Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead and enhance security operations, ensuring effective incident response and team development.
- Company: Join a UK energy operator focused on critical national infrastructure and cyber resilience.
- Benefits: Enjoy remote work flexibility with occasional travel and a competitive daily rate.
- Why this job: Be part of a dynamic team driving digital transformation in the energy sector with real impact.
- Qualifications: Experience in SOC builds, NCSC CAF principles, and hands-on leadership in cybersecurity.
- Other info: Opportunity for continuous learning and professional growth in a supportive environment.
Security Operations Managers Remote with occasional travel to Crawley Β£850 per day β Outside IR35 6-9 month duration Summary A UK Critical National Infrastructure (CNI) energy operator is appointing two contract Security Operations Managers who will work in lock-step: a Run Lead to steer and mature the live CSIRT Response Function, and a Build Lead to create new, minimum-viable capabilities and hand them into service. Both posts sit under the Cyber Security Response Manager and are driven by the NCSC Cyber Assessment Framework (CAF) and NIST SP 800-61 r3 guidance for incident response. The culture is \βgood-enough-today, better-tomorrow\β: short, bullet-point artefacts, daily measurable progress, and rapid decision-making. ________________________________________ Background & Purpose Digital transformation and heightened threat activity place the UK energy sector under sustained pressure to detect and respond quickly. While the existing SOC provides baseline monitoring, it needs stronger governance, clearly defined processes, and fresh capabilities delivered at pace. Close partnership with the Managed Security Services Provider (MSSP) is essential to uplift the service and assure resilience. ________________________________________ Shared Responsibilities β Operate to recognised frameworks β align policies, processes and runbooks to the NCSC CAF objectives for CNI resilience and the incident-handling lifecycle in NIST SP 800-61 r3, keeping documentation concise and auditable. β Embed pragmatic process β create bullet-point playbooks, runbooks and knowledge-base pages that teams can follow under pressure. β Build out a predefined KPI set β track a lean group of SOC metrics (e.g., false-positive rate, improvement tickets closed, SLA breaches) and review them daily with analysts and weekly with the Cyber Security Response Manager. β Lead people & partners β recruit and mentor seven senior analysts, motivate existing staff, and hold the MSSP to clear responsibilities. β Promote continuous learning β capture lessons learned after every incident and incorporate them into updated runbooks and training sessions. ________________________________________ Run Lead β Key Outcomes β Day-to-day command of CSIRT / Response operations β own the shift rota, alert triage, escalation and service-improvement backlog. β Governance starter-pack β stand-up daily stand-ups, a Kanban board and a lightweight RACI so everyone knows who does what. β Targeted blue-team exercises β schedule and run periodic blue-team (or red-vs-blue) simulations to prove that services and processes work as intended record findings and fold improvements into revised runbooks. β Service-readiness assurance β rehearse incident scenarios, validate hand-offs with the MSSP, and confirm evidence is logged for audit. β Analyst development & morale β onboard seven senior analysts, set daily objectives, and champion a supportive, high-energy culture. ________________________________________ Build Lead β Key Outcomes β Backlog of minimum-viable capabilities β identify, prioritise and deliver quick-win defined capabilities (processes, procedures, runbooks and supporting metrics) that can be demonstrated within days and transitioned to Run. β Structured hand-off β for every new capability, supply concise documentation, decision logs and acceptance criteria so Run can adopt it immediately. β Process integration β embed new workflows into existing tooling and MSSP playbooks without disrupting live operations. β Evidence of value β report weekly on capabilities delivered, KPIs affected and lessons learned, using the predefined KPI set. ________________________________________ Candidate Profile β Proven rapid delivery β has led at least five SOC builds or rapid rebuilds from zero to operational within six-to-twelve months, ideally in regulated or high-availability sectors. β Framework fluent β comfortable applying NCSC CAF principles and NIST SP 800-61 r3 incident-handling guidance pragmatically, avoiding bureaucracy. β Hands-on leadership β coaches senior analysts, removes blockers in real time, and can work directly in SIEM, SOAR, EDR and cloud telemetry tools. β Action-oriented communicator β prefers calls and stand-ups over long email threads decisive yet collaborative. β Continuous-improvement mindset β captures every lesson and turns it into updated runbooks, training or process tweaks
Security Operations Managers x2 employer: Morson Talent
Contact Detail:
Morson Talent Recruiting Team
StudySmarter Expert Advice π€«
We think this is how you could land Security Operations Managers x2
β¨Tip Number 1
Familiarise yourself with the NCSC Cyber Assessment Framework and NIST SP 800-61 r3 guidance. Understanding these frameworks will not only help you in interviews but also demonstrate your commitment to aligning with the company's operational standards.
β¨Tip Number 2
Network with professionals in the cybersecurity field, especially those who have experience in SOC builds or incident response. Engaging with industry peers can provide insights and potentially lead to referrals that could strengthen your application.
β¨Tip Number 3
Prepare to discuss specific examples of your past experiences in leading SOC operations or rapid builds. Highlighting measurable outcomes from your previous roles will showcase your ability to deliver results effectively.
β¨Tip Number 4
Demonstrate your hands-on leadership style by preparing to share how you've coached teams and removed blockers in real-time. This will resonate well with the culture of continuous improvement and collaboration that the company values.
We think you need these skills to ace Security Operations Managers x2
Some tips for your application π«‘
Understand the Role: Before applying, make sure to thoroughly read the job description for the Security Operations Managers. Understand the key responsibilities and required skills, especially the importance of frameworks like NCSC CAF and NIST SP 800-61 r3.
Tailor Your CV: Customise your CV to highlight relevant experience in security operations, particularly any roles where you've led SOC builds or rapid rebuilds. Emphasise your hands-on leadership skills and familiarity with incident-handling frameworks.
Craft a Compelling Cover Letter: Write a cover letter that showcases your understanding of the role and how your background aligns with the company's needs. Mention specific achievements related to governance, process integration, and team leadership.
Highlight Continuous Improvement: In your application, emphasise your continuous-improvement mindset. Provide examples of how you've captured lessons learned and implemented changes in previous roles, as this is crucial for the position.
How to prepare for a job interview at Morson Talent
β¨Understand the Frameworks
Familiarise yourself with the NCSC Cyber Assessment Framework and NIST SP 800-61 r3 guidance. Be prepared to discuss how you have applied these frameworks in previous roles, as this will demonstrate your capability to align with the company's objectives.
β¨Showcase Your Leadership Skills
Highlight your experience in leading teams, especially in high-pressure environments. Discuss specific examples where you've motivated staff or mentored analysts, as this role requires strong hands-on leadership.
β¨Prepare for Scenario-Based Questions
Expect questions that assess your problem-solving skills in real-time scenarios. Prepare to discuss how you would handle incident response situations, including your approach to governance and service readiness assurance.
β¨Emphasise Continuous Improvement
Demonstrate your commitment to continuous learning by sharing examples of how you've captured lessons learned from past incidents and integrated them into updated processes or training sessions. This aligns with the company's culture of 'good-enough-today, better-tomorrow.'