Cyber Operations Engineering Team Leader

Softcat

Would you like to kick start your career in a supportive, collaborative and innovative company?

Do you enjoy working as part of an enthusiastic, passionate, and collaborative team?

Join our Cyber Operations Team!

The Softcat Cyber Operations teams provides our customers with cyber security monitoring, analysis, assessment and remediation. It is our job to design and deploy effective security monitoring and assessment tools into customer IT systems to provide monitoring and detection capabilities against cyber threats. Our Engineering team is responsible for ensuring these tools are properly configured, deployed and maintained to deliver the service effectively.

Success. The Softcat Way.

Passion. Intelligence. Fun.

Responsible; these are the core values which define Softcat. We are one of the UK's leading IT infrastructure providers and a FTSE 250 listed company. The business is based on two key principles: outstanding customer service and employee satisfaction- both of which inspire our flexible, friendly approach to business. For more information about Softcat please visit: www.softcat.com.

As Team Leader for the Security Engineering Team within the wider Softcat Cyber Operations Team, you will provide technical leadership and people management. You will coordinate the deployment and maintenance of SIEM data feeds and configurations including content engineering, ensure adherence to our SIEM data model (normalisation and enrichment), and own the fidelity, timeliness and reliability of logging pipelines. In collaboration with the Cyber Operations Manager, you will set the engineering strategy, drive continuous improvement of SIEM content and automation within the Cyber Ops team and ensure SLAs/OLAs, KPIs and service quality targets are met.

As Security Engineering Team Leader, you'll be responsible for:

  • Lead a team of SIEM/automation engineers to design, develop and operate security tooling, content and automation; embed best practice, efficiency and service resilience across the platforms in use.
  • Manage day‑to‑day Cyber Operations Engineering activities, ensuring procedures, processes and working practices are followed.
  • Implement organisational engineering standards across design, development, testing, deployment, maintenance and documentation; verify compliance via reviews and metrics production
  • Act as first point of technical escalation – including but not limited to, hierarchical, technical and customer escalations. Own escalation and resolution of service incidents impacting SIEM ingestion, parsing, transformation logic, configuration or automation
  • Identify and deliver continuous improvements to enrich, refine and optimise SIEM capabilities (detections, hunting content, automation and performance).

We'd love you to have

  • Prior experience in a Managed Service Provider (MSP/MSSP) or enterprise SOC environment, leading SIEM engineering and automation initiatives
  • Strong experience with SIEM (e.g., Microsoft Sentinel) and SOAR platforms (e.g., Swimlane), including connector onboarding, content engineering, automation and integration with SOC tooling
  • Hands‑on ownership of SIEM data models, event normalisation and enrichment strategies; experience with related platforms (AlienVault, Elastic, EDR/MDR, vulnerability management)
  • Organised, with strong communication skills both written and oral, and with the ability to translate and deliver technical information to a non-technical audience.
  • Demonstrated ability to communicate clearly to technical and non‑technical stakeholders; collaborate effectively across engineering and monitoring teams.
  • Preferred specialisation in one or more of: Microsoft Sentinel Administration; Microsoft Azure Architecture; AWS Architecture; Linux & Unix Architecture; Scripting (e.g., Python).

We also acknowledge that the confidence gap and imposter syndrome are a real thing and can get in the way of us meeting fantastic talent, so please don't hesitate to apply – we would love to hear from you!

Work in a way that works for you

We recognise that everyone is different and that the way in which people want to work and deliver at their best is different for everyone too. In this role, we can offer the following flexible working patterns:

  • Hybrid working – 2 days in the office and 3 days working from home
  • Working flexible hours - flexing the times you start and finish during the day
  • Flexibility around school pick up and drop offs

Working with us

Wherever you work, we want you to experience the freedom and autonomy to realise your potential. You will feel supported by a team that celebrates individuality, encourages different perspectives, and embraces every background.

Join us

To become part of the success story, please apply now.

If you have a disability or neurodiversity, we can provide support or adjustments that you may need throughout our recruitment process or any mitigating circumstance you wish for us to consider. Any information you share on your application will be treated in confidence. You can find out more about life at Softcat and our commitments to diversity and inclusion at jobs.softcat.com/jobs/our-culture/

Here at Softcat, we don't prohibit the use of AI (artificial intelligence) in our application process, as we understand how far it can go to creating a truly equitable candidate experience. That being said, as a culture-driven organisation, we believe that the genuine essence of each person is what truly matters, so we highly encourage you to be as authentically you as possible when submitting your application to showcase your true and whole self.

How to apply

To apply for this job you need to authorize on our website. If you don't have an account yet, please register.

See more jobs in Marlow, England, jobs in the United Kingdom