SOC Engineering Lead

Exceptional people, creating extraordinary partnerships, developing game-changing technologies.

At Sellafield Ltd, we are harnessing our expertise; bringing together world-class skills and innovative technology to solve complex nuclear, infrastructure, and engineering challenges. By joining Sellafield Ltd, you join an amazing team of people, from all walks of life, where you can thrive in a connected, considerate culture of innovation, collaboration, and community; and play a significant part in the UK's sustainable nuclear future.

The challenges we face are amongst the most complex anywhere in the world. We are using advanced technologies to shape, create and advance the world's nuclear decommissioning knowledge and capability. That's why our work is driven by people with a passion for problem-solving and innovation.

What will the Successful Candidate be Doing:

We are seeking a SOC Engineering Team Lead to take responsibility for the development, lifecycle management, and optimisation of SOC engineering services and tooling, ensuring they are secure, scalable, and aligned with business needs. This is a newly established role within Sellafield Ltd's Cyber Security profession, created to strengthen the technical foundation of the Cyber Security Operations Centre (CSOC).

This role is pivotal in ensuring that SOC platforms and supporting technologies are secure, scalable, and aligned with operational and strategic needs. You will be responsible for the lifecycle management, optimisation, and continuous improvement of SOC engineering services, enabling effective threat detection and incident response across a complex hybrid environment.

As a new function, the role faces the challenge of building foundational capabilities from the ground up -establishing robust engineering practices, integrating advanced security tooling, and embedding automation and performance monitoring across SOC services. It must also navigate the complexities of working across ICT, cyber operations, and supplier ecosystems to ensure seamless delivery and compliance with frameworks such as the NCSC Cyber Assessment Framework (CAF).

The Team Lead will be instrumental in shaping long-term SOC capability roadmaps, managing a multi-disciplinary team, and driving innovation in log source onboarding, detection enablement, and automation. Balancing technical leadership with strategic alignment, the role must deliver high-performing, cost-effective solutions while fostering collaboration across internal and external stakeholders. Operating within a regulated environment, it must also ensure that engineering decisions support compliance, resilience, and continuous improvement in cyber defence.

Key responsibilities:

• Support the Head of Cyber Security Operations in aligning SOC engineering with strategic objectives.
• Contribute to long-term SOC capability planning, including resourcing, tooling evolution, and automation.
• Manage ICT supplier relationships to ensure SOC services and technologies are integrated and effective.
• Ensure availability, performance, and scalability of SOC platforms (e.g. Microsoft Sentinel, Defender suite, Log Analytics).
• Monitor and maintain log ingestion pipelines and integrations across hybrid environments.
• Lead deployment and lifecycle management of agents and sensors across endpoints, servers, and cloud workloads.
• Produce regular reports on platform health, ingestion volumes, agent coverage, and system performance.
• Define and track SLAs and KPIs for SOC platform performance and automation workflows.
• Oversee onboarding of new log sources, ensuring alignment with detection use cases and operational priorities.
• Collaborate with ICT and business units to prioritise log sources based on risk and coverage.
• Maintain documentation and standards for log onboarding, including validation and data quality checks.
• Work with detection engineers and threat hunters to define log source requirements.
• Support development and tuning of KQL-based analytics rules and workbooks in Microsoft Sentinel.
• Contribute to mapping detection logic to frameworks such as MITRE ATT&CK, NCSC CAF, and NIST CSF.
• Lead development and maintenance of automation workflows using Sentinel SOAR (Logic Apps, Playbooks).
• Integrate SOC tooling with enterprise systems (e.g. ServiceNow SecOps) to streamline alerting and response.
• Promote infrastructure-as-code for SOC engineering deployments.
• Manage Microsoft Sentinel and Azure security service costs within budget.
• Optimise log source prioritisation and detection coverage to maximise ROI.
• Review data ingestion volumes, retention policies, and analytics rules to reduce unnecessary spend.
• Provide technical leadership, mentoring, and performance management.
• Collaborate with Cyber Security Operations, ICT, and business stakeholders to ensure SOC engineering meets strategic and operational needs.

Your Skills and Qualifications

• Proven leadership and mentoring abilities, with a focus on technical excellence and team development.
• Strong attention to detail and a proactive, problem-solving mindset.
• Excellent communication skills, with the ability to engage both technical and non-technical stakeholders.
• Demonstrated passion for cyber security and a commitment to continuous improvement.
• Extensive experience in SOC engineering, security architecture, or related technical cyber security roles.
• In-depth knowledge of Microsoft Azure security services, including Sentinel, Defender for Endpoint, Defender for Cloud, and Log Analytics.
• Proficiency in scripting and automation using tools such as PowerShell, Python, and Logic Apps.
• Familiarity with cyber security frameworks including MITRE ATT&CK, NCSC CAF, and NIST CSF.
• Degree or equivalent qualification in computer science, cyber security, or a related field.

Skills Considered Desirable:

• SC-200: Microsoft Security Operations Analyst.
• AZ-500: Microsoft Azure Security Technologies.
• SC-100: Microsoft Cybersecurity Architect.
• Experience in regulated environments (e.g., nuclear, defence, critical infrastructure).
• Membership of CIISec, BCS, or other relevant professional bodies.

Why us?

At Sellafield Ltd, we are committed to supporting our employees in fulfilling their potential. With having 100 years of work in front of us, we offer comprehensive training and development opportunities, enabling you to feel inspired in your role. Whatever area you join us in, you'll find a genuinely exciting and rewarding career.

Making sure our employees feel supported is important to us. Therefore, to help you get the most out of life in and outside of work, we also offer a range of employee benefits:

• You will benefit from an annual bonus of up to 15%, made up of company and personal performance
• An attractive defined contribution pension scheme – the company will match up to 13.5% for a 7% employee contribution
• 30 days annual leave + bank holidays. Plus, the ability to purchase an extra 2.5 days per year.
• The ability to carry over 10 days annual leave each financial year
• Paid Sick Leave
• Family Friendly Policies – Visit our Rewards & Benefits page to read more
• Cycle to Work Scheme
• Lifestyle Benefits
• Learning & Development Opportunities
• Reward & Recognition Policies
• Welfare & Employee Assistance Programme
• Free Aviva Health App & Annual Health Check
• MyDiscounts – Employee Savings & Discounts
• MyBenefits – A Charity Giving Scheme
• Many, many more Click this link to visit our Rewards & Benefits page:

Sellafield Ltd are recognised as a Disability Confident Employer (Level 3). Disability Confident employers offer an interview to disabled applicants that meet the minimum criteria for a vacancy. Sellafield Ltd define the minimum criteria as the 'essential skills' which are listed on the vacancy notice. Whilst completing your application form, you will be able to indicate if you wish to be considered under the disability confident scheme. If you would prefer to discuss this directly with us, please contact the GBS Recruitment team on

Back

SOC Engineering Lead

Job number

SP06519

Profession

IT Information Services

Location

Risley Warrington

Salary

Competitive

Contract type

Permanent Contract

Posting date

12 November 2025

Closing date

2 December 2025

---