SOC Operations Manager

We are looking for a dynamic and experienced SOC Operations Manager to lead and shape the delivery of our Security Operations Centre (SOC) services. In this role, you will be responsible for ensuring the SOC operates at peak performance while driving continual improvement, with a strong focus on ITIL service management principles and full alignment with CREST standards. Based on-site in Hemel Hempstead, this is an outstanding opportunity for a SOC Operations Manager with experience in monitoring and analysing security threats for multiple customers. You will oversee and mentor a skilled team of analysts, fostering a culture of continuous learning, champion best practices in threat detection and incident management, and play a key role in safeguarding our organisation’s digital environment. Communications with key business partners is key regarding risks, threats and SOC performance. Familiarity with NIST Cybersecurity, MITRE ATT&CK, Splunk, Sentinel and ISO27001 is vital. What you will be doing: Lead, mentor, and develop SOC analysts and incident responders. Provide technical direction, conduct performance reviews, and foster continuous improvement. Oversee full lifecycle of security incidents from detection to resolution. Ensure compliance with SLAs and escalation protocols. Maintain and enhance incident response plans and procedures. Direct threat intelligence collection and analysis. Manage vulnerability assessments and coordinate remediation. Develop proactive strategies to mitigate emerging threats. Monitor and analyse security events across multiple platforms. Identify, assess, and escalate threats and vulnerabilities. Maintain and evolve SOC operational documentation and processes. Deliver training, mentorship, and knowledge sharing across the team. Ensure tool proficiency and promote a culture of continuous learning. Communicate effectively with senior stakeholders on risks and incidents. Provide regular SOC performance reports and updates. Collaborate with internal teams to align on security initiatives. Ensure SOC operations adhere to CREST and ITIL standards. Support accreditation maintenance and operational readiness. What you will bring: Demonstrated experience leading Security Operations Centre (SOC) teams in a 24×7 environment, driving operational excellence and continuous improvement. Ability to harness data analysis to detect threats, identify trends, and deliver actionable security insights. Strong track record in threat detection, incident management, and escalation handling. Hands-on experience managing SIEM and SOAR platforms such as Splunk, Microsoft Sentinel, or Elastic. Skilled in coaching analysts, building high-performing teams, and managing effective shift models. Confident communicator with the ability to translate complex technical risks into clear business impacts for senior stakeholders. Familiarity with NIST Cybersecurity Framework and MITRE ATT&CK. Understanding of ISO 27001 standards and compliance best practices. Working knowledge of the CREST SOC Maturity Model. Experience applying ITIL processes across incident, problem, and change management. It would be great if you had: Vendor-specific accreditations (e.g. Splunk Certified, Microsoft SC-200). Relevant security or management certifications. If you are interested in this role but not sure if your skills and experience are exactly what we’re looking for, please do apply, we’d love to hear from you! Security Clearance Level: Ideally holding SC or eligibility for SC clearance, willing to undertake DV clearance Referral Bonus: £3000 Salary offered will be in line with experience and development needs Loved reading about this job and want to know more about ADS? Sopra Steria’s Aerospace, Defence and Security business designs, develops and deploys digital solutions to Central Government clients. The work we do makes a real difference to the client’s goal of National Security, and we operate in a unique and privileged environment. We are given time for professional development activities, and we coach and mentor our colleagues, sharing knowledge and learning from each other. We foster a culture in which employees feel valued and supported and have pride in their work for the customer, delivering outstanding rates of customer satisfaction in the UK’s most complex safety- and security-critical markets.