother for both of us!
How to prepare for a job interview at FlexIT Talent Solutions Ltd
✨Know Your Tech Inside Out
Make sure you’re well-versed in the specific technologies mentioned in the job description, like Elastic SIEM and Microsoft Sentinel. Brush up on your knowledge of endpoint detection tools like Defender for Endpoint and CrowdStrike, as well as threat intelligence workflows with MISP.
✨Showcase Your Problem-Solving Skills
Prepare to discuss real-world scenarios where you've tackled complex detection and incident response challenges. Use examples that highlight your ability to think critically and implement effective solutions, especially in a SOC environment.
✨Demonstrate Your Automation Know-How
Since automation is key in this role, be ready to talk about your experience with scripting and infrastructure-as-code tools like PowerShell and Python. Share specific instances where you’ve automated tasks or improved processes using these skills.
✨Emphasise Team Collaboration
This role involves working closely with SOC analysts and mentoring junior engineers. Be prepared to discuss how you’ve successfully collaborated with teams in the past and contributed to a culture of continuous improvement within a SOC.