Lead Security Operations Engineer

This is a new and pivotal role within IT Operations, created to establish and lead our Security Operations function at a time of significant transformation. Reporting into the Infrastructure Operational Support Manager, you’ll work closely with infrastructure, network and security governance teams to strengthen our cyber resilience and protect critical services. As the Security Operations Subject Matter Expert, you’ll shape the operating model, define the roadmap, and embed best‑practice security across our IT estate. This is an opportunity to combine hands‑on technical delivery with leadership, strategy and influence, in a role where your expertise will make a visible and lasting impact.

What You Will Be Responsible For:

• You’ll lead the day‑to‑day and strategic delivery of Security Operations, ensuring our people, platforms and partners work together to manage threats, vulnerabilities and incidents effectively.
• Establishing and leading the Security Operations function, including defining processes, frameworks and tooling.
• Owning vulnerability management across the organisation, identifying, prioritising and driving remediation using tools such as Qualys and Tenable.
• Managing and optimising security tooling including SIEM, endpoint protection, DLP and internet security solutions.
• Acting as the primary technical escalation point for complex security incidents and operational issues.
• Coordinating incident response and emergency activities, working closely with internal teams and external partners.
• Managing and assuring third‑party SOC providers and near‑/off‑shore partners against agreed SLAs.
• Developing and owning the security operations roadmap, driving continuous improvement and innovation.

Additional Requirements Specific To The Role:

• Participation in a 24/7 on‑call rota to support critical incident response.
• Travel across Southern Water sites as required.
• Close collaboration with infrastructure, network and governance teams across IT Operations.

Essential What you’ll bring to the role:

• Proven, hands‑on experience in Security Operations, including incident response and vulnerability management.
• Strong technical knowledge of security tooling such as SIEM platforms, endpoint protection and vulnerability scanning tools.
• Experience leading or coordinating internal teams and third‑party SOC providers.
• Familiarity with IT service management tools such as ServiceNow.
• Excellent communication skills with the ability to influence and collaborate across technical teams.

Desirable:

• Professional certifications such as CISSP, CISM, CompTIA Security+ or equivalent.
• Experience within utilities, critical infrastructure or operational technology environments.

Our Commitment to Diversity:

We welcome applicants from all backgrounds, identities, and experiences. We do not discriminate based on race, ethnicity, gender, sexual orientation, age, disability, religion, or any other protected characteristic. If you need reasonable adjustments during the recruitment process, please let us know.

Additional Information:

In line with Southern Water’s security requirements, successful candidates will be required to provide evidence of their identity, eligibility to work in the UK, criminal record check (DBS) and verification of their employment and/or education history for the past three years. Appointment to this role is subject to the successful completion of all pre‑employment checks, including security vetting. Please note that if a candidate does not meet the required security standards or fails to pass the vetting process, Southern Water reserves the right to withdraw the offer of employment. Some positions may also require higher levels of security vetting, which may involve providing additional documentation.