Lead Cyber Defence Analyst

As a Lead Cyber Defence Analyst (L3), you are accountable for shift operations and serve as the senior technical escalation point for complex and high-severity security incidents. You will drive meaningful improvements to the SOC's detection and response capabilities — designing SIEM rules, building SOAR automation, and leading post-incident reviews that translate lessons learnt into tangible enhancements.Beyond the technical, you will play a central role in developing the analysts around you, mentoring L1s and L2s and helping to build a high-performing, continuously improving team. Your leadership during incidents, your visibility across shift workload, and your contribution to strategic SOC development will directly shape our client's ability to detect and respond to emerging threats at scale.

What you'll do:

• Act as the senior escalation point for complex, high, and critical severity incidents — leading investigations, coordinating response efforts, and keeping the SOC Manager informed throughout
• Design and implement improvements to detection rules and SOAR automation, drawing on threat intelligence, lessons learnt, and emerging global threat trends.
• Lead post-incident reviews for high and critical severity incidents, facilitating lessons learnt discussions and driving measurable improvements to SOC processes and tooling.
• Mentor and coach L1 and L2 analysts, organise tabletop exercises focused on current threat trends, and provide cover and support for SOC Team Leaders when needed.
• Maintain shift oversight, monitor team workload and incident queues, and conduct proactive threat hunts in line with the JIRA procedure.

What you'll need for this role:

• 6+ years of extensive experience in SOC operations and incident response, with a proven ability to lead complex, high-pressure investigations and coordinate across teams.
• Deep technical expertise across SIEM and SOAR platforms, EDR tooling, and threat detection technologies, including hands-on experience building and automating detection logic and playbooks in production environments.
• Demonstrated ability to develop and maintain automated workflows that improve SOC efficiency and reduce analyst toil.
• Strong mentoring and communication skills, with experience coaching analysts at multiple levels and delivering structured learning activities such as tabletop exercises.
• A proactive, improvement-focused mindset — comfortable analysing incident metrics, identifying gaps, and taking ownership of making things better.