Lead SOC Engineer

About DigitalXRAID

The DigitalXRAID Security Operations Centre provides around-the-clock protective monitoring solutions to a diverse client base spanning multiple industry verticals. Utilising industry-leading detection technology, our team of experienced SOC professionals deliver comprehensive assurance detection and incident response capabilities to organisations of all sizes.

Position Overview

DigitalXRAID is seeking an experienced Lead SOC Engineer, to lead the technical implementation and engineering functions. DigitalXRAID’s CREST-certified Security Operations Centre is located in Doncaster, United Kingdom. This technical leadership role operates during UK office hours (Monday - Friday, 9:00 AM - 5:30 PM) with a hybrid working model requiring a minimum of two days per week in the office, with provisions for not working from home when on-call. As the Security Operations Centre provides 24x7x365 coverage, the Lead SOC Engineer  role includes on-call responsibilities for critical engineering escalations.

The Lead SOC Engineer role is influential in helping set the direction and focus for the practice and will provide increased exposure to other areas of DigitalXRAID.

The Lead SOC Engineering will be responsible for directing technical strategy and implementation of our security operations infrastructure, including.

• Security Information & Event Management (SIEM)


• Intrusion Detection Systems (IDS)


• Cyber Threat Intelligence (CTI)


• Endpoint Protection & Detection (EDR)

Key Responsibilities

Technical Leadership

• Lead the design and implementation of SOC engineering solutions and security tooling


• Develop, engineer and maintain technical architectures for detection and response capabilities


• Drive continuous improvement in detection engineering, focusing on reducing false positives and enhancing detection coverage


• Oversee development of custom detection rules, correlation logic, and automation workflows


• Guide the technical aspects of incident response procedures and playbooks

Engineering Operations

• Lead the SOC engineering team in implementing and maintaining security monitoring solutions


• Oversee the technical aspects of client onboarding, including SIEM, EDR, and security tool deployment


• Establish engineering best practices and standard operating procedures


• Manage technical debt and drive system improvements


• Lead evaluation and implementation of new security methodologies, practices, tools and technologies

Detection Engineering

• Direct the development and tuning of detection use cases


• Oversee threat hunting initiatives and the implementation of findings into detection rules


• Guide the integration of threat intelligence into detection capabilities


• Lead malware analysis efforts and the extraction of indicators of compromise


• Develop and maintain automation frameworks for routine engineering tasks

Technical Guidance

• Provide technical mentorship to SOC Engineers on tooling and detection engineering


• Collaborate with SOC Management on technical requirements and capabilities


• Advise on technical aspects of client engagements and solution design


• Support technical pre-sales activities with architecture expertise


• Document technical procedures and engineering standards

Management

• Manage and resolve escalations.


• Manage absence & annual leave within the SOC Engineering team.


• Setting training and development plans team members.


• Support Engineers in progressing their goals and career aspirations.


• Work on upskilling and maintaining capabilities with the SOC Engineering team.


• Recruitment, retention and development of SOC Engineering talent


• Willingness to get involved in change initiatives outside of the normal role and to contribute ideas and options

Required Qualifications

Experience & Skills

• Strong background in detection engineering and security tool implementation


• Proven experience leading technical teams and engineering projects


• Deep expertise in SIEM deployment, configuration, and optimization


• Strong scripting and automation capabilities

Technical Expertise

• Advanced knowledge of SIEM platforms (MS Sentinel, USM Anywhere)


• Extensive experience with EDR solutions (MS Defender, SentinelOne)


• Strong understanding of log sources and log management


• Expertise in detection engineering and rule development


• Proficiency in security automation and orchestration


• Experience with cloud security monitoring

Certifications

Technical certifications are desired include:

• Microsoft SC-300


• Microsoft SC-400


• Microsoft AZ-500


• Microsoft SC-100


• AlienVault AVSE

Personal Attributes

A strong desire towards coaching and developing the team, supporting personal growth as well as aligning this growth to business objectives.

• Strong technical problem-solving abilities


• Excellence in technical communication and documentation


• Ability to mentor and develop engineering skills in others


• Detail-oriented with strong analytical capabilities


• Commitment to continuous technical learning

Additional Information

• Location: Doncaster, United Kingdom


• Schedule: Monday - Friday, 9:00 AM - 5:30 PM


• Work Model: Hybrid (minimum 2 days per week in office)


• On-call responsibilities for critical engineering escalations