SOC Technical Team Lead - Registers of Scotland - SEO

Registers of Scotland (RoS) is an award-winning organisation recognised for its technology and innovation. RoS is a world-leading pioneer in land and property registration, working to create data-led, digital solutions for the people of Scotland. Our full-stack teams design, architect, and build all our registration products in-house.

We are seeking a technically skilled and people-focused SOC Technical Team Lead to join our Cyber Security team at Registers of Scotland. This role provides both technical leadership and line management for the Security Operations Centre (SOC) team, ensuring the delivery of high-quality threat detection, incident response, and vulnerability management services. Candidates should have at least three years of experience in a Security Operations Centre or similar environment, bringing the hands-on expertise and operational insight needed to lead effective incident response and support a high-performing security team.

As SOC Technical Team Lead, you will:

• Provide line management, coaching, and development to SOC analysts and engineers.
• Lead the configuration, tuning, and maintenance of core SOC capabilities including log aggregation, alerting, correlation, threat detection, and response tooling.
• Collaborate with cyber engineers to develop and automate detection logic and incident response playbooks.
• Work with our Technical Product Manager and Security Architect to ensure SOC capabilities align with enterprise security architecture and strategy.
• Develop and maintain scenario-based runbooks and technical procedures for incident response.
• Engage with project teams to provide security assurance for new and existing services.
• Drive continuous improvement in SOC operations, tooling, and team capability.
• Monitor and report on SOC performance, including SLA/OLA adherence and incident handling timelines, volume and severity of security incidents, average time to detect (MTTD) and respond (MTTR) to threats, accuracy and relevance of alerts, coverage of threat detection across systems and services, and outcome-focused metrics such as reduced dwell time and successful containment rates.

Person specification:

• Proven experience in a Security Operations Centre or operational security environment.
• Demonstrable experience managing or leading a technical team or function in an enterprise setting.
• Strong background in operating and maintaining SOC capabilities such as log management, alerting, threat detection, and incident response tooling.
• Experience in incident response, including leading technical investigations and developing response frameworks.
• Proficiency in integrating and operationalising cyber threat intelligence.
• Experience working with ITSM systems to manage and prioritise workloads.
• Experience reporting on SOC metrics including SLA/OLA performance, MTTD/MTTR, alert accuracy, and outcome-based security improvements.
• Excellent interpersonal and communication skills, with the ability to work effectively across technical and non-technical teams.
• Experience developing or implementing vulnerability management tools and processes.
• Familiarity with cloud security monitoring and hybrid infrastructure environments.
• Knowledge of relevant security frameworks such as NIST CRF, ISO 27001, NCSC CAF, and MITRE ATT&CK.
• Experience contributing to or leading SOC maturity assessments or improvement programmes.